03 December 2003 Digital Certificate Operation in a Complex Environment Presentation as part of the Digital Projects in Oxford series 4 February 2004.

Slides:

Advertisements

Similar presentations

The Diffie-Hellman Algorithm

Advertisements

HCQ P MEDICARES HEALTH CARE QUALITY IMPROVEMENT PROGRAM QualityNet Exchange Dennis Stricker Director, Information Systems Group Office of Clinical Standards.

Introduction of Grid Security

Digital Certificate Operation in a Complex Environment Matthew J. Dovey Oxford University Computing Services.

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.

My Project Presentation

Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.

Grid Security Infrastructure Tutorial Von Welch Distributed Systems Laboratory U. Of Chicago and Argonne National Laboratory.

Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.

PKI Implementation in the Real World

Cross Platform Single Sign On using client certificates Emmanuel Ormancey, Alberto Pace Internet Services group CERN, Information Technology department.

23 Oct PKI for the Mystified Introduction to Public Key Infrastructure and Cryptography Ivaylo Kostadinov.

INFORMATION SYSTEMS SERVICES UNIVERSITY OF LEEDS Presentation to the UK e-Science Grid Workshop ‘Managing Access to Resources on the Grid’ e-Science Institute,

Public Key Infrastructure Ben Sangster February 23, 2006.

Exchange Network Key Management Services A Security Component February 28, 2005 The Exchange Network Node Mentoring Workshop.

A case for Shibboleth and grid security: are we paranoid about identity? UK e-Science All Hands Meeting, 2006 Mark Norman 19 Sept 2006.

National Center for Supercomputing Applications PKI and CKM ® Scaling Study NCASSR Kick-off Meeting June 11-12, 2003 Jim Basney

An In-Depth Examination of PKI Strengths, Weaknesses and Recommendations.

TIES — Technologies for Information Environment Security Sandy Shaw University of Edinburgh.

PKIs  To use public key methods, an organization must establish a comprehensive Public Key Infrastructure (PKI) A PKI automates most aspects of using.

6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.

03 December 2003 Digital Certificate Operation in a Complex Environment Consultation/Stakeholders Meeting 3 December 2003.

03 December 2003 Digital Certificate Operation in a Complex Environment Report from Consultation/Stakeholders Meeting of 3 December 2003.

Encryption An Overview. Fundamental problems Internet traffic goes through many networks and routers Many of those networks are broadcast media Sniffing.

UNCLASS DoD Public Key Infrastructure LCDR Tom Winnenberg DISA API1 Chief Engineer 25 April 2002.

03 December 2003 Public Key Infrastructure and Authentication Mark Norman DCOCE Oxford University Computing Services.

S/MIME and PKI Dartmouth College PKI Lab. What Is S/MIME? RFC 2633 (S/MIME Version 3)RFC 2633 Extensions to MIME Uses PKI certificates, keys, and.

1 CS 194: Distributed Systems Security Scott Shenker and Ion Stoica Computer Science Division Department of Electrical Engineering and Computer Sciences.

Key Management Guidelines. 1. Introduction 2. Glossary of Terms and Acronyms 3. Cryptographic Algorithms, Keys and Other Keying Material 4. Key Management.

Public Key Infrastructure from the Most Trusted Name in e-Security.

Public Key Infrastructure Ammar Hasayen ….

Digital Certificates Public Key Deception Digital Certificates Certificate Authorities Public Key Infrastructures (PKIs)

Wolfgang Schneider NSI: A Client-Server-Model for PKI Services.

Best Practices in Deploying a PKI Solution BIEN Nguyen Thanh Product Consultant – M.Tech Vietnam

F. Guilleux, O. Salaün - CRU Middleware activities in French Higher Education.

SYSTEM ADMINISTRATION Chapter 13 Security Protocols.

OpenVPN OpenVPN: an open source, cross platform client/server, PKI based VPN.

Lecture 19 Page 1 CS 111 Online Symmetric Cryptosystems C = E(K,P) P = D(K,C) E() and D() are not necessarily the same operations.

Masud Hasan Secue VS Hushmail Project 2.

Digital Certificates Made Easy Sam Lutgring Director of Informational Technology Services Calhoun Intermediate School District.

Joseph Ferracin Director IT Security Solutions Managing Security.

Introduction to Secure Messaging The Open Group Messaging Forum April 30, 2003.

PKI interoperability and policy in the wireless world.

NENA Development Conference | October 2014 | Orlando, Florida Security Certificates Between i3 ESInet’s and FE’s Nate Wilcox Emergicom, LLC Brian Rosen.

Introduction to Secure Sockets Layer (SSL) Protocol Based on:

Secure Messaging Workshop The Open Group Messaging Forum February 6, 2003.

Security Overview  System protection requirements areas  Types of information protection  Information Architecture dimensions  Public Key Infrastructure.

1 Vigil : Enforcing Security in Ubiquitous Environments Authors : Lalana Kagal, Jeffrey Undercoffer, Anupam Joshi, Tim Finin Presented by : Amit Choudhri.

Compliance Defects in Public- key Cryptography “ A public-key security system trusts its users to validate each others’s public keys rigorously and to.

Building Security into Your System Bill Major Gregory Ponto.

The Distribution Online Vending Pilot Project Demo Testing Certificate Management Kennedy P Subramoney 23 July 2004.

Digital Certificate Operation in a Complex Environment Presentation to the IT Support Staff Conference 24 June 2004.

HEPSYSMAN UCL, 26 Nov 2002Jens G Jensen, CLRC/RAL UK e-Science Certification Authority Status and Deployment.

Who’s watching your network The Certificate Authority In a Public Key Infrastructure, the CA component is responsible for issuing certificates. A certificate.

Oxford University e-Science Centre 1 Managing Access 4 Dec Managing Access to Resources on the Grid 4 December 2002.

Leveraging Campus Authentication for Grid Scalability Jim Jokl Marty Humphrey University of Virginia Internet2 Meeting April 2004.

Security fundamentals Topic 5 Using a Public Key Infrastructure.

Key Management. Authentication Using Public-Key Cryptography  K A +, K B + : public keys Alice Bob K B + (A, R A ) 1 2 K A + (R A, R B,K A,B ) 3 K A,B.

X.509 Proxy Certificates for Dynamic Delegation Ian Foster, Jarek Gawor, Carl Kesselman, Sam Meder, Olle Mulmo, Laura Perlman, Frank Siebenlist, Steven.

WLCG Authentication & Authorisation LHCOPN/LHCONE Rome, 29 April 2014 David Kelsey STFC/RAL.

1 Certification Issue : how do we confidently know the public key of a given user? Authentication : a process for confirming or refuting a claim of identity.

VOMS Attribute Authorities Michael Helm ESnet/LBNL 23 Feb 2007.

X509 Web Authentication From the perspective of security or An Introduction to Certificates.

This courseware is copyrighted © 2016 gtslearning. No part of this courseware or any training material supplied by gtslearning International Limited to.

Public Key Infrastructure from the Most Trusted Name in e-Security

CS 465 Certificates Last Updated: Oct 14, 2017.

Building Security into Your System

National Trust Platform

Presentation transcript:

03 December 2003 Digital Certificate Operation in a Complex Environment Presentation as part of the Digital Projects in Oxford series 4 February 2004

4 February 2004 Digital Certificate Operation in a Complex Environment What a mouthful. …bless you! What are we trying to do? –“To provide a detailed implementation and evaluation report of 'real world' digital certificate services at the University of Oxford” Attempt to learn from the experience of others Development/implementation of, a public key infrastructure… Evaluations Dissemination

4 February 2004 This talk The staff The aims What ARE digital certificates? Summary of PKI What have we done so far? A few findings from our consultation Questionnaire results A few soft findings A bit of psychology Our challenges (And see our glossary)

4 February 2004 Staff Project team: –Project Manager: Mark Norman –Evaluators: Alun Edwards (OUCS), Johanneke Sytsema (SERS) –Systems Developer: Christian Fernau Project Board: –Mike Fraser/Paul Jeffreys (Co-Project Directors) –Frances Boyle (SERS)

4 February 2004 The aims (in short…) Use digital certificates for authentication at Oxford (and elsewhere) –Involves ‘building’ a PKI and –making some services ‘certificate aware’ Look at usability and issuing mechanisms –Registration, renewal, revocation etc. Have an open mind about the success –Maybe balance the high security (potential) with ease of use/implementation… …pragmatism?

4 February 2004 What ARE digital certificates? Lots of jargon: –X.509 –Public key infrastructure –Signing, encryption, hashes Where have you seen them before? –Secure Sockets Layer (SSL) –(DCOCE is about personal certificates) But what are they? –Little bits of digital information that are signed by a trusted authority

4 February 2004 Summary of PKI

4 February 2004 What have we done so far? Stakeholders and consultees Found out about other PKIs Designed a few bits of ‘architecture’ to stimulate discussion Held a consultation meeting –Where we presented those ‘bits’ –Analysed the feedback Used the feedback to design the architecture –And begin coding

4 February 2004 A few findings from our consultation What we did on the day: –PKI preamble (primer talk) –About the project –Talk from Athens –Describe our ‘ideas’ –Discuss the ideas –Talk (contextualise) our questionnaires –Complete questionnaires –Further discussion

4 February 2004 Our ideas (briefly…) Basic level assurance –For most University users –Medium level for the Grid and others How to scale the registration –Trusting the registration servers –Generating keys locally –Being secure Mobility problems –Save certs and private keys on a central server? –Or use ‘devices’?

4 February 2004 Some results from the questionnaires 2 questionnaires –Service/security people –Users/user reps –About 10 of each A lot of ‘noise’!

4 February 2004 A few findings (preliminary) From the users/support staff

4 February 2004 A few findings (preliminary) From the service/security staff

4 February 2004 A few findings (preliminary) From the service/security staff

4 February 2004 A few findings (preliminary) From the service/security staff

4 February 2004 A few findings (preliminary) From the service/security staff

4 February 2004 A few soft findings Should try to use a devolved system of RAs (i.e. Colleges) Security ‘experts’ sceptical of man in the middle –Very suspicious of the flaws in the PKI Although questionnaire responses said that the PKI should be transparent/unseen/easy –Everyone heaped extra requirements No relationship between the answer of level of security and their expectations of the PKI

4 February 2004 A bit of psychology We don’t need high levels of security However, when people hear PKI, they then want it

4 February 2004 That psychology…

4 February 2004 Our biggest challenge Persuading people that PKI is a good idea Why do it – people don’t want extra security? –(But service providers need it)

03 December 2003 Follow our progress (or otherwise) at