April 19-22, 2005SecureIT-2005 How to Start a PKI A Practical Guide Dr. Javier Torner Information Security Officer Professor of Physics.

Slides:

Advertisements

Similar presentations

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.

Advertisements

Public Key Infrastructure and Applications

Introduction of Grid Security

1 ABCs of PKI TAG Presentation 18 th May 2004 Paul Butler.

May 06, 2002 Getting Started with Digital Certificates: Is PKI-Lite Real PKI? Internet2 Spring Meeting 2002 Wash, DC.

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.

A S I A P A C I F I C N E T W O R K I N F O R M A T I O N C E N T R E APNIC Open Policy Meeting SIG: Whois Database October 2000 APNIC Certificate Authority.

(n)Code Solutions A division of GNFC

SSL Implementation Guide Onno W. Purbo

PKI Implementation in the Real World

HIT Standards Committee: Digital Certificate Trust – Policy Question for HIT Policy Committee March 29, 2011.

Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.

Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.

PKI Activities at Virginia January 2004 CSG Meeting Jim Jokl.

DESIGNING A PUBLIC KEY INFRASTRUCTURE

David L. Wasley Information Resources & Communications Office of the President University of California Directories and PKI Basic Components of Middleware.

Lesson 12 Cryptography for E-Commerce. Approaches to Network Security Separate Security Protocol--SSL Application-Specific Security--SHTTP Security with.

Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.

Principles of Information Security, 2nd edition1 Cryptography.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.

Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.

Dr. Sarbari Gupta Electrosoft Services Tel: (703) Security Characteristics of Cryptographic.

Online Security Tuesday April 8, 2003 Maxence Crossley.

Presented by Xiaoping Yu Cryptography and PKI Cosc 513 Operating System Presentation Presented to Dr. Mort Anvari.

Introduction to PKI Mark Franklin September 10, 2003 Dartmouth College PKI Lab.

CN1276 Server Kemtis Kunanuraksapong MSIS with Distinction MCTS, MCDST, MCP, A+

Introduction to Public Key Infrastructure (PKI) Office of Information Security The University of Texas at Brownsville & Texas Southmost College.

Security Management.

TrustPort Public Key Infrastructure. Keep It Secure Table of contents  Security of electronic communications  Using asymmetric cryptography.

CAMP - June 4-6, Copyright Statement Copyright Robert J. Brentrup and Mark J. Franklin This work is the intellectual property of the authors.

Controller of Certifying Authorities PKI Technology - Role of CCA Assistant Controller (Technology) Controller of Certifying Authorities Ministry of Communications.

Controller of Certifying Authorities Public Key Infrastructure for Digital Signatures under the IT Act, 2000 : Framework & status Mrs Debjani Nag Deputy.

Public Key Infrastructure Ammar Hasayen ….

Deploying a Certification Authority for Networks Security Prof. Dr. VICTOR-VALERIU PATRICIU Cdor.Prof. Dr. AUREL SERB Computer Engineering Department Military.

1 PKI Update September 2002 CSG Meeting Jim Jokl

Introduction to Secure Messaging The Open Group Messaging Forum April 30, 2003.

SSL / TLS in ITDS Arun Vishwanathan 23 rd Dec 2003.

每时每刻可信安全 1The DES algorithm is an example of what type of cryptography? A Secret Key B Two-key C Asymmetric Key D Public Key A.

Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.

Public Key Infrastructure (X509 PKI) Presented by : Ali Fanian.

Introduction to Secure Sockets Layer (SSL) Protocol Based on:

Configuring Directory Certificate Services Lesson 13.

Cryptography Chapter 14. Learning Objectives Understand the basics of algorithms and how they are used in modern cryptography Identify the differences.

Certificate-Based Operations. Module Objectives By the end of this module participants will be able to: Define how cryptography is used to secure information.

Digital Signatures A Brief Overview by Tim Sigmon April, 2001.

Module 9: Fundamentals of Securing Network Communication.

Secure Messaging Workshop The Open Group Messaging Forum February 6, 2003.

Digital Envelopes, Secure Socket Layer and Digital Certificates By: Anthony and James.

Introduction to Public Key Infrastructure January 2004 CSG Meeting Jim Jokl.

Public Key Infrastructure (X509 PKI) Presented by : Ali Fanian

1. 2 Overview In Exchange security is managed by assigning permissions in Active Directory Exchange objects are secured with DACL and ACEs Permissions.

HEPSYSMAN UCL, 26 Nov 2002Jens G Jensen, CLRC/RAL UK e-Science Certification Authority Status and Deployment.

DIGITAL SIGNATURE.

Security fundamentals Topic 5 Using a Public Key Infrastructure.

Module 2: Introducing Windows 2000 Security. Overview Introducing Security Features in Active Directory Authenticating User Accounts Securing Access to.

Bridge Certification Architecture A Brief Overview by Tim Sigmon May, 2000.

