Copyright Statement Copyright Robert J. Brentrup 2005. This work is the intellectual property of the author. Permission is granted for this material to.

Slides:

Advertisements

Similar presentations

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.

Advertisements

Student, Faculty, and Staff Data Availability and Protection What’s the Back-Up Plan? (for academic computing) Sponsored by.

The Academic Computing Assessment Data Repository: A New (Free) Tool for Program Assessment Heather Stewart, Director, Institute for Technology Development,

Dartmouth PKI Certificate Deployment June 2004 Fed Ed Meeting.

Grid Computing, B. Wilkinson, 20045a.1 Security Continued.

Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.

Certificate Authorities - Commercial Options Robert Brentrup Educause/Dartmouth PKI Summit July 26, 2005.

Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.

Copyright Judith Spencer This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial,

Cross Platform Single Sign On using client certificates Emmanuel Ormancey, Alberto Pace Internet Services group CERN, Information Technology department.

Copyright Statement Copyright Robert J. Brentrup This work is the intellectual property of the author. Permission is granted for this material to.

Lecture 23 Internet Authentication Applications

Copyright Statement Copyright Robert J. Brentrup and Sean W. Smith This work is the intellectual property of the authors. Permission is granted for.

Identity Management Realities in Higher Education NET Quarterly Meeting January 12, 2005.

6/1/20151 Digital Signature and Public Key Infrastructure Course:COSC Instructor:Professor Anvari Student ID: Name:Xin Wen Date:11/25/00.

Password?. Project CLASP: Common Login and Access rights across Services Plan

Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.

PKI Activities at Virginia January 2004 CSG Meeting Jim Jokl.

DESIGNING A PUBLIC KEY INFRASTRUCTURE

Dartmouth PKI Deployment Robert Brentrup PKI Summit July 14, 2004.

Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.

The PKI Lab at Dartmouth. Dartmouth PKI Lab R&D to make PKI a practical component of a campus network Multi-campus collaboration sponsored by the Mellon.

An Introduction to Security Concepts and Public Key Infrastructure (PKI) Mary Thompson.

Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.

Introduction to PKI Mark Franklin September 10, 2003 Dartmouth College PKI Lab.

Superhighway Robbery: The Real Cost of Cyber Security NACUBO July 18, 2004 Copyright Mark Franklin, This work is the intellectual property of the.

Copyright, 1996 © Dale Carnegie & Associates, Inc. Digital Certificates Presented by Sunit Chauhan.

The Homegrown Single Sign On (SSO) Project at UM – St. Louis.

Copyright Statement © Jason Rhode and Carol Scheidenhelm This work is the intellectual property of the authors. Permission is granted for this material.

So You Want to Switch Course Management Systems? We Have! Come Find Out What We’ve Learned. Copyright University of Okahoma This work is the intellectual.

CAMP - June 4-6, Copyright Statement Copyright Robert J. Brentrup and Mark J. Franklin This work is the intellectual property of the authors.

CAMP Med Mapping HIPAA to the Middleware Layer Sandra Senti Biological Sciences Division University of Chicago C opyright Sandra Senti,

Identity Management – Why and How Experiences at CU-Boulder Copyright Linda Drake, Director of Development and Integration, University of Colorado, Boulder,

PKI Network Authentication Dartmouth Applications Robert Brentrup Educause/Dartmouth PKI Summit July 27, 2005.

Computer Science Public Key Management Lecture 5.

Digital Signature Xiaoyan Guo/ Xiaohang Luo/

Masud Hasan Secure Project 1. Secure It uses Digital Certificate combined with S/MIME capable clients to digitally sign and.

Virginia Tech Overview of Tech Secure Enterprise Technology Initiatives e-Provisioning Group Frank Galligan Fed/Ed.

Digital Certificates With Chuck Easttom. Digital Signatures  Digital Signature is usually the encryption of a message or message digest with the sender's.

1 PKI Update September 2002 CSG Meeting Jim Jokl

Securing Data at the Application Layer Planning Authenticity and Integrity of Transmitted Data Planning Encryption of Transmitted Data.

MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter Four Configuring Outlook and Outlook Web Access.

Masud Hasan Secue VS Hushmail Project 2.

Introduction to Secure Messaging The Open Group Messaging Forum April 30, 2003.

Lecture 23 Internet Authentication Applications modified from slides of Lawrie Brown.

Java Security Pingping Ma Nov 2 nd, Overview Platform Security Cryptography Authentication and Access Control Public Key Infrastructure (PKI)

Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.

Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 22 – Internet Authentication.

Security Protocols and E-commerce University of Palestine Eng. Wisam Zaqoot April 2010 ITSS 4201 Internet Insurance and Information Hiding.

Unit 1: Protection and Security for Grid Computing Part 2

Configuring Directory Certificate Services Lesson 13.

Chapter 23 Internet Authentication Applications Kerberos Overview Initially developed at MIT Software utility available in both the public domain and.

Certificate-Based Operations. Module Objectives By the end of this module participants will be able to: Define how cryptography is used to secure information.

Types of Electronic Infection

Digital Signatures A Brief Overview by Tim Sigmon April, 2001.

Secure Messaging Workshop The Open Group Messaging Forum February 6, 2003.

Dartmouth PKI Update Robert Brentrup Internet2 Member Meeting April 21, 2004.

