Application of Attribute Certificates in S/MIME Greg Colla & Michael Zolotarev Baltimore Technologies 47 th IETF Conference Adelaide, March 2000.

Slides:

Advertisements

Similar presentations

Grid Computing, B. Wilkinson, 20045a.1 Security Continued.

Advertisements

Extending ForeFront beyond the limit TMGUAG ISAIAG AG Security Suite.

Donkey Project Introduction and ideas around February 21, 2003 Yuri Demchenko.

Report on Attribute Certificates By Ganesh Godavari.

Chapter 5 Network Security Protocols in Practice Part I

Authentication Cristian Solano. Cryptography is the science of using mathematics to encrypt and decrypt data. Public Key Cryptography –Problems with key.

Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.

DESIGNING A PUBLIC KEY INFRASTRUCTURE

WAP Public Key Infrastructure CSCI – Independent Study Fall 2002 Jaleel Syed Presentation No 5.

SIS: Secure Information Sharing for Windows Systems Osama Khaleel CS526 Semester Project.

Certificateless encryption and its infrastructures Dr. Alexander W. Dent Information Security Group Royal Holloway, University of London.

Presented by Xiaoping Yu Cryptography and PKI Cosc 513 Operating System Presentation Presented to Dr. Mort Anvari.

Copyright, 1996 © Dale Carnegie & Associates, Inc. Digital Certificates Presented by Sunit Chauhan.

TrustPort Public Key Infrastructure. Keep It Secure Table of contents  Security of electronic communications  Using asymmetric cryptography.

Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning, Microsoft.

E- Business Digital Signature Varna Free University Prof. Teodora Bakardjieva.

Key Management Guidelines. 1. Introduction 2. Glossary of Terms and Acronyms 3. Cryptographic Algorithms, Keys and Other Keying Material 4. Key Management.

Computer Science Public Key Management Lecture 5.

Controller of Certifying Authorities PKI Technology - Role of CCA Assistant Controller (Technology) Controller of Certifying Authorities Ministry of Communications.

14 May 2002© TrueTrust Ltd1 Privilege Management in X.509(2000) David W Chadwick BSc PhD.

Digital Certificates With Chuck Easttom. Digital Signatures  Digital Signature is usually the encryption of a message or message digest with the sender's.

Module 10: Designing an AD RMS Infrastructure in Windows Server 2008.

Electronic Mail Security

AQA Computing A2 © Nelson Thornes 2009 Section Unit 3 Section 6.4: Internet Security Digital Signatures and Certificates.

Digital Signatures A Brief Overview by Tim Sigmon August, 2000.

Scalable Security and Accounting Services for Content-based Publish/Subscribe Systems Himanshu Khurana NCSA, University of Illinois.

16.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 16 Security at the Application Layer: PGP and.

The Windows NT ® 5.0 Public Key Infrastructure Charlie Chase Program Manager Windows NT Security Microsoft Corporation.

Registration Processing for the Wireless Internet Ian Gordon Director, Market Development Entrust Technologies.

TNC2004 Rhodes 1 Authentication and access control in Sympa mailing list manager Serge Aumont & Olivier Salaün May 2004.

Introduction to Secure Messaging Issues Russ Chung, American Eagle Group The Open Group Messaging Forum July 24, 2003.

Security.  is one of the most widely used and regarded network services  currently message contents are not secure may be inspected either.

Java Security Pingping Ma Nov 2 nd, Overview Platform Security Cryptography Authentication and Access Control Public Key Infrastructure (PKI)

Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.

Public Key Infrastructure (X509 PKI) Presented by : Ali Fanian.

Unit 1: Protection and Security for Grid Computing Part 2

Chapter 23 Internet Authentication Applications Kerberos Overview Initially developed at MIT Software utility available in both the public domain and.

SECURITY MANAGEMENT Key Management in the case of public-key cryptosystems, we assumed that a sender of a message had the public key of the receiver at.

Certificate-Based Operations. Module Objectives By the end of this module participants will be able to: Define how cryptography is used to secure information.

Digital Signatures A Brief Overview by Tim Sigmon April, 2001.

