Gregorio Martínez Pérez University of Murcia PROVIDING SECURITY TO UNIVERSITY ENVIRONMENT COMMUNICATIONS.

Slides:



Advertisements
Similar presentations
Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.
Advertisements

New Security Services Based on PKI
Introduction to z/OS Security Lesson 4: There’s more to it than RACF
SSL Implementation Guide Onno W. Purbo
WPKI available technology diagram and the business model
Public Key Infrastructure (PKI)
1 Lecture 17: SSL/TLS history, architecture basic handshake session initiation/resumption key computation negotiating cipher suites application: SET.
Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.
Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 23: Internet Authentication Applications.
Lecture 23 Internet Authentication Applications
Public Key Infrastructure Ben Sangster February 23, 2006.
Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.
PKI Administration Using EJBCA and OpenCA
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 12 Applying Cryptography.
The UMU-PBNM Antonio F. Gomez Skarmeta Gregorio Martínez
Kerberos and PKI Cooperation Daniel Kouřil, Luděk Matyska, Michal Procházka Masaryk University AFS & Kerberos Best Practices Workshop 2006.
WAP Public Key Infrastructure CSCI – Independent Study Fall 2002 Jaleel Syed Presentation No 5.
Figure 1: SDR / MExE Download Framework SDR Framework Network Server Gateway MExE Download + Verification Using MExE Repository (Java sandbox) MExE Applet.
Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.
X.509 at the University of Michigan CIC-RPG Meeting June 7, 1999 Kevin Coffman Bill Doster
Chapter 11: Active Directory Certificate Services
Internet Security Terms and Techniques Chris Avram Faculty of Information Technology Monash University 1U-Cubed ‘99Chris Avram.
Copyright, 1996 © Dale Carnegie & Associates, Inc. Digital Certificates Presented by Sunit Chauhan.
Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning, Microsoft.
Public Key Infrastructure Ammar Hasayen ….
Virginia Tech Overview of Tech Secure Enterprise Technology Initiatives e-Provisioning Group Frank Galligan Fed/Ed.
Wolfgang Schneider NSI: A Client-Server-Model for PKI Services.
May 30 th – 31 st, 2006 Sheraton Ottawa. Microsoft Certificate Lifecycle Manager Saleem Kanji Technology Solutions Professional - Windows Server Microsoft.
Deploying a Certification Authority for Networks Security Prof. Dr. VICTOR-VALERIU PATRICIU Cdor.Prof. Dr. AUREL SERB Computer Engineering Department Military.
Digital Certificates With Chuck Easttom. Digital Signatures  Digital Signature is usually the encryption of a message or message digest with the sender's.
Best Practices in Deploying a PKI Solution BIEN Nguyen Thanh Product Consultant – M.Tech Vietnam
Module 10: Designing an AD RMS Infrastructure in Windows Server 2008.
Chapter 14 Encryption: A Matter Of Trust. Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic.
Deploying PKI Inside Microsoft The experience of Microsoft in deploying its own corporate PKI Published: December 2003.
Introduction to Secure Messaging The Open Group Messaging Forum April 30, 2003.
SSL / TLS in ITDS Arun Vishwanathan 23 rd Dec 2003.
E-Commerce Security Technologies : Theft of credit card numbers Denial of service attacks (System not availability ) Consumer privacy (Confidentiality.
Lecture 23 Internet Authentication Applications modified from slides of Lawrie Brown.
Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.
Cryptography Encryption/Decryption Franci Tajnik CISA Franci Tajnik.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 22 – Internet Authentication.
Introduction to Secure Sockets Layer (SSL) Protocol Based on:
E-Commerce Security Professor: Morteza Anvari Student: Xiaoli Li Student ID: March 10, 2001.
Unit 1: Protection and Security for Grid Computing Part 2
Module 9: Fundamentals of Securing Network Communication.
Secure Messaging Workshop The Open Group Messaging Forum February 6, 2003.
Key Management. Session and Interchange Keys  Key management – distribution of cryptographic keys, mechanisms used to bind an identity to a key, and.
Security Overview  System protection requirements areas  Types of information protection  Information Architecture dimensions  Public Key Infrastructure.
Building Security into Your System Bill Major Gregory Ponto.
1 SSL - Secure Sockets Layer The Internet Engineering Task Force (IETF) standard called Transport Layer Security (TLS) is based on SSL.
Module 9: Designing Public Key Infrastructure in Windows Server 2008.
Public Key Infrastructure (X509 PKI) Presented by : Ali Fanian
The Distribution Online Vending Pilot Project Demo Testing Certificate Management Kennedy P Subramoney 23 July 2004.
Security fundamentals Topic 5 Using a Public Key Infrastructure.
Module 2: Introducing Windows 2000 Security. Overview Introducing Security Features in Active Directory Authenticating User Accounts Securing Access to.
Module 13: Enterprise PKI Active Directory Certificate Services (AD CS)
Active Directory. Computers in organizations Computers are linked together for communication and sharing of resources There is always a need to administer.
1 Certification Issue : how do we confidently know the public key of a given user? Authentication : a process for confirming or refuting a claim of identity.
1 Chapter 7 WEB Security. 2 Outline Web Security Considerations Secure Socket Layer (SSL) and Transport Layer Security (TLS) Secure Electronic Transaction.
Henric Johnson1 Chapter 7 WEB Security Henric Johnson Blekinge Institute of Technology, Sweden
Introduction to z/OS Security Lesson 4: There’s more to it than RACF
RSA Digital Certificate Solutions RSA Solutions for PKI David Mateju RSA Sales Consultant
Presentation transcript:

Gregorio Martínez Pérez University of Murcia PROVIDING SECURITY TO UNIVERSITY ENVIRONMENT COMMUNICATIONS

University of Murcia * Distributed applications on TCP/IP: impressive growth ë Services improvement ë Decreasing costs * Very important security problems when applications deal with confidential information MOTIVATION (I)

University of Murcia * University of Murcia: infrastructure to provide secure communications ë Must warrant: Confidentiality Authentication Integrity ë Complex task: Broad community of users Heterogeneous systems MOTIVATION (II)

University of Murcia * Certification Authority (CA) ë Trust foundation of the overall system ë We are using Netscape Certificate Server Problem: certification request is a public operation Solution: intermediate elements –RQServer (Requests Server) –RQClient (Certification Requests Client) PUBLIC KEY INFRASTRUCTURE (I)

University of Murcia * Registration Authority (RA) ë Constituted by Administrative staff Software applications ë Performs the following tasks To verify people identities To generate the user private and public keys To store the private key in the smart card To create the certification requests To create the revocation requests PUBLIC KEY INFRASTRUCTURE (II)

University of Murcia * Directory Server ë Main use: To get the information needed to make certification requests To store the final certificates ë To get data stored in this server: LDAP protocol PUBLIC KEY INFRASTRUCTURE (III)

University of Murcia * Smart Cards ë Security device to store private keys ë Two kinds of smart cards: 4 Kbytes smart cards PUBLIC KEY INFRASTRUCTURE (IV) 1 KByte Security Field RSA Private Key

University of Murcia * Smart Cards ëTwo kinds of smart cards: 2 Kbytes smart cards PUBLIC KEY INFRASTRUCTURE (V) 16 Bytes Security Field Ciphered Private Keys DB IDEA Key CIPHER Ciphered Private Key RSA Private Key

University of Murcia * Certificate Request * Certificate Recovery * Certificate Revocation MAIN OPERATIONS

University of Murcia CERTIFICATE REQUEST Registration Authority RSA PRIVATE OR IDEA KEY LDAP Certification Authority SSL RQServer Client Authent. SSL Ciphered Private Keys DB SSL Client Authent. ID Number Directory Server USER PERSONAL DATA RQClient Client Authent. SSL CRON

University of Murcia CERTIFICATE RECOVERY PKCS#11 Module Netscape Communicator SSL Secure Server PIN RSA PRIVATE OR IDEA KEY Ciphered Private Keys DB SSL Directory Server

University of Murcia CERTIFICATE REVOCATION Registration Authority RQServer Client Authent. SSL LDAP Directory Server Certification Authority SSL Client Authent. RVKClient Client Authent. SSL CRON Ciphered Private Keys DB SSL Client Authent.

University of Murcia * Complete security infrastructure ë Certification Authority ë Registration Authorities ë Smart cards ë Custom PKCS#11 Module ë Main security protocols: SSL and S/MIME * Framework to develop custom security applications CONCLUSIONS

University of Murcia * Custom CA developed in Java * Solutions for other applications: Microsoft products (PC/SC) * New smart cards approaches: OCF, JavaCards, VOP * Parallel infrastructure that manages credentials: SPKI FUTURE WORK

Gregorio Martínez Pérez University of Murcia PROVIDING SECURITY TO UNIVERSITY ENVIRONMENT COMMUNICATIONS

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.