September 2002 CSG Meeting Jim Jokl

Slides:



Advertisements
Similar presentations
April 19-22, 2005SecureIT-2005 How to Start a PKI A Practical Guide Dr. Javier Torner Information Security Officer Professor of Physics.
Advertisements

Digital Certificate Installation & User Guide For Class-2 Certificates.
Installation & User Guide
May 06, 2002 Getting Started with Digital Certificates: Is PKI-Lite Real PKI? Internet2 Spring Meeting 2002 Wash, DC.
Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.
Digital Certificate Installation & User Guide For Class-2 Certificates.
Digital Certificate Installation & User Guide For Class-2 Certificates.
Grid Computing, B. Wilkinson, 20045a.1 Security Continued.
HEPKI-TAG Activities January 2002 CSG Meeting Jim Jokl
1 HEPKI-TAG Update EDUCAUSE/Dartmouth PKI Summit July 26, 2005 Jim Jokl University of Virginia.
Lecture 23 Internet Authentication Applications
Copyright Statement Copyright Robert J. Brentrup and Sean W. Smith This work is the intellectual property of the authors. Permission is granted for.
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 12 Applying Cryptography.
PKI Activities at Virginia January 2004 CSG Meeting Jim Jokl.
DESIGNING A PUBLIC KEY INFRASTRUCTURE
David L. Wasley Information Resources & Communications Office of the President University of California Directories and PKI Basic Components of Middleware.
PKI: News from the Front and views from the Back Ken Klingenstein, Project Director, Internet2 Middleware Initiative Chief Technologist, University of.
Dartmouth PKI Deployment Robert Brentrup PKI Summit July 14, 2004.
16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
PUBLIC KEY INFRASTRUTURE Don Sheehy
Some Common Campus PKI Applications January 2004 CSG Meeting Jim Jokl.
Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.
Introduction to PKI Mark Franklin September 10, 2003 Dartmouth College PKI Lab.
CERTIFICATES “a document containing a certified statement, especially as to the truth of something ”
Copyright, 1996 © Dale Carnegie & Associates, Inc. Digital Certificates Presented by Sunit Chauhan.
CAMP - June 4-6, Copyright Statement Copyright Robert J. Brentrup and Mark J. Franklin This work is the intellectual property of the authors.
1 USHER Update Fed/ED December 2007 Jim Jokl University of Virginia.
Technical Issues that Challenge PKI Deployments Jim Jokl University of Virginia PKI Meeting August 12, 2004.
PKI in Higher Education: Dartmouth PKI Lab Update Internet2 Virtual Meeting 5 October 2001.
1 PKI Update September 2002 CSG Meeting Jim Jokl
PKI 150: PKI Parts Policy & Progress Part 2 Jim Jokl University of Virginia David Wasley University of California.
Masud Hasan Secue VS Hushmail Project 2.
Introduction to Secure Messaging The Open Group Messaging Forum April 30, 2003.
E-Commerce Security Technologies : Theft of credit card numbers Denial of service attacks (System not availability ) Consumer privacy (Confidentiality.
Lecture 23 Internet Authentication Applications modified from slides of Lawrie Brown.
HEPKI-TAG UPDATE Jim Jokl University of Virginia
1 PKI & USHER/HEBCA Fall 2005 Internet2 Member Meeting Jim Jokl September 21, 2005.
Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.
Public Key Infrastructure (X509 PKI) Presented by : Ali Fanian.
CAMP PKI UPDATE August 2002 Jim Jokl
Certificate-Based Operations. Module Objectives By the end of this module participants will be able to: Define how cryptography is used to secure information.
06 APPLYING CRYPTOGRAPHY
Bridge Certification Architecture A Brief Demo by Tim Sigmon and Yuji Shinozaki June, 2000.
Digital Signatures A Brief Overview by Tim Sigmon April, 2001.
HEPKI-PAG Policy Activities Group David L. Wasley University of California.
Module 9: Fundamentals of Securing Network Communication.
Secure Messaging Workshop The Open Group Messaging Forum February 6, 2003.
Introduction to Public Key Infrastructure January 2004 CSG Meeting Jim Jokl.
PKI Activities at Virginia September 2000 Jim Jokl
Public Key Infrastructure (X509 PKI) Presented by : Ali Fanian
1. 2 Overview In Exchange security is managed by assigning permissions in Active Directory Exchange objects are secured with DACL and ACEs Permissions.
ELECTROINC COMMERCE TOOLS Chapter 6. Outline 6.0 Introduction 6.1 PUBLIC KEY INFRASTRUCTURE (PKI) AND CERTIFICATE AUTHORITIES (CAs) TRUST
Leveraging Campus Authentication for Grid Scalability Jim Jokl Marty Humphrey University of Virginia Internet2 Meeting April 2004.
PKI: News from the Front and views from the Back Ken Klingenstein, Project Director, Internet2 Middleware Initiative Chief Technologist, University of.
Security fundamentals Topic 5 Using a Public Key Infrastructure.
Creating and Managing Digital Certificates Chapter Eleven.
Bridge Certification Architecture A Brief Overview by Tim Sigmon May, 2000.
Copyright Statement Copyright Robert J. Brentrup This work is the intellectual property of the author. Permission is granted for this material to.
1 US Higher Education Root CA (USHER) Update Fed/Ed Meeting December 14, 2005 Jim Jokl University of Virginia.
Key management issues in PGP
Grid Security.
Public Key Infrastructure (PKI)
Installation & User Guide
S/MIME T ANANDHAN.
Secure Enterprise Technology Initiatives e-Provisioning Group
CompTIA Security+ Study Guide (SY0-501)
Security in ebXML Messaging
Installation & User Guide
Fed/ED December 2007 Jim Jokl University of Virginia
National Trust Platform
Presentation transcript:

