Deploying a Certification Authority for Networks Security Prof. Dr. VICTOR-VALERIU PATRICIU Cdor.Prof. Dr. AUREL SERB Computer Engineering Department Military.

Slides:

Advertisements

Similar presentations

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.

Advertisements

Smart Certificates: Extending X.509 for Secure Attribute Service on the Web October 1999 Joon S. Park, Ph.D. Center for Computer High Assurance Systems.

Public Key Infrastructure and Applications

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.

EDUCAUSE 2001, Indianapolis IN Securing e-Government: Implementing the Federal PKI David Temoshok Federal PKI Policy Manager GSA Office of Governmentwide.

© Southampton City Council Sean Dawtry – Southampton City Council The Southampton Pathfinder for Smart Cards in public services.

Grid Computing, B. Wilkinson, 20045a.1 Security Continued.

Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.

SECURITATEA SISTEMELOR INFORMATICE ŞI DE COMUNICAŢII Bucharest, September, 21, 2004 ATHENEE PALACE HILTON, Sala Le Diplomate Quo Vadis Information Security.

Public Key Infrastructure Ben Sangster February 23, 2006.

Page 1 Issues in and perspectives on electronic authentication of health professionals Pascal POITEVIN Marketing and Communication manager GIP-CPS e-Health.

Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.

DESIGNING A PUBLIC KEY INFRASTRUCTURE

Exchange Network Key Management Services A Security Component February 28, 2005 The Exchange Network Node Mentoring Workshop.

PUBLIC KEY INFRASTRUTURE Don Sheehy

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.

6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.

E-Procurement: Digital Signatures and Role of Certifying Authorities Jagdeep S. Kochar CEO, (n)Code Solutions.

Understanding Active Directory

Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.

Polytechnic University of Tirana Faculty of Information Technology Computer Engineering Department Identification of on-line users and Digital Signature.

Chapter 11: Active Directory Certificate Services

Presented by Xiaoping Yu Cryptography and PKI Cosc 513 Operating System Presentation Presented to Dr. Mort Anvari.

CN1276 Server Kemtis Kunanuraksapong MSIS with Distinction MCTS, MCDST, MCP, A+

E-Government Security and necessary Infrastructures Dimitrios Lekkas Dept. of Systems and Products Design Engineering University of the Aegean

Copyright, 1996 © Dale Carnegie & Associates, Inc. Digital Certificates Presented by Sunit Chauhan.

UNCLASS DoD Public Key Infrastructure LCDR Tom Winnenberg DISA API1 Chief Engineer 25 April 2002.

Security Management.

1 CS 194: Distributed Systems Security Scott Shenker and Ion Stoica Computer Science Division Department of Electrical Engineering and Computer Sciences.

Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.

Controller of Certifying Authorities PKI Technology - Role of CCA Assistant Controller (Technology) Controller of Certifying Authorities Ministry of Communications.

INTRODUCTION Why Signatures? A uthenticates who created a document Adds formality and finality In many cases, required by law or rule Digital Signatures.

Controller of Certifying Authorities Public Key Infrastructure for Digital Signatures under the IT Act, 2000 : Framework & status Mrs Debjani Nag Deputy.

Public Key Infrastructure from the Most Trusted Name in e-Security.

Public Key Infrastructure Ammar Hasayen ….

Digital Certificates Public Key Deception Digital Certificates Certificate Authorities Public Key Infrastructures (PKIs)

Wolfgang Schneider NSI: A Client-Server-Model for PKI Services.

Copyright ©1997 NetDox, Inc. All Rights Reserved. CONFIDENTIAL 1 DATE HERE Julie Grace - NetDox, Inc. Emerging Internet Commerce.

Best Practices in Deploying a PKI Solution BIEN Nguyen Thanh Product Consultant – M.Tech Vietnam

Chapter 14 Encryption: A Matter Of Trust. Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic.

OpenVPN OpenVPN: an open source, cross platform client/server, PKI based VPN.

Introduction to Secure Messaging The Open Group Messaging Forum April 30, 2003.

E-Commerce Security Technologies : Theft of credit card numbers Denial of service attacks (System not availability ) Consumer privacy (Confidentiality.

WebTrust SM/TM Principles and Criteria for Certification Authorities CA Trust Jeff

Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.

Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 22 – Internet Authentication.

E-Commerce Security Professor: Morteza Anvari Student: Xiaoli Li Student ID: March 10, 2001.

ECE Lecture 1 Security Services.

Configuring Directory Certificate Services Lesson 13.

Certificate-Based Operations. Module Objectives By the end of this module participants will be able to: Define how cryptography is used to secure information.

Secure Messaging Workshop The Open Group Messaging Forum February 6, 2003.

PKI Forum Business Panel March 6, 2000 Dr. Ray Wagner Sr. Director, Technology Research.

Security Overview  System protection requirements areas  Types of information protection  Information Architecture dimensions  Public Key Infrastructure.

Compliance Defects in Public- key Cryptography “ A public-key security system trusts its users to validate each others’s public keys rigorously and to.

Maintaining Network Health. Active Directory Certificate Services Public Key Infrastructure (PKI) Provides assurance that you are communicating with the.

Module 9: Designing Public Key Infrastructure in Windows Server 2008.

Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®

Security in ebXML Messaging CPP/CPA Elements. Elements of Security P rivacy –Protect against information being disclosed or revealed to any entity not.

