Copyright Statement Copyright Robert J. Brentrup and Sean W. Smith 2002. This work is the intellectual property of the authors. Permission is granted for.

Slides:



Advertisements
Similar presentations
Public Key Infrastructure and Applications
Advertisements

© Southampton City Council Sean Dawtry – Southampton City Council The Southampton Pathfinder for Smart Cards in public services.
Grid Computing, B. Wilkinson, 20045a.1 Security Continued.
Cryptography and Network Security
Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.
Secure Sockets Layer eXtended (SSLX) Next Generation Internet Security Overview Presentation April 2011.
Copyright Judith Spencer This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial,
Copyright Statement Copyright Robert J. Brentrup This work is the intellectual property of the author. Permission is granted for this material to.
Identity Management Realities in Higher Education NET Quarterly Meeting January 12, 2005.
PKI Activities at Virginia January 2004 CSG Meeting Jim Jokl.
DESIGNING A PUBLIC KEY INFRASTRUCTURE
David L. Wasley Information Resources & Communications Office of the President University of California Directories and PKI Basic Components of Middleware.
Dartmouth PKI Deployment Robert Brentrup PKI Summit July 14, 2004.
Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.
16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 6 Wenbing Zhao Department of Electrical and Computer Engineering.
Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.
Online Security Tuesday April 8, 2003 Maxence Crossley.
Apr 22, 2003Mårten Trolin1 Agenda Course high-lights – Symmetric and asymmetric cryptography – Digital signatures and MACs – Certificates – Protocols Interactive.
Introduction to PKI Mark Franklin September 10, 2003 Dartmouth College PKI Lab.
Superhighway Robbery: The Real Cost of Cyber Security NACUBO July 18, 2004 Copyright Mark Franklin, This work is the intellectual property of the.
Copyright, 1996 © Dale Carnegie & Associates, Inc. Digital Certificates Presented by Sunit Chauhan.
Topic 11: Key Distribution and Agreement 1 Information Security CS 526 Topic 11: Key Distribution & Agreement, Secure Communication.
CAMP - June 4-6, Copyright Statement Copyright Robert J. Brentrup and Mark J. Franklin This work is the intellectual property of the authors.
Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning, Microsoft.
1 USHER Update Fed/ED December 2007 Jim Jokl University of Virginia.
TLS/SSL Review. Transport Layer Security A 30-second history Secure Sockets Layer was developed by Netscape in 1994 as a protocol which permitted persistent.
Computer Science Public Key Management Lecture 5.
Masud Hasan Secure Project 1. Secure It uses Digital Certificate combined with S/MIME capable clients to digitally sign and.
Lecture 12 Electronic Business (MGT-485). Recap – Lecture 11 E-Commerce Security Environment Security Threats in E-commerce Technology Solutions.
Best Practices in Deploying a PKI Solution BIEN Nguyen Thanh Product Consultant – M.Tech Vietnam
PKI in Higher Education: Dartmouth PKI Lab Update Internet2 Virtual Meeting 5 October 2001.
1 PKI Update September 2002 CSG Meeting Jim Jokl
Masud Hasan Secue VS Hushmail Project 2.
Introduction to Secure Messaging The Open Group Messaging Forum April 30, 2003.
E-Commerce Security Technologies : Theft of credit card numbers Denial of service attacks (System not availability ) Consumer privacy (Confidentiality.
Cryptography, Authentication and Digital Signatures
Security Protocols and E-commerce University of Palestine Eng. Wisam Zaqoot April 2010 ITSS 4201 Internet Insurance and Information Hiding.
Configuring Directory Certificate Services Lesson 13.
Chapter 23 Internet Authentication Applications Kerberos Overview Initially developed at MIT Software utility available in both the public domain and.
Co Chairs C. W. Goldsmith University of Alabama at Birmingham David L. Wasley University of California Office of the President.
Certificate-Based Operations. Module Objectives By the end of this module participants will be able to: Define how cryptography is used to secure information.
Digital Signatures A Brief Overview by Tim Sigmon April, 2001.
Module 9: Fundamentals of Securing Network Communication.
Secure Messaging Workshop The Open Group Messaging Forum February 6, 2003.
NSF Middleware Initiative Renee Woodten Frost Assistant Director, Middleware Initiatives Internet2 NSF Middleware Initiative.
Introduction to Public Key Infrastructure January 2004 CSG Meeting Jim Jokl.
Dartmouth PKI Update Robert Brentrup Internet2 Member Meeting April 21, 2004.
PKI Activities at Virginia September 2000 Jim Jokl
Lifecycle Metadata for Digital Objects October 18, 2004 Transfer / Authenticity Metadata.
Security fundamentals Topic 5 Using a Public Key Infrastructure.
Creating and Managing Digital Certificates Chapter Eleven.
Bridge Certification Architecture A Brief Overview by Tim Sigmon May, 2000.
Group 9 Chapter 8.3 – 8.6. Public Key Algorithms  Symmetric Key Algorithms face an inherent problem  Keys must be distributed to all parties but kept.
Measures to prevent MITM attack and their effectiveness CSCI 5931 Web Security Submitted By Pradeep Rath Date : 23 rd March 2004.
Digital Signatures and Digital Certificates Monil Adhikari.
Copyright Statement Copyright Robert J. Brentrup This work is the intellectual property of the author. Permission is granted for this material to.
Mar 28, 2003Mårten Trolin1 This lecture Certificates and key management Non-interactive protocols –PGP SSL/TLS –Introduction –Phases –Commands.
NMI-EDIT and Rice University Federated Identity Management: Managing Access to Resources in Texas Barry Ribbeck Director System Architecture and Infrastructure.
Trusted Electronic Communications for Federal Student Aid Mark Luker Vice President EDUCAUSE Copyright Mark Luker, This work is the intellectual.
Fall 2006CS 395: Computer Security1 Key Management.
X509 Web Authentication From the perspective of security or An Introduction to Certificates.
SSL Certificates for Secure Websites
S/MIME T ANANDHAN.
Pooja programmer,cse department
Public-Key, Digital Signatures, Management, Security
September 2002 CSG Meeting Jim Jokl
Electronic Payment Security Technologies
Cryptography and Network Security
Presentation transcript:

Copyright Statement Copyright Robert J. Brentrup and Sean W. Smith This work is the intellectual property of the authors. Permission is granted for this material to be shared for non-commercial, educational purposes, provided that this copyright statement appears on the reproduced materials and notice is given that the copying is by permission of the author. To disseminate otherwise or to republish requires written permission from the author.

Developing and Deploying a PKI for Academia Robert Brentrup Sean Smith Educause Conference October 2002

Dartmouth PKI Lab R&D to make PKI a practical component of a campus network Multi-campus collaboration sponsored by the Mellon Foundation Dual objectives: –Deploy existing PKI technology to improve network applications –Improve the current state of the art identify security issues in current products develop solutions to the problems.

Many other institutions are working on PKI. Internet2 has been very active in promoting this work establishing PKI Labs at Dartmouth and the University of Wisconsin. –I2 HEPKI-TAG, -PAG, -S/MIME Educause and CREN 1st Annual PKI Research Workshop –Sean Smith: program chair, proceedings editor Community

What is PKI? PKI is Public Key Infrastructure A pair of keys is used, one to encrypt, the other to decrypt

Public and Private Keys You publish the "public" key, You keep the "private" key a secret You don't need to exchange a secret "key" by some other channel Invented in 1976 by Whit Diffie and Martin Hellman Commercialized by RSA Security

Basic applications of PKI Authentication and Authorization of Web users and servers –It is the basis for the SSL protocol used to secure web connections Secure (signed and encrypted) Electronic document signatures Network link data protection (VPN, wireless) Signing Program Code

Why would I use PKI? Effective security has become crucial to extend electronic communication and business processes beyond the current state of the art. Legislative mandates are requiring it.

What is X.509? A standard for the format of a public key certificate and related standards for how certificates are used. Current PKI product offerings inter-operate through this standard There are many other possible formulations, eg SDSI/SPKI Is X.509 THE solution?