Module 9: Fundamentals of Securing Network Communication.

Key Management. Session and Interchange Keys  Key management – distribution of cryptographic keys, mechanisms used to bind an identity to a key, and.

Cryptography and Network Security (CS435) Part Twelve (Electronic Mail Security)

Public Key Infrastructure (X509 PKI) Presented by : Ali Fanian

1. 2 Overview In Exchange security is managed by assigning permissions in Active Directory Exchange objects are secured with DACL and ACEs Permissions.

Who’s watching your network The Certificate Authority In a Public Key Infrastructure, the CA component is responsible for issuing certificates. A certificate.

Extending ISA/IAG beyond the limit. AGAT Security suite - introduction AGAT Security suite is a set of unique components that allow extending ISA / IAG.

Matej Bel University Cascaded signatures Ladislav Huraj Department of Computer Science Faculty of Natural Sciences Matthias Bel University Banska Bystrica.

1 Network Security Lecture 7 Overview of Authentication Systems Waleed Ejaz

Stroeder.COM TF-LSD Meeting S/MIME Certificate Collector  Motivation  Proposed Solution  Discussion.

Security fundamentals Topic 5 Using a Public Key Infrastructure.

Using Public Key Cryptography Key management and public key infrastructures.

Bridge Certification Architecture A Brief Overview by Tim Sigmon May, 2000.

1 Session 4 Module 6: Digital signatures. Digital Signatures / Session4 / 2 of 18 Module 4, 5 - Review (1)  Java 2 security model provides a consistent.

Electronic Mail Security Prepared by Dr. Lamiaa Elshenawy

7.6 Secure Network Security / G.Steffen1. In This Section Threats to Protection List Overview of Encrypted Processing Example.

1 Public Key Infrastructure Rocky K. C. Chang 6 March 2007.

Fall 2006CS 395: Computer Security1 Key Management.

Security By Meenal Mandalia. What is ? stands for Electronic Mail. much the same as a letter, only that it is exchanged in a different.

Content Introduction History What is Digital Signature Why Digital Signature Basic Requirements How the Technology Works Approaches.

July 19, Secure Messaging Models Co-existence and Interoperability Russell W. Chung New York, NY July 19, 2005.

CAISO Public Key Infrastructure: Supporting Secure ICCP Leslie DeAnda Senior Information Security Analyst, Information Security, CAISO EMS Users Group.

 Introduction  History  What is Digital Signature  Why Digital Signature  Basic Requirements  How the Technology Works  Approaches.

Key management issues in PGP

Cryptography and Network Security

S/MIME T ANANDHAN.

Security at the Application Layer: PGP and S/MIME

Encryption in Office 365 Shobhit Sahay Technical Product Manager

刘振上海交通大学计算机科学与工程系电信群楼3-509

刘振上海交通大学计算机科学与工程系电信群楼3-509

Presentation transcript:

Application of Attribute Certificates in S/MIME Greg Colla & Michael Zolotarev Baltimore Technologies 47 th IETF Conference Adelaide, March 2000

IETF47, Mar 2000, Adelaide Overview S/MIME and PK Certificates S/MIME Problems Secure mail requirements Possible solutions Attribute Certificates Practical Implementation Issues Attribute Certificates & S/MIME

IETF47, Mar 2000, Adelaide S/MIME Certificate Usage Verification – check signer’s address against sender’s address Encryption – obtaining “encryptee’s” public key certificate cn=Alice Attribute Certificates & S/MIME

IETF47, Mar 2000, Adelaide S/MIME Problems Multiple addresses –User has multiple addresses Maintenance of addresses –Change company name (and Internet domain) Security Proxy –a proxy signs and decrypts on behalf of many users Privacy/Spam Attribute Certificates & S/MIME

IETF47, Mar 2000, Adelaide Essential Requirements Address Aliasing : Associate a single entity with multiple addresses, with a single PKC. Secure Proxying: Associate multiple entities, each with their own address, with a common PKC. Address Sharing: Associate multiple entities, each with their own PKC, with a single address. Attribute Certificates & S/MIME

