Secure Communication Architectures.

Slides:

Advertisements

Similar presentations

1 ABCs of PKI TAG Presentation 18 th May 2004 Paul Butler.

Advertisements

Experiences with Massive PKI Deployment and Usage Daniel Kouřil, Michal Procházka Masaryk University & CESNET Security and Protection of Information 2009.

CS898T Mobile and Wireless Network Handheld Device Security By Yuan Chen July 25 th, 2005.

Thomas S. Messerges, Ezzat A. Dabbish Motorola Labs Shin Seung Uk.

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.

PKI services in the Public Sector of the EU Member States Objectives and Methodology of the survey Prof. Sokratis K. Katsikas University of the Aegean,

© Southampton City Council Sean Dawtry – Southampton City Council The Southampton Pathfinder for Smart Cards in public services.

1 Privacy Prof. Ravi Sandhu Executive Director and Endowed Chair March 8, © Ravi Sandhu World-Leading Research.

1 GP Confidential © GlobalPlatform’s Value Proposition for Mobile Point of Sale (mPOS)

FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.

1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:

Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.

1 ARPA A regional infrastructure for secure role-based access to RTRT services Ing. Laura Castellani Tuscany Region.

Exchange Network Key Management Services A Security Component February 28, 2005 The Exchange Network Node Mentoring Workshop.

Lesson 12 Cryptography for E-Commerce. Approaches to Network Security Separate Security Protocol--SSL Application-Specific Security--SHTTP Security with.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

1 March 4th, 2005 eMayor Clustering Event Secure communication and collaboration framework for the judicial co-operation environment.

Understanding Active Directory

Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.

User Managed Privacy Using Distributed Trust Privacy and Security Research Workshop Carnegie Mellon University May 29-30, 2002 Lark M. Allen / Wave Systems.

Polytechnic University of Tirana Faculty of Information Technology Computer Engineering Department Identification of on-line users and Digital Signature.

Introduction to PKI Mark Franklin September 10, 2003 Dartmouth College PKI Lab.

CN1276 Server Kemtis Kunanuraksapong MSIS with Distinction MCTS, MCDST, MCP, A+

E-Government Security and necessary Infrastructures Dimitrios Lekkas Dept. of Systems and Products Design Engineering University of the Aegean

Security on the Internet Jan Damsgaard Dept. of Informatics Copenhagen Business School

INTRODUCTION Why Signatures? A uthenticates who created a document Adds formality and finality In many cases, required by law or rule Digital Signatures.

Public Key Infrastructure Ammar Hasayen ….

InterSwyft Technology presentation. Introduction InterSwyft brings secured encrypted transmission of SMS messages for internal and external devices such.

Deploying a Certification Authority for Networks Security Prof. Dr. VICTOR-VALERIU PATRICIU Cdor.Prof. Dr. AUREL SERB Computer Engineering Department Military.

Chapter 10: Authentication Guide to Computer Network Security.

Best Practices in Deploying a PKI Solution BIEN Nguyen Thanh Product Consultant – M.Tech Vietnam

Dao Dinh Kha National Centre of Digital Signature Authentication - Agency of Information Technology Application A vision on a national Electronic Authentication.

Introduction to Secure Messaging The Open Group Messaging Forum April 30, 2003.

E-Commerce Security Technologies : Theft of credit card numbers Denial of service attacks (System not availability ) Consumer privacy (Confidentiality.

Registration Processing for the Wireless Internet Ian Gordon Director, Market Development Entrust Technologies.

Internet2 – InCommon and Box Marla Meehl Colorado CIO 11/1/11.

1 / 14 FIDIS 2 nd WS WP2 – Fontainebleau, December 2004 Identity in the Ambient Intelligence Environment Sabine Delaitre.

Cryptography, Authentication and Digital Signatures

E-Commerce Security Professor: Morteza Anvari Student: Xiaoli Li Student ID: March 10, 2001.

Configuring Directory Certificate Services Lesson 13.

Geneva, Switzerland, September 2014 Identity Based Attestation and Open Exchange Protocol (IBOPS) Scott Streit Chief Scientist.

Key Management. Session and Interchange Keys  Key management – distribution of cryptographic keys, mechanisms used to bind an identity to a key, and.

Security Overview  System protection requirements areas  Types of information protection  Information Architecture dimensions  Public Key Infrastructure.

1 7 th CACR Information Workshop Vulnerabilities of Multi- Application Systems April 25, 2001 MAXIMUS.

Maintaining Network Health. Active Directory Certificate Services Public Key Infrastructure (PKI) Provides assurance that you are communicating with the.

A security framework combining access control and trust management for mobile e-commerce applications Gregor v.Bochmann, Zhen Zhang, Carlisle Adams School.

Identity Management: A Technical Perspective Richard Cissée DAI-Labor; Technische Universität Berlin

Customer Interface for wuw.com 1.Context. Customer Interface for wuw.com 2. Content Our web-site can be classified as an service-dominant website. 3.

CS453: Introduction to Information Security for E-Commerce Prof. Tom Horton.

DIGITAL SIGNATURE.

Lesson 19-E-Commerce Security Needs. Overview Understand e-commerce services. Understand the importance of availability. Implement client-side security.