Public Key Infrastructure (X509 PKI) Presented by : Ali Fanian

Security fundamentals Topic 5 Using a Public Key Infrastructure.

Digital Signatures and Digital Certificates Monil Adhikari.

Active Directory. Computers in organizations Computers are linked together for communication and sharing of resources There is always a need to administer.

Quickly Establishing A Workable IT Security Program EDUCAUSE Mid-Atlantic Regional Conference January 10-12, 2006 Copyright Robert E. Neale This.

Bringing it All Together: Charting Your Roadmap CAMP: Charting Your Authentication Roadmap February 8, 2007 Paul Caskey Copyright Paul Caskey This.

NMI-EDIT and Rice University Federated Identity Management: Managing Access to Resources in Texas Barry Ribbeck Director System Architecture and Infrastructure.

Tom Barton, Senior Director for Integration, University of Chicago

Federating with NIH, NSF, and the National Student Clearinghouse

myIS.neu.edu – presentation screen shots accompany:

September 2002 CSG Meeting Jim Jokl

Electronic Payment Security Technologies

Presentation transcript:

Copyright Statement Copyright Robert J. Brentrup This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial, educational purposes, provided that this copyright statement appears on the reproduced materials and notice is given that the copying is by permission of the author. To disseminate otherwise or to republish requires written permission from the author.

Academic Applications of PKI Robert Brentrup Educause Poster Session October 20, 2005

What is PKI? PKI is Public Key Infrastructure A pair of keys is used, one to encrypt, the other to decrypt

Public and Private Keys You publish the "public" key, You keep the "private" key a secret You don't need to exchange a secret "key" by some other channel Invented in 1976 by Whit Diffie and Martin Hellman Commercialized by RSA Security

Basic applications of PKI Authentication and Authorization of Web users and servers –It is the basis for the SSL protocol used to secure web connections Secure (signed and encrypted) Electronic document signatures Network link data protection (VPN, wireless) Signing Program Code

Why PKI? Comprehensive way to address securing many applications No passwords are transmitted No need for shared secrets Strong underlying security technology Widely supported in current Operating Systems and Applications

What is X.509? A standard for the format of a public key certificate RSA PKCS #1-15 are related standards for how certificates are stored and used Current PKI product offerings inter-operate through this standard There are other possible formulations, eg SDSI/SPKI

What is a certificate? Signed data structure that binds some information to a public key The information is usually a personal identity or a server name Think of it as an electronic ID card

Basic Public Key Operations Encryption –encrypt with public key of recipient –only the recipient can decrypt with their private key

Signature –Compute message digest, encrypt with your private key –Reader decrypts with your public key –Re-compute the digest and compare the results, Match? Basic Public Key Operations

What is a certificate authority? An organization that creates and publishes certificates Verifies the information in the certificate Provides security of the system and it's records Allows you to check certificates and decide to use them in business transactions

What is a CA certificate? A certificate authority generates a key pair used to sign the certificates it issues For multiple institutions to collaborate: –Hierachical structure is setup among their CAs –Bridge Certification Authorities Use a "peer to peer" approach

Dartmouth PKI Implementation Sun/iPlanet CA Software Sun 250 server Single Online CA Server –Hardware Key Storage (Crysalis) –Dedicated Firewall –Publishes CRLs and provides OCSP

LDAP Directory Maintained from Institutional Systems –SIS, HR, Sponsored Guests Automated Addition and Deletion CA Publishes Certificates and CRLs to LDAP

User Enrollment Key Generation by Web Browser –Internet Explorer and Netscape/Mozilla Cross platform –Software Key and Certificate Storage LDAP authorization, self-service Registration Officer for High Assurance –In-person verification of Photo ID –Store Keys on USB tokens

Production Applications Web Services Authentication –Student Information System –Library Journals –Business School Portal –Software Downloads –Course Management System (Blackboard) SSL for IMAP Servers VPN Authentication Shibboleth Authentication Hardware Key Storage (USB Tokens)

Pilot Applications Secure Mail and List Server Document Signatures –Acrobat, Office, XML (NIH) Wireless Network Authentication Application and OS Sign-on with Tokens Grids

PKI Deployment Timeline Planning late 2001 Staffing Jan - April 2002 HW/SW Acquisition began Feb 2002 CA Installation began June 2002 Test CA available Sept 2002 Production CA available Jan 2003 First Applications –Library Jun 2003, Banner Aug 2003

PKI Deployment Tokens issued to Freshman Students –Fall ~400 over a semester –Fall in 2 days Fall 2005 –1649 Students have certificates April 15, 2004 –1542 Certificates Issued –749 Unique Individuals –542 Students (10%) –207 Faculty and Staff (8%) –68 Servers, Network Devices and CMS Admin

Rollout Activities Integrated user documentation on web, software downloads Support staff training and early adopters Add PKI functionality in System Updates Offer PKI as first authentication option Kerberos authentication error messages suggest PKI alternative PKI Configuration and SW on Disk images, for public computers and new purchases

Research Results Guest Authentication to Wireless Network Open Source CA software –Installation, Packaging, Features Secure Hardware Applications –TPM and IBM 4758 –Enforcer - Secure Linux Kernel (available at

For More Information Dartmouth PKI Support: Dartmouth PKI Lab: PKI Lab Outreach: