Introduction to Secure Messaging Issues Russ Chung, American Eagle Group The Open Group Messaging Forum July 24, 2003.

Slides:

Advertisements

Similar presentations

Public Key Infrastructure and Applications

Advertisements

Experiences with Massive PKI Deployment and Usage Daniel Kouřil, Michal Procházka Masaryk University & CESNET Security and Protection of Information 2009.

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.

1 MIS 2000 Class 22 System Security Update: Winter 2015.

Grid Security Infrastructure Tutorial Von Welch Distributed Systems Laboratory U. Of Chicago and Argonne National Laboratory.

Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.

Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.

Encryption and Firewalls Chapter 7. Learning Objectives Understand the role encryption plays in firewall architecture Know how digital certificates work.

WAP Public Key Infrastructure CSCI – Independent Study Fall 2002 Jaleel Syed Presentation No 5.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.

Information Security of Embedded Systems : Algorithms and Measures Prof. Dr. Holger Schlingloff Institut für Informatik und Fraunhofer FIRST.

Elias M. Awad Third Edition ELECTRONIC COMMERCE From Vision to Fulfillment 13-1© 2007 Prentice-Hall, Inc ELC 200 Day 23.

August 6, 2003 Security Systems for Distributed Models in Ptolemy II Rakesh Reddy Carnegie Mellon University Motivation.

Introduction to Public Key Infrastructure (PKI) Office of Information Security The University of Texas at Brownsville & Texas Southmost College.

Chapter 19 Security.

TrustPort Public Key Infrastructure. Keep It Secure Table of contents  Security of electronic communications  Using asymmetric cryptography.

Application of Attribute Certificates in S/MIME Greg Colla & Michael Zolotarev Baltimore Technologies 47 th IETF Conference Adelaide, March 2000.

Key Management in Cryptography

Key Management Guidelines. 1. Introduction 2. Glossary of Terms and Acronyms 3. Cryptographic Algorithms, Keys and Other Keying Material 4. Key Management.

Controller of Certifying Authorities PKI Technology - Role of CCA Assistant Controller (Technology) Controller of Certifying Authorities Ministry of Communications.

Masud Hasan Secure Project 1. Secure It uses Digital Certificate combined with S/MIME capable clients to digitally sign and.

Digital Certificates Public Key Deception Digital Certificates Certificate Authorities Public Key Infrastructures (PKIs)

1 Chapter 8 Securing Information Systems. Outline Security Threats (External: malware, spoofing/phishing, sniffing, & data theft: Internal: unauthorized.

CHAPTER 3 Information Privacy and Security. CHAPTER OUTLINE  Ethical Issues in Information Systems  Threats to Information Security  Protecting Information.

AQA Computing A2 © Nelson Thornes 2009 Section Unit 3 Section 6.4: Internet Security Digital Signatures and Certificates.

Masud Hasan Secue VS Hushmail Project 2.

Introduction to Secure Messaging The Open Group Messaging Forum April 30, 2003.

E-Commerce Security Technologies : Theft of credit card numbers Denial of service attacks (System not availability ) Consumer privacy (Confidentiality.

Health Insurance Portability and Accountability Act of 1996 (HIPAA) Proposed Rule: Security and Electronic Signature Standards.

Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®

Module 6 Planning and Deploying Messaging Security.

Practices in Security Bruhadeshwar Bezawada. Key Management Set of techniques and procedures supporting the establishment and maintenance of keying relationships.

Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.

Cryptography Encryption/Decryption Franci Tajnik CISA Franci Tajnik.

Cryptography, Authentication and Digital Signatures

Chapter 23 Internet Authentication Applications Kerberos Overview Initially developed at MIT Software utility available in both the public domain and.

© Oxford University Press 2011 DISTRIBUTED COMPUTING Sunita Mahajan Sunita Mahajan, Principal, Institute of Computer Science, MET League of Colleges, Mumbai.

Certificate-Based Operations. Module Objectives By the end of this module participants will be able to: Define how cryptography is used to secure information.

Types of Electronic Infection

Module 9: Fundamentals of Securing Network Communication.

Secure Messaging Workshop The Open Group Messaging Forum February 6, 2003.

Digital Envelopes, Secure Socket Layer and Digital Certificates By: Anthony and James.

1 Information Security Practice I Lab 5. 2 Cryptography and security Cryptography is the science of using mathematics to encrypt and decrypt data.