September 2002 CSG Meeting Jim Jokl jaj@Virginia.EDU PKI Update September 2002 CSG Meeting Jim Jokl jaj@Virginia.EDU _______________________________________________________________

Public Key Infrastructure Basis - a pair of cryptographically related keys are generated Your public and private keys Usage Data encrypted using a public key can only be decrypted with the matching private key Data signed by a private key can only be verified by the matching public key

Public Key Infrastructure: Digital Certificates A certificate is: An object signed by a Certification Authority (CA) Binds a user’s identity to their public key Contains some attributes about the person Contains some information about the CA Level of assurance How well did the CA identify the person? How is the CA run? Who vouches for the CA?

Public Key Infrastructure: Policy and Practices How is the CA run? Certification Policy & Practices documents Registration Authority (RA) operation Who vouches for the CA? Relying parties Trust hierarchies Certificate chains and root certificates Microsoft and Netscape both decide who you trust by installing CA certificates into your Browser/OS certificate store

Some reasons campuses are deploying PKI Authentication Client certificates for Web application authentication VPN authentication & EAP-TLS for wireless Higher assurance / two-factor authentication Digital signatures & business applications Signed and encrypted email - S/MIME SSL server certificates etc

Higher Education PKI Activities - HEPKI Sponsors Internet2, EDUCAUSE, CREN, NET@EDU HEPKI - Technical Activities Group (TAG) Open-source PKI software Certificate profiles Directory / PKI interaction Validity periods Client customization issues Mobility Inter-institution test projects Technical issues with cross-certification

Some Drivers for Campus S/MIME Support Prevent email spoofing Problems with forged email Students canceling classes, impersonating professors, etc Official announcements Anti-spam filter bypass? Business processes Protect sensitive messages & documents Signed messages S/MIME-based applications

S/MIME Project Two project phases: Client interoperability testing User to user Application-to-user, user-to-application Client interoperability testing Common signing and encryption algorithms Dual-key support LDAP support Issues documentation Mailing list software, encryption: folders, escrow, cc: repository

Some Potential S/MIME Applications Mailing lists: access and expansion of encrypted messages Travel expense reports & direct deposit notification Online forms routing – signed workflow Trouble ticket submissions Password resets Library notices – guard circulation data Timesheet submission Student debit card & long distance billing privacy FERPA opt-in/opt-out Sysadmin confirmation of batch jobs

Certificate Profiles http://middleware.internet2.edu/certprofiles A per-field description of certificate content Standard and extension fields Criticality flags Syntax of values permitted per field Spreadsheet & text formats Higher education profile repository http://middleware.internet2.edu/certprofiles

PKI-lite Full function but lightweight A normal PKI technical infrastructure Authenticate users Issue certificates, perhaps revoke certificates A comparatively simple certificate profile Support applications, directories, etc A lightweight administrative/policy structure Supports applications without high assurance needs One or two page certification policy Assurance levels per existing campus practice Campus evolution towards full featured PKI

PKI-lite Project Status PKI-lite certificate profiles completed Designed to support web authentication & S/MIME End Entity profile CA certificate profile PKI-lite Policy and Practices Statement Individual documents prepared – then merged Reviewed by many people Template-based fill in the blanks approach Certificate repository started

Some other work in progress Hardware tokens Mobility Private key protection Two-factor authentication Signing tools Web & client-based The active content problem Other items Root cert downloads, PKI in XP, docs, demo CA projects, information sharing, etc Active content: dartmouth ERIC Norman – demo ca

Where to watch middleware.internet2.edu/hepki-tag www.educause.edu/hepki middleware.internet2.edu/hepki-tag/smime www.cren.net/ca NET@EDU PKI for Networked Higher Ed www.educause.edu/netatedu/groups/pki PKI Labs middleware.internet2.edu/pkilabs Combination of work done in HEPKI-TAG MW-S/MIME Many other groups – CREN, PKI Labs, NET@EDU, etc Participation

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.