Presentation is loading. Please wait.

Presentation is loading. Please wait.

Copyright Statement Copyright Robert J. Brentrup 2005. This work is the intellectual property of the author. Permission is granted for this material to.

Published byKerry Parsons Modified over 8 years ago

Similar presentations

Presentation on theme: "Copyright Statement Copyright Robert J. Brentrup 2005. This work is the intellectual property of the author. Permission is granted for this material to."— Presentation transcript:

1 Copyright Statement Copyright Robert J. Brentrup 2005. This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial, educational purposes, provided that this copyright statement appears on the reproduced materials and notice is given that the copying is by permission of the author. To disseminate otherwise or to republish requires written permission from the author.

2 Academic Applications of PKI Robert Brentrup Educause Poster Session October 20, 2005

3 What is PKI? PKI is Public Key Infrastructure A pair of keys is used, one to encrypt, the other to decrypt

4 Public and Private Keys You publish the "public" key, You keep the "private" key a secret You don't need to exchange a secret "key" by some other channel Invented in 1976 by Whit Diffie and Martin Hellman Commercialized by RSA Security

5 Basic applications of PKI Authentication and Authorization of Web users and servers –It is the basis for the SSL protocol used to secure web connections Secure e-mail (signed and encrypted) Electronic document signatures Network link data protection (VPN, wireless) Signing Program Code

6 Why PKI? Comprehensive way to address securing many applications No passwords are transmitted No need for shared secrets Strong underlying security technology Widely supported in current Operating Systems and Applications

7 What is X.509? A standard for the format of a public key certificate RSA PKCS #1-15 are related standards for how certificates are stored and used Current PKI product offerings inter-operate through this standard There are other possible formulations, eg SDSI/SPKI

8 What is a certificate? Signed data structure that binds some information to a public key The information is usually a personal identity or a server name Think of it as an electronic ID card

9 Basic Public Key Operations Encryption –encrypt with public key of recipient –only the recipient can decrypt with their private key

10 Signature –Compute message digest, encrypt with your private key –Reader decrypts with your public key –Re-compute the digest and compare the results, Match? Basic Public Key Operations

11 What is a certificate authority? An organization that creates and publishes certificates Verifies the information in the certificate Provides security of the system and it's records Allows you to check certificates and decide to use them in business transactions

12 What is a CA certificate? A certificate authority generates a key pair used to sign the certificates it issues For multiple institutions to collaborate: –Hierachical structure is setup among their CAs –Bridge Certification Authorities Use a "peer to peer" approach

13 Dartmouth PKI Implementation Sun/iPlanet CA Software Sun 250 server Single Online CA Server –Hardware Key Storage (Crysalis) –Dedicated Firewall –Publishes CRLs and provides OCSP

14 LDAP Directory Maintained from Institutional Systems –SIS, HR, Sponsored Guests Automated Addition and Deletion CA Publishes Certificates and CRLs to LDAP

15 User Enrollment Key Generation by Web Browser –Internet Explorer and Netscape/Mozilla Cross platform –Software Key and Certificate Storage LDAP authorization, self-service Registration Officer for High Assurance –In-person verification of Photo ID –Store Keys on USB tokens

16 Production Applications Web Services Authentication –Student Information System –Library Journals –Business School Portal –Software Downloads –Course Management System (Blackboard) SSL for IMAP Servers VPN Authentication Shibboleth Authentication Hardware Key Storage (USB Tokens)

17 Pilot Applications Secure Mail and List Server Document Signatures –Acrobat, Office, XML (NIH) Wireless Network Authentication Application and OS Sign-on with Tokens Grids

18 PKI Deployment Timeline Planning late 2001 Staffing Jan - April 2002 HW/SW Acquisition began Feb 2002 CA Installation began June 2002 Test CA available Sept 2002 Production CA available Jan 2003 First Applications –Library Jun 2003, Banner Aug 2003

19 PKI Deployment Tokens issued to Freshman Students –Fall 2004 - ~400 over a semester –Fall 2005 - 807 in 2 days Fall 2005 –1649 Students have certificates April 15, 2004 –1542 Certificates Issued –749 Unique Individuals –542 Students (10%) –207 Faculty and Staff (8%) –68 Servers, Network Devices and CMS Admin

