CAMP - June 4-6, 2003 1 Copyright Statement Copyright Robert J. Brentrup and Mark J. Franklin 2003. This work is the intellectual property of the authors.

Slides:

Advertisements

Similar presentations

Public Key Infrastructure and Applications

Advertisements

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.

(n)Code Solutions A division of GNFC

Dartmouth PKI Certificate Deployment June 2004 Fed Ed Meeting.

Grid Computing, B. Wilkinson, 20045a.1 Security Continued.

Copyright Judith Spencer This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial,

Grid Security Infrastructure Tutorial Von Welch Distributed Systems Laboratory U. Of Chicago and Argonne National Laboratory.

Lecture 2: Security Rachana Ananthakrishnan Argonne National Lab.

Copyright Statement Copyright Robert J. Brentrup This work is the intellectual property of the author. Permission is granted for this material to.

Lecture 23 Internet Authentication Applications

Grid Security. Typical Grid Scenario Users Resources.

Copyright Statement Copyright Robert J. Brentrup and Sean W. Smith This work is the intellectual property of the authors. Permission is granted for.

Identity Management Realities in Higher Education NET Quarterly Meeting January 12, 2005.

Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.

Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.

PKI Activities at Virginia January 2004 CSG Meeting Jim Jokl.

DESIGNING A PUBLIC KEY INFRASTRUCTURE

David L. Wasley Information Resources & Communications Office of the President University of California Directories and PKI Basic Components of Middleware.

Dartmouth PKI Deployment Robert Brentrup PKI Summit July 14, 2004.

Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.

16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.

The PKI Lab at Dartmouth. Dartmouth PKI Lab R&D to make PKI a practical component of a campus network Multi-campus collaboration sponsored by the Mellon.

Security Overview Hofstra University University College for Continuing Education - Advanced Java Programming Lecturer: Engin Yalt May 24, 2006.

Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.

November 1, 2006Sarah Wahl / Graduate Student UCCS1 Public Key Infrastructure By Sarah Wahl.

Mar 4, 2003Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities.

Introduction to PKI Mark Franklin September 10, 2003 Dartmouth College PKI Lab.

Superhighway Robbery: The Real Cost of Cyber Security NACUBO July 18, 2004 Copyright Mark Franklin, This work is the intellectual property of the.

Copyright, 1996 © Dale Carnegie & Associates, Inc. Digital Certificates Presented by Sunit Chauhan.

CAMP Med Mapping HIPAA to the Middleware Layer Sandra Senti Biological Sciences Division University of Chicago C opyright Sandra Senti,

1 Authentication Protocols Celia Li Computer Science and Engineering York University.

Digital Signature Xiaoyan Guo/ Xiaohang Luo/

Public Key Infrastructure from the Most Trusted Name in e-Security.

Cryptography 101 Frank Hecker

Lecture 12 Electronic Business (MGT-485). Recap – Lecture 11 E-Commerce Security Environment Security Threats in E-commerce Technology Solutions.

PKI in Higher Education: Dartmouth PKI Lab Update Internet2 Virtual Meeting 5 October 2001.

1 PKI Update September 2002 CSG Meeting Jim Jokl

Chapter 14 Encryption: A Matter Of Trust. Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic.

AQA Computing A2 © Nelson Thornes 2009 Section Unit 3 Section 6.4: Internet Security Digital Signatures and Certificates.

Introduction to Secure Messaging The Open Group Messaging Forum April 30, 2003.

每时每刻可信安全 1The DES algorithm is an example of what type of cryptography? A Secret Key B Two-key C Asymmetric Key D Public Key A.

Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.

Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 22 – Internet Authentication.

Unit 1: Protection and Security for Grid Computing Part 2

Chapter 23 Internet Authentication Applications Kerberos Overview Initially developed at MIT Software utility available in both the public domain and.

SECURITY MANAGEMENT Key Management in the case of public-key cryptosystems, we assumed that a sender of a message had the public key of the receiver at.

Certificate-Based Operations. Module Objectives By the end of this module participants will be able to: Define how cryptography is used to secure information.

Digital Signatures A Brief Overview by Tim Sigmon April, 2001.

Secure Messaging Workshop The Open Group Messaging Forum February 6, 2003.

Digital Envelopes, Secure Socket Layer and Digital Certificates By: Anthony and James.

Key Management. Session and Interchange Keys  Key management – distribution of cryptographic keys, mechanisms used to bind an identity to a key, and.

Introduction to Public Key Infrastructure January 2004 CSG Meeting Jim Jokl.

Dartmouth PKI Update Robert Brentrup Internet2 Member Meeting April 21, 2004.

Lifecycle Metadata for Digital Objects October 18, 2004 Transfer / Authenticity Metadata.

Security fundamentals Topic 5 Using a Public Key Infrastructure.

Digital Signatures and Digital Certificates Monil Adhikari.

Key Management Network Systems Security Mort Anvari.

Copyright Statement Copyright Robert J. Brentrup This work is the intellectual property of the author. Permission is granted for this material to.

Lecture 11 Overview. Digital Signature Properties CS 450/650 Lecture 11: Digital Signatures 2 Unforgeable: Only the signer can produce his/her signature.