What is a certificate? Signed data structure that binds some information to a public key The information is usually a personal identity or a server name Think of it as an electronic ID card

Basic Public Key Operations Encryption –encrypt with public key of recipient –only the recipient can decrypt with their private key

Signature –Compute message digest, encrypt with your private key –Reader decrypts with your public key –Re-compute the digest and compare the results, Match? Basic Public Key Operations

What is a certificate authority? An organization that creates and publishes certificates Verifies the information in the certificate Protects general security of the system and it's records Allows you to check certificates and decide to use them in business transactions

What is a CA certificate? A certificate authority generates a key pair used to sign the certificates it issues For multiple institutions to collaborate: –Hierachical structure is setup among their CAs –Bridge Certification Authorities "peer to peer" approach

Hierarchy

or Bridge?

Deployment Results PKI applications in production use develop more and scale up campus wide Electronically signed Payroll Applications Replace Web authentication Banner SIS, other Oracle apps, same mechanism Library resource access control, local and JSTOR Electronic document signatures NIH pilot, replace paper forms

Deployment issues? Learning curve for planning a PKI is steep PKI is as much about Policy as Technology Commercial products have shortcomings: –Many are expensive –Some are hard to install and operate –Many compatibility issues and user constraints Many applications only interesting if available to the entire "community" Many products have serious security issues

External Results Extensive compatibility testing results published on websites Implemented multiple PKI system products, notes available Publishing example code derived from new applications Notes on PKI libraries and tool kits Tools and additions to existing applications –eg. browser mods and S/MIME plugins

Next Steps Applications –Workflow, signatures –Secure mail for Student health Services -HIPAA –PKI enhanced List-servers –Wireless network data protection –Databases and E-commerce Improvements in Infrastructure –Key storage hardening Tokens, smartcards, coprocessors –Enrollment improvements –Trusted Third Party Services

Research Agenda Expression of Trust –PKI system that can be managed and issued by different authorities, but from which many parties can draw judgments. Trust Attributes for Machines –machines throughout network to actually have the right certs... Using Trust at Clients –client tools that can reliably recognize and react to these properties… Using Trust in Applications –applications to obtain, react, and respond to this information Foundations of Trust –techniques to establish a basis for trust in computation in hostile places.

End User Studies Understanding Incentives and Concerns User Concerns, Understanding, Behavior Vulnerability Analysis How easily can users be conned into revealing passphrases? Usability of trusted server techniques PKI Interface Dynamics, Usefulness, Reliability Perception of Privacy Institutional Evolution for Security/Trust

Research Results User interface of most web applications is insecure Web browser display can be replaced SSL lock icon and the server certificate window! Prevent subverted window content Mozilla mods, synchronized reference window SSL is an "Armored pipe to a cardboard box" Secure Apache web server (WebAlps) Documents with active content are not secure Signed s that display subverted content Methods for stealing private key

Trusted Paths for Browsers USENIX Security 2002 Prototyping an Armored Data Vault: Rights Management on Big Brother's Computer. Privacy-Enhancing Technology 2002 Digital Signature and Electronic Documents: A Cautionary Tale Sixth IFIP Conference on Communications and Multimedia Security Papers

Virtual Hierarchies: An Architecture for Building and Maintaining Efficient and Resilient Trust Chains NORDSEC 2002 Web Spoofing Revisited: SSL and Beyond Outbound Authentication for Programmable Secure Coprocessors 7th European Symposium on Research in Computer Science Papers

Demo -Digital Signatures People frequently take actions on paper documents for personal or official purposes : e.g., signing forms, expense sheets and contracts. PKI allows approval and verification of bits. Can PKI produce and verify electronic documents so that they work like virtual paper docs?

Virtual Paper? Paper documents and electronic documents are different. Do the same bits always generate the same virtual piece of paper? If not then PKI on electronic docs does not work!

When viewed on 09/16/02

When viewed after 09/16/02

Same bits different content

Demos JSTOR Access –Current: –PKI: Web Browser Spoofing (IE or Netscape on Win and Linux) – Misleading URLs site illusion Counter Measures –

Contacts Mail:

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.