CS453: Introduction to Information Security for E-Commerce Prof. Tom Horton.

DIGITAL SIGNATURE.

Traditional Security Issues Confidentiality –Prevent unauthorized access or reading of information Integrity –Insure that writing or operations are allowed.

Security fundamentals Topic 5 Using a Public Key Infrastructure.

Creating and Managing Digital Certificates Chapter Eleven.

Key Management. Authentication Using Public-Key Cryptography  K A +, K B + : public keys Alice Bob K B + (A, R A ) 1 2 K A + (R A, R B,K A,B ) 3 K A,B.

1 Public Key Infrastructure Rocky K. C. Chang 6 March 2007.

The Trusted Network · · · LEFIS PKI · · · 2 nd June, 2006 · Sofia by Leonardo Catalinas · May 2006

INFORMATION ASSURANCE POLICY. Information Assurance Information operations that protect and defend information and information systems by ensuring their.

Public Key Infrastructure (PKI)

Security in ebXML Messaging

Public Key Infrastructure from the Most Trusted Name in e-Security

Presentation transcript:

Deploying a Certification Authority for Networks Security Prof. Dr. VICTOR-VALERIU PATRICIU Cdor.Prof. Dr. AUREL SERB Computer Engineering Department Military Technical Academy Bucharest, Romania

Information Security Requirements Confidentiality protection from disclosure to unauthorized persons Integrity Maintaining data consistency Authentication Assurance of identity of person or data originator Non-repudiation Communication originator can’t deny it later

Public-Key Encryption

Confidentiality

Digital Signatures -creation-

Public Key Distribution

Digital Certificate Is a person really who claim? The public key really belongs to this person?

Certificate Structure

What is PKI -Public Key Infrastructure- PKI refers to the services providing: generation, production, distribution, control,revocation,archive of certificates management of keys, support to applications providing confidentiality and authentication of network transactions.

PKI for Military Use provide secure interoperability throughout the military organizations and with its partners- government, industry and academia; standards based; uses commercial PKI products to minimize the investment; support digital signature and key exchange; support key recovery; support Federal Information Processing Standards- FIPS compliance requirements.

General PKI Structure

CA’s are Trusted to Do A central administration - issues certificates: -company to its employees -university to its students -public CA (like VeriSign) to clients The CA must keep confidential his Private Key used to sign certificates The CA does not assign different certificates the same serial number The CA makes sure all the information in a certificate is correct Up to date Certificate Revocation List (CRL)

Our PKI Research/ Study -directions- Understanding PKI technology and establish –applications demanding PKI –PKI architecture Analysis of the possibilities/facilities of a vendor CA software-RSA Keon Developing our own CA software, using Eric Young Open SSL library Defining an adequate certificate policy and practice statement

PKI Main Applications Paperless Office -Document & Signing and Protecting Secure Web - User Authentication and Secure Communications Security in Organization’s Intranet/Extranet-VPN Certificate Authority -for the Romanian (Military) Internet Users

Deploying a PKI -Main steps- Analysis of Operational Requirements Establish PKI Applications Defining security policies Defining a deployment road map Establish the infrastructure (PKI & CA Design) Personnel Selection Hardware and Software Acquisition PKI Training Management & Administration

Defense PKI (DPKI)  Generation, production, distribution, control, revocation, archive of public key certificates;  Management of keys;  Support to applications providing confidentiality and authentication of network transactions;  Data integrity;  Non-repudiation.

Certificate Clases For DPKI, it can adopt a certificate policy, which uses 3 classes of certificates:  Low Class Certificates (for unclassified/sensitive information on classified network)- May be used for:  Digital signatures for classified information on encrypted network;  Key exchange for the protection (confidentiality) of communities of persons on encrypted networks;  Non-repudiation for medium value financial or for electronic commerce applications.

Certificate Clases  Medium Class Certificates (for unclassified/sensitive information on classified network)-. May be used for:  Digital signatures for unclassified mission critical and national security information on un encrypted network  Key exchange for the confidentiality of high valued compartmented information on encrypted networks or classified data over unencrypted networks  Protection information crossing classification boundaring  Non-repudiation for large financial or for electronic commerce applications. .

Certificate Clases   High Class Certificates (for classified information on open network)- May be used for:  Digital signatures for authentication of subscriber identity for accessing classified information over unprotected networks  Key exchange for confidentiality of classified information over unencrypted networks  Digital signatures for authentication of key material in support of providing confidentiality for classified information over unprotected networks..

CONCLUSIONS PKI -simplifies the management of security RAF structures and organizations can spend less time worrying about security, and more energy on their main activities (confidential documents no longer need to wait for days to be physically shipped; instead, they can be securely sent through ) Web servers can allow secure access for only designated users Military organization networks can securely extend over the Internet, eliminating expensive leased data lines PKI’s possibilities are limitless

CONCLUSIONS For Romanian Armed Forces, the Public Key Infrastructure (PKI) capability may adopt the following components: -Root Certificate Authority -Certificate Authorities -Local Registration Authorities, -Certificate Directory, and principles: -use commercial and/or proprietary products, -use smart cards for protection of private keys and certificates, processing digital signature, access control.

CONCLUSION ? Steve Bellovin AT&T Security Guru “-What are the strongest defenses? -There aren’t any”