Polytechnic University of Tirana Faculty of Information Technology Computer Engineering Department Identification of on-line users and Digital Signature.

Slides:

Advertisements

Similar presentations

Security Controls and Systems in E-Commerce

Advertisements

Digital Certificate Installation & User Guide For Class-2 Certificates.

Installation & User Guide

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.

- 1 - Defense Security Service Background: During the Fall of 2012 Defense Security Service will be integrating ISFD with the Identity Management (IdM)

Digital Certificate Installation & User Guide For Class-2 Certificates.

SPD1 Improving Security and Access to Network with Smart Badge Eril Pasaribu CISA,CISSP Security Consultant.

© Southampton City Council Sean Dawtry – Southampton City Council The Southampton Pathfinder for Smart Cards in public services.

Secure Communication Architectures.

Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.

ESign-Online Digital Signature Service February 2015 Controller of Certifying Authorities Department of Electronics and Information Technology Ministry.

Cross Platform Single Sign On using client certificates Emmanuel Ormancey, Alberto Pace Internet Services group CERN, Information Technology department.

Identity Management Realities in Higher Education NET Quarterly Meeting January 12, 2005.

1 ARPA A regional infrastructure for secure role-based access to RTRT services Ing. Laura Castellani Tuscany Region.

Kerberos and PKI Cooperation Daniel Kouřil, Luděk Matyska, Michal Procházka Masaryk University AFS & Kerberos Best Practices Workshop 2006.

Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.

Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.

Mar 4, 2003Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities.

Introduction to PKI Mark Franklin September 10, 2003 Dartmouth College PKI Lab.

CN1276 Server Kemtis Kunanuraksapong MSIS with Distinction MCTS, MCDST, MCP, A+

Information Security of Embedded Systems : Algorithms and Measures Prof. Dr. Holger Schlingloff Institut für Informatik und Fraunhofer FIRST.

E-Government Security and necessary Infrastructures Dimitrios Lekkas Dept. of Systems and Products Design Engineering University of the Aegean

Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE CSci530: Computer Security Systems Authentication.

Identity Management and PKI Credentialing at UTHSC-H Bill Weems Academic Technology University of Texas Health Science Center at Houston.

TrustPort Public Key Infrastructure. Keep It Secure Table of contents  Security of electronic communications  Using asymmetric cryptography.

INTRODUCTION Why Signatures? A uthenticates who created a document Adds formality and finality In many cases, required by law or rule Digital Signatures.

Digital Signatures. Electronic Record 1.Very easy to make copies 2.Very fast distribution 3.Easy archiving and retrieval 4.Copies are as good as original.

Web Application Authentication with PKI & Other Functions Bill Weems & Mark B. Jones Academic Technology University of Texas Health Science Center at Houston.

Masud Hasan Secure Project 1. Secure It uses Digital Certificate combined with S/MIME capable clients to digitally sign and.

Authentication Approaches over Internet Jia Li

Deploying a Certification Authority for Networks Security Prof. Dr. VICTOR-VALERIU PATRICIU Cdor.Prof. Dr. AUREL SERB Computer Engineering Department Military.

Mobile Identity and Mobile Authentication (mobile e-signature) Valdis Janovs Sales Director Lattelecom Technology SIA.

RIVERA SÁNCHEZ-1 CSE 5810 User Authentication in Mobile Healthcare Applications Yaira K. Rivera Sánchez Computer Science & Engineering Department University.

Galileo - Knowledge Testing Service e-MSoft Artur Majuch.

Chapter 10: Authentication Guide to Computer Network Security.

Author of Record Digital Identity Management Sub-Workgroup October 24, 2012.

Information Security for Managers (Master MIS)

Best Practices in Deploying a PKI Solution BIEN Nguyen Thanh Product Consultant – M.Tech Vietnam

Deploying PKI Inside Microsoft The experience of Microsoft in deploying its own corporate PKI Published: December 2003.

BUSINESS B1 Information Security.

Internet Security for Small & Medium Business Week 6

E-Commerce Security Technologies : Theft of credit card numbers Denial of service attacks (System not availability ) Consumer privacy (Confidentiality.

E-Commerce Security Professor: Morteza Anvari Student: Xiaoli Li Student ID: March 10, 2001.

Configuring Directory Certificate Services Lesson 13.

Chapter 23 Internet Authentication Applications Kerberos Overview Initially developed at MIT Software utility available in both the public domain and.

Types of Electronic Infection

Key Management. Session and Interchange Keys  Key management – distribution of cryptographic keys, mechanisms used to bind an identity to a key, and.

Security Overview  System protection requirements areas  Types of information protection  Information Architecture dimensions  Public Key Infrastructure.

Compliance Defects in Public- key Cryptography “ A public-key security system trusts its users to validate each others’s public keys rigorously and to.

