Exchange Network Key Management Services A Security Component February 28, 2005 The Exchange Network Node Mentoring Workshop.

Slides:

Advertisements

Similar presentations

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.

Advertisements

XML Key Management Services - Tutorial 9 December 01 Blair Dillaway Software Architect Microsoft Corp.

April 23, XKMS Requirements Update Frederick Hirsch, Mike Just April 23, 2002 Goals Requirements Summary –General, Security Last Call Issues –For.

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.

Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.

April 18, 2006 Shared Services Tools and Technologies.

Public Key Infrastructure Ben Sangster February 23, 2006.

Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.

Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.

Lesson 12 Cryptography for E-Commerce. Approaches to Network Security Separate Security Protocol--SSL Application-Specific Security--SHTTP Security with.

An In-Depth Examination of PKI Strengths, Weaknesses and Recommendations.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 6 Wenbing Zhao Department of Electrical and Computer Engineering.

Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.

Web Services Security Multimedia Information Engineering Lab. Yoon-Sik Yoo.

BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.

Network Shared Services. Shared Services –Network Authentication and Authorization Services –Exchange Network Discovery Service –Universal Description.

1 XML Encryption Notes from encrypt/index.html by Bilal Siddiqui And “Secure XML” by Eastlake and Niles.

Introduction to PKI Mark Franklin September 10, 2003 Dartmouth College PKI Lab.

CN1276 Server Kemtis Kunanuraksapong MSIS with Distinction MCTS, MCDST, MCP, A+

Securing Web Services Using Semantic Web Technologies Brian Shields PhD Candidate, Department of Information Technology, National University of Ireland,

Security on the Internet Jan Damsgaard Dept. of Informatics Copenhagen Business School

Web services security I

TrustPort Public Key Infrastructure. Keep It Secure Table of contents  Security of electronic communications  Using asymmetric cryptography.

CAMP - June 4-6, Copyright Statement Copyright Robert J. Brentrup and Mark J. Franklin This work is the intellectual property of the authors.

Overview of Digital Signatures Introduction To Networks and Communications (CS 555) Presented by Bharath Kongara.

Controller of Certifying Authorities PKI Technology - Role of CCA Assistant Controller (Technology) Controller of Certifying Authorities Ministry of Communications.

INTRODUCTION Why Signatures? A uthenticates who created a document Adds formality and finality In many cases, required by law or rule Digital Signatures.

Public Key Infrastructure Ammar Hasayen ….

Secure Systems Research Group - FAU Patterns for Digital Signature using hashing Presented by Keiko Hashizume.

Russ Housley IETF Chair Founder, Vigil Security, LLC 8 June 2009 NIST Key Management Workshop Key Management in Internet Security Protocols.

Wolfgang Schneider NSI: A Client-Server-Model for PKI Services.

Chapter 31 Network Security

31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.

Deploying a Certification Authority for Networks Security Prof. Dr. VICTOR-VALERIU PATRICIU Cdor.Prof. Dr. AUREL SERB Computer Engineering Department Military.

Best Practices in Deploying a PKI Solution BIEN Nguyen Thanh Product Consultant – M.Tech Vietnam

Chapter 14 Encryption: A Matter Of Trust. Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic.

AQA Computing A2 © Nelson Thornes 2009 Section Unit 3 Section 6.4: Internet Security Digital Signatures and Certificates.

Web Services Security. Introduction Developing standards for Web Services security – XML Key Management Specification (XKMS) – XML Signature – XML Encryption.

Introduction to Secure Messaging The Open Group Messaging Forum April 30, 2003.

Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.

E-commerce What are the relationships among: – Client (i.e. you) – Server – Bank – Certification authority Other things to consider: – How to set up your.

Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 22 – Internet Authentication.

Configuring Directory Certificate Services Lesson 13.

SECURITY MANAGEMENT Key Management in the case of public-key cryptosystems, we assumed that a sender of a message had the public key of the receiver at.

XMPP Concrete Implementation Updates: 1. Why XMPP 2 »XMPP protocol provides capabilities that allows realization of the NHIN Direct. Simple – Built on.

Network Security7-1 CIS3360: Chapter 8: Cryptography Application of Public Cryptography Cliff Zou Spring 2012 TexPoint fonts used in EMF. Read the TexPoint.

W3C Web Services Architecture Security Discussion Kick-Off Abbie Barbir, Ph.D. Nortel Networks.

SWEB SWEB Security and Privacy Technologies – Implementation Aspects Venue:SWEB Day in APV, Novi Sad Author(s):Dr. Milan Marković Organisations:MISANU.

