I DENTITY M ANAGEMENT Joe Braceland Mount Airey Group, Inc.

Slides:

Advertisements

Similar presentations

For Joe Broghamer Philip S. Lee May 5, 2005 Implementing PIV Specifications HSPD-12 Workshop.

Advertisements

Public Key Infrastructure and Applications

1 ABCs of PKI TAG Presentation 18 th May 2004 Paul Butler.

Overview of US Federal Identity Management Initiatives Peter Alterman, Ph.D. Chair, Federal PKI Policy Authority and Asst. CIO E-Authentication, NIH.

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.

AFCEA TechNet Europe Identity and Authentication Management Systems for Access Control Security IDENTITY MANAGEMENT Good Afternoon! Since Yesterday we.

EDUCAUSE 2001, Indianapolis IN Securing e-Government: Implementing the Federal PKI David Temoshok Federal PKI Policy Manager GSA Office of Governmentwide.

15June’061 NASA PKI and the Federal Environment 13th Fed-Ed PKI Meeting 15 June ‘06 Presenter: Tice DeYoung.

1 1 A Synopsis of Federal Information Processing Standard (FIPS) 201 for Personal Identity Verification (PIV) of Federal Employees and Contractors Presentation.

Public Key Infrastructure (PKI) Hosting Services.

Identity Assurance at Virginia Tech CSG January 13, 2010 Mary Dunker

FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.

Federal Identity Management

Claudia Diaz, Hannelore Dekeyser, Markulf Kohlweiss, Girma Nigusse K.U.Leuven IDIS Workshop 29/05/2008 [Work done in the context of the ADAPID project]

Cryptographic Security Presented by: Josh Baker October 9 th, CS5204 – Operating Systems.

Grid Security Infrastructure Tutorial Von Welch Distributed Systems Laboratory U. Of Chicago and Argonne National Laboratory.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.

“Personal Identity Verification (PIV) of Federal Employees and Contractors” October 27, 2005 Homeland Security Presidential Directive 12 (HSPD-12)

Department of Labor HSPD-12

ESign-Online Digital Signature Service February 2015 Controller of Certifying Authorities Department of Electronics and Information Technology Ministry.

1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:

Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.

Lesson 12 Cryptography for E-Commerce. Approaches to Network Security Separate Security Protocol--SSL Application-Specific Security--SHTTP Security with.

Federal Information Processing Standard (FIPS) 201, Personal Identity Verification for Federal Employees and Contractors Tim Polk May.

EDUCAUSE Fed/Higher ED PKI Coordination Meeting

Office of the Chief Information Officer EFCOG Annual Meeting Fred Catoe (IM-32) U.S. Department of Energy.

Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.

FIT3105 Smart card based authentication and identity management Lecture 4.

November 1, 2006Sarah Wahl / Graduate Student UCCS1 Public Key Infrastructure By Sarah Wahl.

E-Government Security and necessary Infrastructures Dimitrios Lekkas Dept. of Systems and Products Design Engineering University of the Aegean

Certificate and Key Storage Tokens and Software

Digital Signature Xiaoyan Guo/ Xiaohang Luo/

Controller of Certifying Authorities PKI Technology - Role of CCA Assistant Controller (Technology) Controller of Certifying Authorities Ministry of Communications.

Controller of Certifying Authorities Public Key Infrastructure for Digital Signatures under the IT Act, 2000 : Framework & status Mrs Debjani Nag Deputy.

Digital Signature Technologies & Applications Ed Jensen Fall 2013.

Effectively Integrating Information Technology (IT) Security into the Acquisition Process Section 5: Security Controls.

Chapter 10: Authentication Guide to Computer Network Security.

Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

Biometric Access Control in TWIC Read Hardware and Card Application Specification Roger Roehr.

Account Authority Digital Signature AADS Lynn Wheeler First Data Corporation

Digital Certificates Made Easy Sam Lutgring Director of Informational Technology Services Calhoun Intermediate School District.

Introduction to Secure Messaging The Open Group Messaging Forum April 30, 2003.

Cryptography Encryption/Decryption Franci Tajnik CISA Franci Tajnik.

U.S. General Services Administration Federal Technology Service November 9, 1999 Judith Spencer Director, Center for Governmentwide Security Office of.

Chapter 23 Internet Authentication Applications Kerberos Overview Initially developed at MIT Software utility available in both the public domain and.

Secure Messaging Workshop The Open Group Messaging Forum February 6, 2003.

1 7 th CACR Information Workshop Vulnerabilities of Multi- Application Systems April 25, 2001 MAXIMUS.

Security PS Evaluating Password Alternatives Bruce K. Marshall, CISSP, IAM Senior Security Consultant

Networking and Health Information Exchange Unit 9b Privacy, Confidentiality, and Security Issues and Standards.

DIGITAL SIGNATURE. GOOD OLD DAYS VS. NOW GOOD OLD DAYS FILE WHATEVER YOU WANT – PUT ‘NA’ OR ‘-’ OR SCRATCH OUT FILE BACK DATED, FILE BLANK FORMS, FILE.

CSCE 522 Identification and Authentication. CSCE Farkas2Reading Reading for this lecture: Required: – Pfleeger: Ch. 4.5, Ch. 4.3 Kerberos – An Introduction.

COAG AUSTRALIA The Prime Minister, Premiers and Chief Ministers signed the IGA at the COAG meeting on 13 April The key objectives of the Strategy,

Security Planning and Administrative Delegation Lesson 6.

CS453: Introduction to Information Security for E-Commerce Prof. Tom Horton.

DIGITAL SIGNATURE.

Traditional Security Issues Confidentiality –Prevent unauthorized access or reading of information Integrity –Insure that writing or operations are allowed.

1 Thuy, Le Huu | Pentalog VN Web Services Security.

Electronic Security and PKI Richard Guida Chair, Federal PKI Steering Committee Chief Information Officers Council

Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

Security Systems | ST/SRM3-NA | 4/6/2016 © 2016 Robert Bosch LLC and affiliates. All rights reserved. 1 Ensure data security in a hyper-connected world.

CSCE 522 Identification and Authentication

TAG Presentation 18th May 2004 Paul Butler

Identity and Access Management

ESign Aashutosh.

TAG Presentation 18th May 2004 Paul Butler

S/MIME T ANANDHAN.

EDUCAUSE Fed/Higher ED PKI Coordination Meeting

Legal Framework for Civil Registration, Vital Statistics

Module 2 OBJECTIVE 14: Compare various security mechanisms.

Presentation transcript:

I DENTITY M ANAGEMENT Joe Braceland Mount Airey Group, Inc.

2 Actively supporting U.S. Federal Government since Designed and managed the Signature Delivery Service for U.S. Passports. Recognized leaders in the area of Identity Management, Public Key Infrastructure, Biometrics, HSPD-12, Public Key Enablement, and secure authorization and privilege management. Closely work with standards bodies in the development of new standards related to identity and authorization management. Experienced with the full life cycle of applications within various federal agencies including supporting IT-CCB processes. Provide thought leadership on IT security and HSPD-12 in support of federal agency missions both domestic and abroad. Offer security products to quickly enable secure authentication and authorization. MAG S ECURITY P RODUCTS & S ERVICES 2

O VERVIEW Identity Management Terminology Origins Secure Authentication Secure Authorization What’s a role proof? Secure Identity Management Systems Examples Physical/Logical access Border security Electronic documents

I DENTITY M ANAGEMENT - T ERMINOLOGY Identity Management (IdM) Identity & Access Management (IAM) Federated Identity Management (FIdM) Identity, Credential, & Access Management (ICAM) Federal ICAM (FICAM) Privacy Personal Identity Information (PII) Health Insurance Portability & Accountability Act (HIPAA)

I DENTITY M ANAGEMENT - O RIGINS Information Technology (IT) security Cyber security Technologies Biometrics Public Key Infrastructure (PKI) Smart chips and cards Personal Identity Verification (PIV), Common Access Card (CAC), Transportation Worker Identification Credential (TWIC), state driver licenses, electronic passports Cloud, Mobility, Big Data, Social Networking Regulations Federal Information Processing Standard (FIPS) Homeland Security Presidential Directive 12 (HSPD-12)

S ECURE A UTHENTICATION Who are you? Prove it. Authentication is verifying you are who you say you are. Multi-factor authentication What you know (e.g., password, passphrase, PIN) What you have (e.g., badge, origination documents) What you are (e.g., biometrics, behavior) Cryptography PKI (Digital Signatures, encryption, policies) Hardware tokens and chips Identity Validation Global, national, local, and private database systems Identity Verification

S ECURE A UTHORIZATION What are you allowed to do? Let’s check. Authorization is determining what you are allowed to do. Access control lists Flat files and Database lookups Directories (e.g., Active Directory, X500) Access types Risk Adaptive Access Control (RAdAC) Role Based Access Control (RBAC) Attribute Based Access Control (ABAC) Extensible access control markup language (XACML 3.0) Policy Based Access Control (PBAC) Atomic Authorization Published rights that are secured (cryptographically) independently of the applications that rely on them.

8 W HAT ’ S A ROLE P ROOF ? Each proof represents an application or organizational role and has a unique ID. 1 Proofs are generated for each role repeatedly with each having only a short life. 2 Proofs reference other proofs for delegation. This can be done across multiple authorities. 3 Each contains a list of certificates, referenced by their hash to show authorization. 4 Each is digitally signed to give it cryptographic authenticity. Version Proof Name Proof Unique ID Not Before Time Not After Time References User Digest Lists Extensions Signature Algorithm Signature Value Next Available 5

9 S ECURE IDENTITY MANAGEMENT SYSTEMS Security LevelAuthenticationAuthorizationReason Low IDs and Passwords (Single Factor) Non-Atomic Authorizations can be administered with authentication credentials No security separation between authentication and authorization (unnecessary to have atomic authorizations) This level of security is expected for systems that need accountability and prevention, but data compromise presents minimal damage. MediumMixed Separation of duties between those providing authentication credentials and those determining authorizations. Non non-atomic authorizations may be acceptable (e.g., Separate X.500 directory for authorizations) Atomic authorizations may be used as a strategic step to provide a migration for future security enhancement. High CAC/PIV or PKI (Two Factor) Atomic Authorization Authorizations must be atomic in order to have congruent security. This level of security is required when the compromise of sensitive data would cause significant damage and/or transactions occurring on the system require non-repudiation.

E XAMPLES U.S. State Department access to federal systems PIV card issuance and verification Physical Access Control System (PACS) Logical Access Control System using BLADE Border security with DHS US-VISIT IDENT program Exit program Electronic passports (ePassport) and documents Creation using digital signatures Validation at ports of entry International Civil Aviation Organization (ICAO)