1 Class 15 System Security. Outline Security Threats (External: malware, spoofing/phishing, sniffing, & data theft: Internal: unauthorized data access,

1. 2 Overview In Exchange security is managed by assigning permissions in Active Directory Exchange objects are secured with DACL and ACEs Permissions.

NETWORK SECURITY.

Identity Proofing, Signatures, & Encryption in Direct esMD Author of Record Workgroup John Hall Coordinator, Direct Project June 13, 2012.

DIGITAL SIGNATURE.

Security fundamentals Topic 5 Using a Public Key Infrastructure.

Deck 10 Accounting Information Systems Romney and Steinbart Linda Batch March 2012.

IAD 2263: System Analysis and Design Chapter 7: Designing System Databases, Interfaces and Security.

7.6 Secure Network Security / G.Steffen1. In This Section Threats to Protection List Overview of Encrypted Processing Example.

Jump to first page Internet Security in Perspective Yong Cao December 2000.

Content Introduction History What is Digital Signature Why Digital Signature Basic Requirements How the Technology Works Approaches.

Encryption and Security Tools for IA Management Nick Hornick COSC 481 Spring 2007.

Information Systems Design and Development Security Precautions Computing Science.

Department of Computer Science Chapter 5 Introduction to Cryptography Semester 1.

July 19, Secure Messaging Models Co-existence and Interoperability Russell W. Chung New York, NY July 19, 2005.

 Introduction  History  What is Digital Signature  Why Digital Signature  Basic Requirements  How the Technology Works  Approaches.

Efficient and secure transborder exchange of patient data

Cryptography and Network Security

e-Health Platform End 2 End encryption

S/MIME T ANANDHAN.

Digital Signature.

Digital Signatures and Forms

Encryption in Office 365 Shobhit Sahay Technical Product Manager

Presentation transcript:

Introduction to Secure Messaging Issues Russ Chung, American Eagle Group The Open Group Messaging Forum July 24, 2003

Agenda Overview of Encryption Technology Implementation Issues Secure Messaging Models

Encryption Overview Encryption Symmetrical keys Asymmetrical keys Encryption algorithms Digital Signatures Hash functions Certificate Optional Devices Smart Cards Biometric Devices And more…

Implementation Successful secure messaging implementation requires consideration of: Technical aspects Organizational aspects Inter-Organizational aspects

Implementation Roles Technical Aspects of Secure Messaging Established and controlled by technical managers Organizational Aspects of Secure Messaging Internal Policies, Practices, Procedures Established and controlled by Company management Inter-Organizational Aspects of Secure Messaging External Policies, Practices, Procedures Established by agreements between organizations Often involves senior management, boards, legal counsel

Technical Aspects Key generation Key management Distribution and exchange of certificate and private key Key separation Archiving of the certificate, and if necessary, the private key Change and validation of certificate and if necessary, the private key Manage the access to and representative use of the certificate and private key Freezing and destruction of certificates

Non-Technical Aspects The non-technical aspects are often overlooked or underestimated Organizational Usage Policies, Procedures and Standards Training Inter-Organizational Certificate Policy Certification Practice Statement Relying Party Agreement

Secure Messaging Models Transport Layer Encryption -or- Message Encryption -or- Both

Secure Messaging Models Model #1 - End to end encryption Model #2 - Gateway to gateway encryption Model #3 - Secure web mail

Secure Messaging Models Model #1 - End to end encryption Examples: S/MIME, PGP Asymmetrical key pairs generated for each user Pro Message is encrypted at all times Nearly impossible for anyone except the intended recipient to read the message Con Nearly impossible to check for viruses, check content of the encrypted message Key management is an administrative burden

Secure Messaging Models Model #2 - Gateway to gateway encryption Example: Domsec One asymmetrical key pair generated per domain Pro Fewer keys to manage Permits scanning for viruses, content Con Messages are not encrypted when in transit between the user and the gateway (unless transport layer encryption is used) Messages are not encrypted in storage

Secure Messaging Models Model #3 - Secure Web Mail Examples: Authentica Net Recall, Tumbleweed IME Keys may be generated per user or per message Pro Recipient does not require special software - only needs a web browser Con Must prevent unauthorized personnel from obtaining the key

Secure Messaging Models Model #4 - Hybrid model Some or all of the above How do we interoperate?

Conclusion Successful secure messaging implementation involves Technical Activities Organizational Activities Inter-Organizational Activities The organizational and inter-organizational activities are the larger and the more critical part. There are multiple secure messaging models

Introduction to Secure Messaging Issues Russ Chung, American Eagle Group