Electronic Security and PKI Richard Guida Chair, Federal PKI Steering Committee Chief Information Officers Council

Chapt. 10 – Key Management Dr. Wayne Summers Department of Computer Science Columbus State University

1 Public Key Infrastructure Rocky K. C. Chang 6 March 2007.

Trusted Electronic Communications for Federal Student Aid Mark Luker Vice President EDUCAUSE Copyright Mark Luker, This work is the intellectual.

Fall 2006CS 395: Computer Security1 Key Management.

Lifecycle Metadata for Digital Objects October 9, 2002 Transfer / Authenticity Metadata.

1 US Higher Education Root CA (USHER) Update Fed/Ed Meeting December 14, 2005 Jim Jokl University of Virginia.

Pooja programmer,cse department

Public-Key, Digital Signatures, Management, Security

September 2002 CSG Meeting Jim Jokl

Electronic Payment Security Technologies

Presentation transcript:

CAMP - June 4-6, Copyright Statement Copyright Robert J. Brentrup and Mark J. Franklin This work is the intellectual property of the authors. Permission is granted for this material to be shared for non-commercial, educational purposes, provided that this copyright statement appears on the reproduced materials and notice is given that the copying is by permission of the authors. To disseminate otherwise or to republish requires written permission from the authors.

PKI and Academic Applications Robert Brentrup, Mark Franklin Dartmouth College PKI Lab CAMP June 5, 2003

CAMP - June 4-6, Why PKI? Comprehensive way to address securing many applications No passwords on the wire No need for shared secrets Strong underlying security technology Widely included in Technology Products

CAMP - June 4-6, PKI and Passwords Technology –Passwords NOT even sent to server –Still using password to unlock key Only user knows password (harder to share) Even Central IT can’t recover the password Policy - Process –Registration: How individual is identified –Individual education of best practice –Generating and storing key pair –Stronger AuthN strengthens AuthZ

CAMP - June 4-6, Key Validity Duration needs –Limited as defense against compromise –Retain for future decryption –History of Public keys for signature verification Kerberos authn application –PK technology with short lifetime Can issue X.509 certs with timeframes chosen based on use

CAMP - June 4-6, Dartmouth PKI Lab R&D to make PKI a practical component of a campus network Multi-campus collaboration sponsored by the Mellon Foundation Dual objectives: –Deploy existing PKI technology to improve network applications –Improve the current state of the art identify security issues in current products develop solutions to the problems

CAMP - June 4-6, What is PKI? PKI is Public Key Infrastructure A pair of asymmetric keys is used, one to encrypt, the other to decrypt

CAMP - June 4-6, Public and Private Keys The "public" key is published The "private" key is kept a secret No need to exchange a secret "key" by some other channel Invented in 1976 by Whit Diffie and Martin Hellman Commercialized by RSA Security

CAMP - June 4-6, Basic applications of PKI Authentication and Authorization of Web users and servers –It is the basis for the SSL protocol used to secure web connections Secure (signed and encrypted) Electronic signatures Data encryption –Business documents, databases, executable code Network data protection (VPN, wireless)

CAMP - June 4-6, What is X.509? A standard for the format of a public key certificate and related standards for how certificates are used. Current PKI product offerings inter-operate through this standard There are many other possible formulations, eg SDSI/SPKI Is X.509 THE solution?

CAMP - June 4-6, What is a certificate? Signed data structure that binds some information to a public key Trusted entity asserts validity of information in certificate The information is usually a personal identity or a server name Think of it as an electronic ID card

CAMP - June 4-6, Basic Public Key Operations Encryption –encrypt with public key of recipient –only the recipient can decrypt with their private key

CAMP - June 4-6, Signature –Compute message digest, encrypt with your private key –Reader decrypts with your public key –Re-compute the digest and compare the results, Match? Basic Public Key Operations

CAMP - June 4-6, What is a certificate authority? An organization that creates and publishes certificates Verifies the information in the certificate Protects general security and policies of the system and its records Allows you to check certificates and decide to use them in business transactions

CAMP - June 4-6, What is a CA certificate? A certificate authority generates a key pair used to sign the certificates it issues Multiple institutions can collaborate via: –Hierachical structure among their CAs –Bridge Certification Authorities "peer to peer" approach

CAMP - June 4-6, Hierarchy

CAMP - June 4-6, Bridge

CAMP - June 4-6, Dartmouth PKI Deployment PKI applications in use Web authentication alternative to Kerberos/Sidecar Banner SIS, other Oracle apps, same mechanism Library resource access control, local and JSTOR Secure Mail S/MIME, Sympa Electronic document signatures NIH pilot, replace paper forms Wireless Network Access WPA, 802.1x EAP-TLS

CAMP - June 4-6, Next Steps Applications of –Workflow, signatures –Secure mail for Student health Services -HIPAA –PKI enhanced List-server –Wireless network data protection –Databases and E-commerce Improvements in Infrastructure –Key storage hardening Tokens, smartcards, coprocessors –In-person contact in Enrollment –Trusted Third Party Services –Higher Ed Bridge CA –Authorization and Delegation

CAMP - June 4-6, Questions? Dartmouth PKI Lab –