IETF47, Mar 2000, Adelaide Solution Criteria Cryptographically bound association between an e- mail address and a public key Unambiguous reference from address to PK certificate(s) Dynamic extension of address set Practical aspects –Generation, distribution, publication, retrieval, verification Minimum of changes to current standards Utilize existing infrastructure Attribute Certificates & S/MIME

IETF47, Mar 2000, Adelaide Overview of Possible Solutions 1.Embed address into entity’s cert a)One address per certificate, each with same public key b)One certificate with multiple addresses 2.Address  PKC association signed by entity –Authenticated attributes 3.Address  PKC association signed by TTP –Attribute Certificate Attribute Certificates & S/MIME

IETF47, Mar 2000, Adelaide Attribute Certificates Flexible Scalable Standards Based Available Infrastructure TTP (AA) Owner address Signature Other Attributes Attribute Certificates & S/MIME

IETF47, Mar 2000, Adelaide Cryptographically bind addresses with Gateway’s PK certificate cn=Gateway AC AC Attribute Certificates Attribute Certificates & S/MIME

IETF47, Mar 2000, Adelaide Attribute Certificates Cryptographically bind addresses with entity’s PK certificate cn=Alice AC AC Attribute Certificates & S/MIME

IETF47, Mar 2000, Adelaide Practical Implementation (1/5) Generation –Generation by an Attribute Authority(AA) TTP attests that the address is associated with the entity Request –By or on behalf of entity –Automatically by security proxy –By relying party (LAAP) Attribute Certificates & S/MIME

IETF47, Mar 2000, Adelaide Practical Implementation (2/5) Distribution & Retrieval –Generate by AA, publish in LDAP –Distribute as part of signed message –Retrieval based on address Validity & Revocation –Validity: as long as the PKC & address remain valid –Revocation: use available standards Attribute Certificates & S/MIME

IETF47, Mar 2000, Adelaide Practical Implementation (3/5) Retrieving attribute and PK certificates from LDAP 1.Use the from: or to: address from message as a search index 2.Request the directory to retrieve all attribute certificates from the matching entries 3.Out of all returned attribute certificates, select those with required address 4.Retrieve PK certificates referenced by selected attribute certificates cn=Alice certificate= attributeCertificate= Alice’s new LDAP entry Attribute Certificates & S/MIME

IETF47, Mar 2000, Adelaide Practical Implementation (4/5) Message Verification Walkthrough –Retrieve AC(s) using sender’s address as index –Retrieve PKC(s) referenced by AC(s) –Identify signing certificate –Validate... –Validate the message Attribute Certificates & S/MIME

IETF47, Mar 2000, Adelaide Practical Implementation (5/5) Message Encryption Walkthrough –Retrieve AC(s) using recipient’s address as index –Validate... –Retrieve PKC(s) referenced by valid AC(s) –Validate... –Encrypt the message using valid encryption certificate(s) Attribute Certificates & S/MIME

IETF47, Mar 2000, Adelaide Other Considerations Privacy –Remove private information from PK certificate –Different access control on PK certificate than e- mail AC in directory –Different directories for ACs and PKCs Security –Need to ensure that content of AC is valid Attribute Certificates & S/MIME

IETF47, Mar 2000, Adelaide Comparison with existing Infrastructure Existing Multiple addresses in certificate Re-issue keys in new certificate with new address Supported by existing PK and S/MIME infrastructure  Difficult for large number of e- mail addresses (ie security proxies)  Difficult to separate internal and external addresses  Contra to legislation in some countries Proposed Store address in AC, which references PKC Issue AC’s as required Flexible method for maintaining addresses Infrastructure available Supplements current S/MIME infrastructure Supports security proxies Defined mechanism to retrieve PKC’s from directory, AA  Additions required to processing module’s logic Attribute Certificates & S/MIME

IETF47, Mar 2000, Adelaide Summary Maintenance of addresses limits S/MIME usability Attribute Certificates cryptographically bind addresses with PK certificates Attribute Certificates provide a flexible solution for maintaining addresses Supplements current infrastructure Localized modifications required to S/MIME components to utilize ACs ACs can be used to solve other S/MIME limitations Attribute Certificates & S/MIME