Presentation is loading. Please wait.

Presentation is loading. Please wait.

September 2002 CSG Meeting Jim Jokl

Published byRuby Maxwell Modified over 5 years ago

Similar presentations

Presentation on theme: "September 2002 CSG Meeting Jim Jokl"— Presentation transcript:

1 September 2002 CSG Meeting Jim Jokl jaj@Virginia.EDU
PKI Update September 2002 CSG Meeting Jim Jokl _______________________________________________________________

2 Public Key Infrastructure
Basis - a pair of cryptographically related keys are generated Your public and private keys Usage Data encrypted using a public key can only be decrypted with the matching private key Data signed by a private key can only be verified by the matching public key

3 Public Key Infrastructure: Digital Certificates
A certificate is: An object signed by a Certification Authority (CA) Binds a user’s identity to their public key Contains some attributes about the person Contains some information about the CA Level of assurance How well did the CA identify the person? How is the CA run? Who vouches for the CA?

4 Public Key Infrastructure: Policy and Practices
How is the CA run? Certification Policy & Practices documents Registration Authority (RA) operation Who vouches for the CA? Relying parties Trust hierarchies Certificate chains and root certificates Microsoft and Netscape both decide who you trust by installing CA certificates into your Browser/OS certificate store

5 Some reasons campuses are deploying PKI
Authentication Client certificates for Web application authentication VPN authentication & EAP-TLS for wireless Higher assurance / two-factor authentication Digital signatures & business applications Signed and encrypted - S/MIME SSL server certificates etc

6 Higher Education PKI Activities - HEPKI
Sponsors Internet2, EDUCAUSE, CREN, HEPKI - Technical Activities Group (TAG) Open-source PKI software Certificate profiles Directory / PKI interaction Validity periods Client customization issues Mobility Inter-institution test projects Technical issues with cross-certification

7 Some Drivers for Campus S/MIME Support
Prevent spoofing Problems with forged Students canceling classes, impersonating professors, etc Official announcements Anti-spam filter bypass? Business processes Protect sensitive messages & documents Signed messages S/MIME-based applications

8 S/MIME Project Two project phases: Client interoperability testing
User to user Application-to-user, user-to-application Client interoperability testing Common signing and encryption algorithms Dual-key support LDAP support Issues documentation Mailing list software, encryption: folders, escrow, cc: repository

9 Some Potential S/MIME Applications
Mailing lists: access and expansion of encrypted messages Travel expense reports & direct deposit notification Online forms routing – signed workflow Trouble ticket submissions Password resets Library notices – guard circulation data Timesheet submission Student debit card & long distance billing privacy FERPA opt-in/opt-out Sysadmin confirmation of batch jobs

10 Certificate Profiles http://middleware.internet2.edu/certprofiles
A per-field description of certificate content Standard and extension fields Criticality flags Syntax of values permitted per field Spreadsheet & text formats Higher education profile repository

11 PKI-lite Full function but lightweight
A normal PKI technical infrastructure Authenticate users Issue certificates, perhaps revoke certificates A comparatively simple certificate profile Support applications, directories, etc A lightweight administrative/policy structure Supports applications without high assurance needs One or two page certification policy Assurance levels per existing campus practice Campus evolution towards full featured PKI

12 PKI-lite Project Status
PKI-lite certificate profiles completed Designed to support web authentication & S/MIME End Entity profile CA certificate profile PKI-lite Policy and Practices Statement Individual documents prepared – then merged Reviewed by many people Template-based fill in the blanks approach Certificate repository started

13 Some other work in progress
Hardware tokens Mobility Private key protection Two-factor authentication Signing tools Web & client-based The active content problem Other items Root cert downloads, PKI in XP, docs, demo CA projects, information sharing, etc Active content: dartmouth ERIC Norman – demo ca

14 Where to watch middleware.internet2.edu/hepki-tag
middleware.internet2.edu/hepki-tag/smime PKI for Networked Higher Ed PKI Labs middleware.internet2.edu/pkilabs Combination of work done in HEPKI-TAG MW-S/MIME Many other groups – CREN, PKI Labs, etc Participation

Download ppt "September 2002 CSG Meeting Jim Jokl"

Similar presentations

April 19-22, 2005SecureIT-2005 How to Start a PKI A Practical Guide Dr. Javier Torner Information Security Officer Professor of Physics.

April 19-22, 2005SecureIT-2005 How to Start a PKI A Practical Guide Dr. Javier Torner Information Security Officer Professor of Physics.
Digital Certificate Installation & User Guide For Class-2 Certificates.

Digital Certificate Installation & User Guide For Class-2 Certificates.
Installation & User Guide

Installation & User Guide
May 06, 2002 Getting Started with Digital Certificates: Is PKI-Lite Real PKI? Internet2 Spring Meeting 2002 Wash, DC.

May 06, 2002 Getting Started with Digital Certificates: Is PKI-Lite Real PKI? Internet2 Spring Meeting 2002 Wash, DC.
Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.
Digital Certificate Installation & User Guide For Class-2 Certificates.

Digital Certificate Installation & User Guide For Class-2 Certificates.
Digital Certificate Installation & User Guide For Class-2 Certificates.

Digital Certificate Installation & User Guide For Class-2 Certificates.
Grid Computing, B. Wilkinson, 20045a.1 Security Continued.

Grid Computing, B. Wilkinson, 20045a.1 Security Continued.
HEPKI-TAG Activities January 2002 CSG Meeting Jim Jokl

HEPKI-TAG Activities January 2002 CSG Meeting Jim Jokl
1 HEPKI-TAG Update EDUCAUSE/Dartmouth PKI Summit July 26, 2005 Jim Jokl University of Virginia.

1 HEPKI-TAG Update EDUCAUSE/Dartmouth PKI Summit July 26, 2005 Jim Jokl University of Virginia.
Lecture 23 Internet Authentication Applications

Lecture 23 Internet Authentication Applications
Copyright Statement Copyright Robert J. Brentrup and Sean W. Smith 2002. This work is the intellectual property of the authors. Permission is granted for.

Copyright Statement Copyright Robert J. Brentrup and Sean W. Smith This work is the intellectual property of the authors. Permission is granted for.
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 12 Applying Cryptography.

Security+ Guide to Network Security Fundamentals, Third Edition Chapter 12 Applying Cryptography.
PKI Activities at Virginia January 2004 CSG Meeting Jim Jokl.

PKI Activities at Virginia January 2004 CSG Meeting Jim Jokl.
DESIGNING A PUBLIC KEY INFRASTRUCTURE

DESIGNING A PUBLIC KEY INFRASTRUCTURE
David L. Wasley Information Resources & Communications Office of the President University of California Directories and PKI Basic Components of Middleware.

David L. Wasley Information Resources & Communications Office of the President University of California Directories and PKI Basic Components of Middleware.
PKI: News from the Front and views from the Back Ken Klingenstein, Project Director, Internet2 Middleware Initiative Chief Technologist, University of.

PKI: News from the Front and views from the Back Ken Klingenstein, Project Director, Internet2 Middleware Initiative Chief Technologist, University of.
Dartmouth PKI Deployment Robert Brentrup PKI Summit July 14, 2004.

Dartmouth PKI Deployment Robert Brentrup PKI Summit July 14, 2004.
16.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.

16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
PUBLIC KEY INFRASTRUTURE Don Sheehy

PUBLIC KEY INFRASTRUTURE Don Sheehy

Similar presentations

Ads by Google