Secure Messaging Workshop The Open Group Messaging Forum February 6, 2003.

Slides:



Advertisements
Similar presentations
Public Key Infrastructure and Applications
Advertisements

1 ABCs of PKI TAG Presentation 18 th May 2004 Paul Butler.
Experiences with Massive PKI Deployment and Usage Daniel Kouřil, Michal Procházka Masaryk University & CESNET Security and Protection of Information 2009.
Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.
Certificates Last Updated: Aug 29, A certificate was originally created to bind a subject to the subject’s public key Intended to solve the key.
1st Expert Group Meeting (EGM) on Electronic Trade-ECO Cooperation on Trade Facilitation May 2012, Kish Island, I.R.IRAN.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Geneva, Switzerland, 2 June 2014 Introduction to public-key infrastructure (PKI) Erik Andersen, Q.11 Rapporteur, ITU-T Study Group 17 ITU Workshop.
Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.
Lecture 23 Internet Authentication Applications
HIT Standards Committee: Digital Certificate Trust – Policy Question for HIT Policy Committee March 29, 2011.
6/1/20151 Digital Signature and Public Key Infrastructure Course:COSC Instructor:Professor Anvari Student ID: Name:Xin Wen Date:11/25/00.
Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.
DESIGNING A PUBLIC KEY INFRASTRUCTURE
Kerberos and PKI Cooperation Daniel Kouřil, Luděk Matyska, Michal Procházka Masaryk University AFS & Kerberos Best Practices Workshop 2006.
WAP Public Key Infrastructure CSCI – Independent Study Fall 2002 Jaleel Syed Presentation No 5.
An In-Depth Examination of PKI Strengths, Weaknesses and Recommendations.
Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.
Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.
Chapter 11: Active Directory Certificate Services
November 1, 2006Sarah Wahl / Graduate Student UCCS1 Public Key Infrastructure By Sarah Wahl.
Presented by Xiaoping Yu Cryptography and PKI Cosc 513 Operating System Presentation Presented to Dr. Mort Anvari.
Introduction to PKI Mark Franklin September 10, 2003 Dartmouth College PKI Lab.
CN1276 Server Kemtis Kunanuraksapong MSIS with Distinction MCTS, MCDST, MCP, A+
CERTIFICATES “a document containing a certified statement, especially as to the truth of something ”
E-Government Security and necessary Infrastructures Dimitrios Lekkas Dept. of Systems and Products Design Engineering University of the Aegean
Copyright, 1996 © Dale Carnegie & Associates, Inc. Digital Certificates Presented by Sunit Chauhan.
Identity Management and PKI Credentialing at UTHSC-H Bill Weems Academic Technology University of Texas Health Science Center at Houston.
Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning, Microsoft.
Configuring Active Directory Certificate Services Lesson 13.
Digital Signature Xiaoyan Guo/ Xiaohang Luo/
Controller of Certifying Authorities Public Key Infrastructure for Digital Signatures under the IT Act, 2000 : Framework & status Mrs Debjani Nag Deputy.
Wolfgang Schneider NSI: A Client-Server-Model for PKI Services.
Deploying a Certification Authority for Networks Security Prof. Dr. VICTOR-VALERIU PATRICIU Cdor.Prof. Dr. AUREL SERB Computer Engineering Department Military.
Best Practices in Deploying a PKI Solution BIEN Nguyen Thanh Product Consultant – M.Tech Vietnam
Introduction to Secure Messaging The Open Group Messaging Forum April 30, 2003.
NENA Development Conference | October 2014 | Orlando, Florida Security Certificates Between i3 ESInet’s and FE’s Nate Wilcox Emergicom, LLC Brian Rosen.
Lecture 23 Internet Authentication Applications modified from slides of Lawrie Brown.
Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®
Introduction to Secure Messaging Issues Russ Chung, American Eagle Group The Open Group Messaging Forum July 24, 2003.
1 Using EMV cards for Single Sign-On 26 th June st European PKI Workshop Andreas Pashalidis and Chris J. Mitchell.
Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.
Public Key Infrastructure (X509 PKI) Presented by : Ali Fanian.
Cryptography Encryption/Decryption Franci Tajnik CISA Franci Tajnik.
Configuring Directory Certificate Services Lesson 13.
Chapter 23 Internet Authentication Applications Kerberos Overview Initially developed at MIT Software utility available in both the public domain and.
Certificate-Based Operations. Module Objectives By the end of this module participants will be able to: Define how cryptography is used to secure information.
CERTIFICATES. What is a Digital Certificate? Electronic counterpart to a drive licenses or a passport. Enable individuals and organizations to secure.
Module 9: Fundamentals of Securing Network Communication.
Module 9: Designing Public Key Infrastructure in Windows Server 2008.
Public Key Infrastructure (X509 PKI) Presented by : Ali Fanian
DIGITAL SIGNATURE. GOOD OLD DAYS VS. NOW GOOD OLD DAYS FILE WHATEVER YOU WANT – PUT ‘NA’ OR ‘-’ OR SCRATCH OUT FILE BACK DATED, FILE BLANK FORMS, FILE.
Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®
1. 2 Overview In Exchange security is managed by assigning permissions in Active Directory Exchange objects are secured with DACL and ACEs Permissions.
Chapter 4 Using Encryption in Cryptographic Protocols & Practices.
Who’s watching your network The Certificate Authority In a Public Key Infrastructure, the CA component is responsible for issuing certificates. A certificate.
Security fundamentals Topic 5 Using a Public Key Infrastructure.
Creating and Managing Digital Certificates Chapter Eleven.
Copyright Statement Copyright Robert J. Brentrup This work is the intellectual property of the author. Permission is granted for this material to.
1 Public Key Infrastructure Rocky K. C. Chang 6 March 2007.
X509 Web Authentication From the perspective of security or An Introduction to Certificates.
CAISO Public Key Infrastructure: Supporting Secure ICCP Leslie DeAnda Senior Information Security Analyst, Information Security, CAISO EMS Users Group.
TAG Presentation 18th May 2004 Paul Butler
TAG Presentation 18th May 2004 Paul Butler
کاربرد گواهی الکترونیکی در سیستمهای کاربردی (امضای دیجیتال)
جايگاه گواهی ديجيتالی در ايران
Install AD Certificate Services
PKI (Public Key Infrastructure)
Presentation transcript:

Secure Messaging Workshop The Open Group Messaging Forum February 6, 2003

Workshop Facilitators Russ Chung, American Eagle Group Stephan Wappler, noventum Consulting GmbH Wen Fang, The Boeing Company

Welcome and Introductions Name Employer Job title or duties Secure messaging experience: User Messaging administrator PKI administrator Specific questions/issues/problems about secure messaging

Workshop Objectives Upon completion of this workshop, participants will be familiar with: Components of a PKI Establishing and maintaining trust relationship Installation, configuration of certificate servers Issuing certificates Installation of client certificates LDAP schema, database, and records management

Workshop Scenario We start with an unencrypted messaging network: Exchange 2000 / Outlook 2002 Lotus Domino R / Notes R During the workshop, we will install/configure: Certificate servers LDAP servers Client certificates During the workshop, we will discuss/demonstrate: Open LDAP Open SSL Boeing LDAP Proxy

Agenda Components of PKIRuss Establishing Trust RelationshipStephan Domino - Certificate AuthorityRuss Domino - LDAPStephan Notes - Client Certificate InstallRuss Windows 2000 Certificate ServerStephan Exchange 2000 Key Management ServerWen Outlook - Client Certificate InstallWen Boeing LDAP ProxyWen Open SSLWen Open LDAPWen Purchasing a Commercial CertificateStephan Notes work-around: Sending encrypted Stephan

Basis for Secure Messaging Encryption: public key algorithms and hash functions Secure public key infrastructure (PKI), which supports key exchange Software which supports secure messaging functionality (e.g. -clients or plug-ins) Policies, procedures and agreements to establish and maintain trust in the system Optional: special devices e.g. a smart card and a smart card reader or an USB token

Components of a PKI Encryption Symmetrical keys Asymmetrical keys Encryption algorithms Digital Signatures Hash functions

Components of a PKI Certificates Certificate Policy Certification Practice Statement Relying Party Agreement

Components of a PKI Certificate Authority (CA) Registry Authority (RA) - or - Local Registry Authorities (LRA) Directory Service Time Stamping (as an additional service)

Certificate Authority Tasks A CA has to generate the certificate based on a public key. Typically a CA generates the pair of keys on a smart card or a USB token. It guarantees the uniqueness of the pair of keys and links the certificate to a particular user. It manages published certificates. Lastly, a CA is part of cross certification with other CAs

Registration Authority Tasks A RA has two main functions: To verify the identity and the statements of the claimant To issue and handle the certificate for the claimant

Directory Services The directory service has two main functions: To publish certificates To publish a Certificate Revocation List (CRL) or to make an online certificate available via the Online Certificate Status Protocol (OCSP)

Notary / Time Stamping Time Stamping is a special service. Time Stamping confirms the receipt of digital data at a specific point in time. Time Stamping is used for contracts or other important documents where a receipt needs to be confirmed.

Implementation Many technical and organizational activities have to be performed before secure messaging is possible. The organizational work is the larger and the more critical part.

Technical Activities Gather the technical requirements for a PKI solution and secure messaging software Decide on whether to buy or develop Select the hardware and software for the PKI solution and secure messaging solution Install and test the system Upgrade the network infrastructure and implement the selected solutions

Organizational Activities Compile the requirements and come up with a concept of how to operate with and utilize keys: Key generation Key management Distribution and exchange of certificate and private key Key separation Archiving of the certificate, and if necessary, the private key Change and validation of certificate and if necessary, the private key Manage the access to and representative use of the certificate and private key Freezing and destruction of certificates

Organizational Activities Definition of Certification Practice Statement (CPS) Development of a security concept for the CA and security policies Actions in case of suspected or recognized compromise of the Private CA Key Responsibility, representative regulation, storage, validity of Private CA Signing Key

Summary

Let‘s talk about… Parts of a PKI - Solution Key Generation and Key Management Conclusion of the necessary Measures

Parts of a PKI - Public Key Infrastructure