20 Rollout Activities Integrated user documentation on web, software downloads Support staff training and early adopters Add PKI functionality in System Updates Offer PKI as first authentication option Kerberos authentication error messages suggest PKI alternative PKI Configuration and SW on Disk images, for public computers and new purchases

21 Research Results Guest Authentication to Wireless Network Open Source CA software –Installation, Packaging, Features Secure Hardware Applications –TPM and IBM 4758 –Enforcer - Secure Linux Kernel (available at http://enforcer.sourceforge.net)

22 For More Information Dartmouth PKI Support: www.dartmouth.edu/~pki Dartmouth PKI Lab: www.dartmouth.edu/~pkilab PKI Lab Outreach: www.dartmouth.edu/~deploypki Robert.J.Brentrup@dartmouth.edu

Download ppt "Copyright Statement Copyright Robert J. Brentrup 2005. This work is the intellectual property of the author. Permission is granted for this material to."

Similar presentations

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.
Student, Faculty, and Staff Data Availability and Protection What’s the Back-Up Plan? (for academic computing) Sponsored by.

Student, Faculty, and Staff Data Availability and Protection What’s the Back-Up Plan? (for academic computing) Sponsored by.
The Academic Computing Assessment Data Repository: A New (Free) Tool for Program Assessment Heather Stewart, Director, Institute for Technology Development,

The Academic Computing Assessment Data Repository: A New (Free) Tool for Program Assessment Heather Stewart, Director, Institute for Technology Development,
Dartmouth PKI Certificate Deployment June 2004 Fed Ed Meeting.

Dartmouth PKI Certificate Deployment June 2004 Fed Ed Meeting.
Grid Computing, B. Wilkinson, 20045a.1 Security Continued.

Grid Computing, B. Wilkinson, 20045a.1 Security Continued.
Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.

Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.
Certificate Authorities - Commercial Options Robert Brentrup Educause/Dartmouth PKI Summit July 26, 2005.

Certificate Authorities - Commercial Options Robert Brentrup Educause/Dartmouth PKI Summit July 26, 2005.
Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.

Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.
Copyright Judith Spencer 2002. This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial,

Copyright Judith Spencer This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial,
Cross Platform Single Sign On using client certificates Emmanuel Ormancey, Alberto Pace Internet Services group CERN, Information Technology department.

Cross Platform Single Sign On using client certificates Emmanuel Ormancey, Alberto Pace Internet Services group CERN, Information Technology department.
Copyright Statement Copyright Robert J. Brentrup 2005. This work is the intellectual property of the author. Permission is granted for this material to.

Copyright Statement Copyright Robert J. Brentrup This work is the intellectual property of the author. Permission is granted for this material to.
Lecture 23 Internet Authentication Applications

Lecture 23 Internet Authentication Applications
Copyright Statement Copyright Robert J. Brentrup and Sean W. Smith 2002. This work is the intellectual property of the authors. Permission is granted for.

Copyright Statement Copyright Robert J. Brentrup and Sean W. Smith This work is the intellectual property of the authors. Permission is granted for.
Identity Management Realities in Higher Education NET Quarterly Meeting January 12, 2005.

Identity Management Realities in Higher Education NET Quarterly Meeting January 12, 2005.
6/1/20151 Digital Signature and Public Key Infrastructure Course:COSC513-01 Instructor:Professor Anvari Student ID:106845 Name:Xin Wen Date:11/25/00.

6/1/20151 Digital Signature and Public Key Infrastructure Course:COSC Instructor:Professor Anvari Student ID: Name:Xin Wen Date:11/25/00.
Password?. Project CLASP: Common Login and Access rights across Services Plan

Password?. Project CLASP: Common Login and Access rights across Services Plan
Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.

Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.
PKI Activities at Virginia January 2004 CSG Meeting Jim Jokl.

PKI Activities at Virginia January 2004 CSG Meeting Jim Jokl.
DESIGNING A PUBLIC KEY INFRASTRUCTURE

DESIGNING A PUBLIC KEY INFRASTRUCTURE
Dartmouth PKI Deployment Robert Brentrup PKI Summit July 14, 2004.

Dartmouth PKI Deployment Robert Brentrup PKI Summit July 14, 2004.

Similar presentations

Ads by Google