1 Normal executable Infected executable Sequence of program instructions Entry Original program Entry Jump Replication and payload Viruses.

31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.

DIGITAL SIGNATURE.

Security fundamentals Topic 5 Using a Public Key Infrastructure.

Secure Systems Research Group - FAU A Pattern for XML Signature Presented by Keiko Hashizume.

INFORMATION SECURITY MANAGEMENT P ROTECTION M ECHANISMS - C RYPTOGRAPHY.

Digital Signatures and Digital Certificates Monil Adhikari.

Task Force CoRD Meeting / XML Security for Statistical Data Exchange Gregory Farmakis Agilis SA.

The Hierarchical Trust Model. PGP Certificate Server details Fast, efficient key repository –LDAP, HTTP interfaces Secure remote administration –“Pending”

The Trusted Network · · · LEFIS PKI · · · 2 nd June, 2006 · Sofia by Leonardo Catalinas · May 2006

Presented by: Sonali Pagade Nibha Dhagat paper1.pdf.

Encryption and Security Tools for IA Management Nick Hornick COSC 481 Spring 2007.

An Analysis of XKMS Yamini Ghadge Shanky Subramanian.

Unit 3 Section 6.4: Internet Security

Computer Communication & Networks

NAAS 2.0 Features and Enhancements

Electronic Payment Security Technologies

Presentation transcript:

Exchange Network Key Management Services A Security Component February 28, 2005 The Exchange Network Node Mentoring Workshop

2 Topics Security Requirements Public Key Infrastructure (PKI) Challenge What is XML Key Management Services (XKMS) XKMS Basic Services (Advantages, PKI Essentials) XML Signature using XKMS XML Encryption using XKMS Authentication using XKMS Interaction with XKMS Conclusion

3 Security Requirements Secure Authentication Requirement: Password-based authentication is weak, costly, and difficult to manage Message Security: Message-level confidentiality and non-repudiation needed Payload Security: Confidential business information (CBI) may require submissions to be signed and encrypted

4 Public Key Infrastructure (PKI) Challenge Very complicated technology with some proprietary implementations Non-standard interface, difficult to use, deploy, and maintain Very high cost of acquisition, support, and operation Very low interoperability (No PKI standard interfaces) Certificate validation is very challenging

5 What is XKMS A World Wide Web Consortium (W3C) standard, XKMS 2.0, is finalized A central key depository with Web service interface to PKI Vendor-neutral PKI solution for public key and certificate management A very simple access model Foundation for secure Web services (XML signature, XML encryption, XKMS) XKMS will be the PKI solution to the Exchange Network, and the key element to a strong security model.

6 What is XKMS (Cont’d) XKMS Advantages –A Web service interface to PKI technologies, accessible to any applications on the Internet –Vendor-neutral PKI solution for public keys and certificates management –Dramatically reduces cost of PKI. Key can be generated and registered at anytime on any machine –Online real-time key/certificate validation using a simple Web method

7 What is XKMS (Cont’d) PKI Essentials –A key is generated and broken up into two pieces – Public Key and Private Key –Private Key never goes out of your machine, but share Public Key with anyone –When a data is encrypted using one key, it could only be decrypted using another –Encryption: Encrypt data using the receiver’s Public Key –Signature: Encrypt data using your Private Key

8 XKMS Basic Services XML Key Information Services (XKISS) – Locate and validate Public Keys XML Key Registration Services (XKRSS) – Register, revoke, recover, and reissue public keys or X.509 certificates Secure key exchange with XML encryption and signature All operations are defined as Web service methods

9 XML Signature using XKMS A document is signed using the Private Key and key information (KeyName, KeyValue) The receiver locates / validates the Public Key used for the signature from an XKMS server The receiver verifies the signature using the valid key

10 XML Encryption Using XKMS The sender locates the receiver’s Public Key from an XKMS server The sender encrypts a document using the receiver’s Public Key The receiver decrypts the document using the Private Key

11 Authentication using XKMS A user registers Public Key in XKMS The user creates an Authenticate message and signs the message using the Private Key Network Authentication and Authorization Server (NAAS) locates / validates the user’s Public Key from XKMS NAAS verifies the signature. The user is authenticated if the signature is valid – the holder of the Private Key

12 Interaction with XKMS

13 Conclusion XKMS is the foundation for secure exchanges in the network – basic component for XML encryption and signature XKMS provides a simple standard interface to PKI Network XKMS services will be available to all network nodes and node clients XKMS will be integrated into NAAS for key-based authentication XKMS is the PKI solution without the PKI complexity and cost