Electronic Security and PKI Richard Guida Chair, Federal PKI Steering Committee Chief Information Officers Council

Encryption and Security Tools for IA Management Nick Hornick COSC 481 Spring 2007.

TAG Presentation 18th May 2004 Paul Butler

TAG Presentation 18th May 2004 Paul Butler

Public Key Infrastructure (PKI)

S/MIME T ANANDHAN.

IS3230 Access Security Unit 9 PKI and Encryption

Security in ebXML Messaging

Lecture 4 - Cryptography

Install AD Certificate Services

September 2002 CSG Meeting Jim Jokl

National Trust Platform

Presentation transcript:

April 19-22, 2005SecureIT-2005 How to Start a PKI A Practical Guide Dr. Javier Torner Information Security Officer Professor of Physics

April 19-22, 2005SecureIT-2005 Agenda Why do you need a PKI? Basic Cryptography Near Future PKI Applications PKI Components and Services Deployment of a PKI

April 19-22, 2005SecureIT-2005 Why do you need a PKI? Protects against eavesdropping Protects against tampering Prevents impersonation –Spoofing –Misrepresentation Provides stronger authentication

April 19-22, 2005SecureIT-2005 Basic Cryptography Use of Keys for Encryption and Decryption Types of Keys –Symmetric-Key Encryption Uses ONE single key (shared secret) Efficient Provides a minor degree of authentication Only effective if symmetric key is kept secret!! –Public-Key Encryption (asymmetric encryption) Involves a pair of keys: Public Key – Published Private Key – Kept secret Key Length and Encryption Strength –Strength of encryption is related to the difficulty of discovering the key –Encryption strength is described in terms of key size.

April 19-22, 2005SecureIT-2005 Public Key Cryptography Provides: Encryption and Decryption Strong authentication Non-repudiation Tamper detection

April 19-22, 2005SecureIT-2005 What is a Certificate? A certificate is an electronic document used to identify: –An individual –A server –A company –Other entities A certificate associates an identity with a public key

April 19-22, 2005SecureIT-2005 What is a Certificate Authority? A Certificate Authority (CA) –validates identities –issues certificates Validation/Assurance of identity –depend on the policies of a given CA

April 19-22, 2005SecureIT-2005 Contents of a Certificate A certificate (X.509 v3) binds a Distinguished Name (DN) to a public key. A DN is a series of values that uniquely identify an identity. For example: cn=Javier Torner, o=California State University San Bernardino, ou=Information Security Office

April 19-22, 2005SecureIT-2005 Near Future Application Digital Signatures (S/MIME) Mail Encryption Certificate Revocation SSL Client Certificates to POP/IMAP SSL Client Certificates to NNTP SSL Client Certificates for network access Hardware Tokens – Two factor authentication

April 19-22, 2005SecureIT-2005 PKI Components and Services Certificate Repository Certificate Revocation Key backup and recovery Support for non-repudiation Time stamping Client software

April 19-22, 2005SecureIT-2005 PKI Phases Phase 0 – Basic Infrastructure –Implement a Certificate Authority Hierarchy Structure Phase I – Authorization Phase II – Authentication Phase III – Incorporate a Trusted Bridge

April 19-22, 2005SecureIT-2005 PKI - Phase 0 Define Certificate Practice Statement Define a CA Hierarchy –Root CA Master or Secondary CA –SSL (Web server) CA –SSL Clients CA – /Encryption CA –Object CA

April 19-22, 2005SecureIT-2005 CA Certificate Practice Statement Easy way to start is using PKI-Lite Edit/modify to your institution Technology has been around, but relatively new

April 19-22, 2005SecureIT-2005 PKI - Phase I Select software –OpenSSL, OpenCA Issue SSL Server Certificates –Class 3 Web servers certificate –Develop/enable users request interface –Provide user education SSL Client Certificates –Start with certificates for authentication ONLY –Test on control systems ISO sites

April 19-22, 2005SecureIT-2005 SSL Client Certificates Provides the ability to authenticate (primarily web) users using your institutions certificate Allows you to easily restrict the users of your data based upon criteria within a certificate

April 19-22, 2005SecureIT-2005 Contents of a Phase I Server Certificate CN= = OU=Information Security Office O=California State University San Bernardino L=San Bernardino ST=California C=US

April 19-22, 2005SecureIT-2005 Contents of a Phase-I ID Certificate CN=Javier Torner OU=Information Security Office O=California State University San Bernardino L=San Bernardino ST=California C=US

April 19-22, 2005SecureIT-2005 The Future of PKI Phase 3 – Federated Application Design CA Development

April 19-22, 2005SecureIT-2005 Valuable Resources Understanding PKI – Carlisle Adams and Steve Lloyd (ISBN x) Digital Certificates – Jalal Feghhi, Jalil Feghhi, Peter Williams (ISBN )b