Belgian EID Card 15/12/2004 Derette Willy eID program manager.

Traditional Security Issues Confidentiality –Prevent unauthorized access or reading of information Integrity –Insure that writing or operations are allowed.

Security fundamentals Topic 5 Using a Public Key Infrastructure.

1 Thuy, Le Huu | Pentalog VN Web Services Security.

Electronic Banking & Security Electronic Banking & Security.

The Future Digital Identity Landscape in Europe Timothée Mangenot, chairman 14th of December, 2015 ACSIEL partners day.

TAG Presentation 18th May 2004 Paul Butler

TASHKENT UNIVERSITY OF INFORMATION TECHNOLOGIES NAMED AFTER MUHAMMAD AL-KHWARIZMI THE SMART HOME IS A BASIC OF SMART CITIES: SECURITY AND METHODS OF.

TAG Presentation 18th May 2004 Paul Butler

e-Health Platform End 2 End encryption

BY GAWARE S.R. DEPT.OF COMP.SCI

Security in ebXML Messaging

How to Mitigate the Consequences What are the Countermeasures?

Install AD Certificate Services

Prof. Sokratis K. Katsikas University of the Aegean, Greece

e-Security Solutions Penki Kontinentai Vladas Lapinskas

National Trust Platform

Presentation transcript:

Secure Communication Architectures

1.The key for building a secure communication architecture is to define what security means to the specific contest. 2.Once that has been defined, everything that goes on with the network can be evaluated with respect to that policy. 3.Projects and systems can then be broken down into their components. 4.And finally, it’s important to decide whether what is proposed will conflict with specific security policies and practices.

SM-PAYSOC Security in payment services scenario

Design and develop a new genaration of user- friendly and personalised services for citizens as well as student, businessmen and bank customers accessible anywhere and anytime with any technology in realising a mobile and trusted secure access to different services. SM-PAYSOC results

SM-PAYSOC Architecture VHE middleware performs the service adaptation process, managing user profiling issues and personalizing services on the basis on terminal type (pc, kiosk, and PDA) and user interface preferences Secure Service Centre middleware performs all the security services. VHE=Virtual Home Environment SB=Service Broker UM=User Modeller VASP=Value Added Service Providers

SM-PAYSOC: Key Security Concepts The key security concepts regarding SM-PAYSOC are the following: To protect the user’s payment sensitive data; To grant the integrity of payment data between the VASP and the terminal; To grant the integrity and non-repudiation of the transaction.

JWeb Security in judicial scenario

Security in JWeB communication In JWeb project, the Security Module assures strong authentication of both data flow and actors and at the same time protecting sensitive data, infrastructure resources and user terminal. The Security plays a transversal role in the JWeb architecture:  It gives the credentials to a JWeb user certificating its own keys and registering him/her in the JWeb environment;  It manages the authentication of the user through an authentication mechanism based on the X.509 v3 certificates;  It provides network security services by VPN links inside the JWeb architecture.

 PKI – Public Trusted Infrastructure  Certification Authority  Registration Authority;  End Entity.  Secure Messaging;  Digital Signature;  Document Integrity;  Secure Access to Private Info;  Non Repudiation. CARD INITIALIZATION & BIOMETRIC ENROLMENT Security in JWeB communication

 Secure VPN (S-VPN)  Link Protection on public network  Strong Authentication of Users and devices;  Seamless security that is easy to deploy and has a minimal impact to the user;  Confidentiality and Privacy. Security in JWeB communication

 S-VPN is strictly connected to the PKI services since it is based on X509v3 certificates use and public cryptography.  JWeb end entity can be easily added and removed from the platform keeping a strong security.  Usage of CRL (Certificate Revocation List) assures that removed users can’t access the system.  No shared secrect will be kept by user, but the security is assured by “something that is owned” (Private Key and Fingerprint) so no-repudiation services can be guarantee. Security in JWeB communication

The key security concept regarding JWeb is the following: The security is addressed not only for protection purposes, limited to control access, bidirectional authentication between the user and the infrastructure and confidentiality of the communication, but also for strong authentication, certification and digital signature at service layer. To this extent libraries have been conceived for terminal side. The cited libraries provide support, exploiting the strong security features provided by the secure and powerful chip with biometric authentication. Only the owner of smart card will be able to use the certificates and the information stored in the smart card by using his fingerprints. JWeb: Key Security Concept

Conclusion In the last years, the strong increase of illegal migration, trafficking of drugs, weapons and human beings and overall the advent of terrorism has made necessary a strong collaboration in judicial processes of different EU member states. The importance of the use of the collaboration keeps in consideration criminal investigative purpose based on the ability to: identify, without doubt, the collegues involved in judicial affairs or in police investigation before starting exchanging “critical” information. ensure the protection of judicial document exchange both in the production phase and in the distribution phase, since it fundamental to have a secure identification of the data origin and the avoidance of unauthorized data modifications while the document is exchanged. So, a Secure Communication Architecture has to support and to guaranty critical functionality at three different levels: the authentication of the user; the security of the documents managed by the platform; the protection of the judicial infrastructure.

Thank you for Your Attention