ELECTROINC COMMERCE TOOLS Chapter 6. Outline 6.0 Introduction 6.1 PUBLIC KEY INFRASTRUCTURE (PKI) AND CERTIFICATE AUTHORITIES (CAs) TRUST

CSCE 522 Identification and Authentication. CSCE Farkas2Reading Reading for this lecture: Required: – Pfleeger: Ch. 4.5, Ch. 4.3 Kerberos – An Introduction.

How to Deploy and Get the Most Out of Tokens Paul Caskey PKI Deployment Forum 2008.

Security fundamentals Topic 5 Using a Public Key Infrastructure.

Need for Security Control access to servicesControl access to services Ensure confidentialityEnsure confidentiality Guard against attacksGuard against.

Access Control / Authenticity Michael Sheppard 11/10/10.

Copyright Statement Copyright Robert J. Brentrup This work is the intellectual property of the author. Permission is granted for this material to.

Chapt. 10 – Key Management Dr. Wayne Summers Department of Computer Science Columbus State University

Presented by: Defense Manpower Data Center Access Card Office

Introduction to the PKI Issues at UW Madison Presented to ITC on Friday, 3/18/2005 Tom Jordan Systems Engineer,

VPN. CONFIDENTIAL Agenda Introduction Types of VPN What are VPN Tokens Types of VPN Tokens RSA How tokens Work How does a user login to VPN using VPN.

LEARNING AREA 1 : INFORMATION AND COMMUNICATION TECHNOLOGY PRIVACY AUTHENTICATION VERIFICATION.

Electronic Banking & Security Electronic Banking & Security.

A l a d d I n. c o m Strong Authentication and Beyond Budai László, IT Biztonságtechnikai tanácsadó.

Digital Identity and My Data as Business Enablers 1 My Pekka Turpeinen, Business Architect.

Digital Signatures and Forms

Installation & User Guide

Install AD Certificate Services

Presentation transcript:

Polytechnic University of Tirana Faculty of Information Technology Computer Engineering Department Identification of on-line users and Digital Signature Marin Aranitasi Prof. Dr Betim Çiço

Content Objectives Overview of the Actual Security Problems Proposal of my Solution Description of Previous Solutions Schematic View & Authentication Technologies Detailed Work Description Security Issues Conclusions 2

Objectives I will treat systems that offer services (especially public services) E-government All electronic systems that offer services, have one common element --- the identification & the authorization of their users. Information exchange  username-password 3

Government services 1. Government to Citizen 2. Government to Business 3. Government to Government 4

Problems 1. Users have to remember a lot of identification elements 2. Users in case of a lost or in case they forget the id elements, have to go to the specific institution, with an official request,to get back their id information. 3. Every institution has to create help desk structures, that in 80-90% face with issuance of id elements. 4. This mechanism of management has big problems because we can’t guarantee the authenticity of the operations with the electronics services, if the credentials are so “OPEN” 5

My proposal To create a unified identification mechanism, which can be utilized from all electronic systems that are currently in use. The real objective  The construction of a communication infrastructure, between electronic systems of different institutions, that allow the identification of the users. PKI – Public Key Infrastructure 6

Previous PKI projects(1) Common Access Card(CAC) DoD PKI-based security project Defense Enrollment Eligibility Reporting System (DEERS) Real-time Automated Personnel Identification System (RAPIDS), 7

Previous PKI projects(11) Common Access Card(CAC) Three certificates stored on the CAC include the following: 1.An authentication certificate. - Accessing secure Web portals. 2.A signing certificate. – sign 3.An encryption certificate. - This certificate is used by others to send encrypted to the CAC card owner Combination of biometrics and PIN to protect access to the card. 8

Schematic view 9

User/citizen SCDev Portal National CA-Root Signing System System Administrator 10

Identification technologies Something you know – username- password (single – factor authentication) Something you have – media, token (two factor authentication) Something you are – biometrics 11

Price vs Authentication 12

Considerations Identification techniques ◦ Key - Fob ◦ Smart cards ◦ USB token Performance /cost ◦ Performance view ◦ Cost view ◦ Sociological view 13

Smart cards Choose smart – card Relatively expensive More ◦ secure ◦ manageable 14

Detailed scheme 15

Detailed scheme Portal (Website) PKI Infrastructure OCSP/TSP 16

PKI infrastructure Servers : ◦ Active directory server ◦ Certificate server ◦ Mail server AD-SRV Cert-SRV CA Mail-SRV Network User/Citizen 17

Certificates Signing certificate ◦ Allows data on disk to be encrypted ◦ Protects messages 18

Certificates Login certificate ◦ Prove your identity to a remote computer 19

Conclusions PKI system – secure E-government Secure: ◦ Transactions ◦ Mail Ensures data : ◦ Authenticity ◦ Integrity Confidentiality Smart card – practical ( like credit cards) 20

Questions and Suggestions? Thank You for Your Attention!