1 Using PKI for the Census MSIS 2004, Geneva Mel Turner, Lise Duquet Statistics Canada.

Slides:

Advertisements

Similar presentations

11/2/2013 2:02:38 AM 5864_ER_FED 1 Importing Certificates into Lotus Notes R6.

Advertisements

Smart Certificates: Extending X.509 for Secure Attribute Service on the Web October 1999 Joon S. Park, Ph.D. Center for Computer High Assurance Systems.

Experiences with Massive PKI Deployment and Usage Daniel Kouřil, Michal Procházka Masaryk University & CESNET Security and Protection of Information 2009.

Digital Certificate Installation & User Guide For Class-2 Certificates.

Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.

A S I A P A C I F I C N E T W O R K I N F O R M A T I O N C E N T R E IEPG March 2000 APNIC Certificate Authority Status Report.

Digital Certificate Installation & User Guide For Class-2 Certificates.

Presentation to CES – Geneva – June 2005 Using Both Internet and Field Collection Methods for the 2006 Census of Population and Dwellings Statistics New.

Grid Computing, B. Wilkinson, 20045a.1 Security Continued.

Web Survey Implementation Innovations in Electronic Data Reporting: The Greenhouse Gas Emissions Project Pamela Best and Marc Gingras Operations Research.

Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.

SSL : An Overview Bruhadeshwar Bezawada International Institute of Information Technology, Hyderabad.

Using LastPass CONFIDENTIAL.  Great password management is impossible w/o a great tool  Auto-fill (hands-free login) will save you approximately 1 hour.

SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.

Steps to Recover Private Encryption Keys

Introduction to Online Data Collection (OLDC) Community Based Abstinence Education September, 2009.

Cross Platform Single Sign On using client certificates Emmanuel Ormancey, Alberto Pace Internet Services group CERN, Information Technology department.

Chief Information Officer Branch Gestion du dirigeant principal de l’information “We will have a world class public key infrastructure in place” Prime.

Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.

PKI Activities at Virginia January 2004 CSG Meeting Jim Jokl.

Exchange Network Key Management Services A Security Component February 28, 2005 The Exchange Network Node Mentoring Workshop.

WAP Public Key Infrastructure CSCI – Independent Study Fall 2002 Jaleel Syed Presentation No 5.

Canada’s 2006 Census Online Experience MSIS 2008 Luxembourg, April 7-9, 2008 Karen Doherty Director General Informatics Branch Statistics Canada.

STATISTICS CANADA – 2006 CENSUS Internet Response Option Presentation at UN Statistical Commission February 28, 2007.

16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.

Product and Technology News Georg Bommer, Inter-Networking AG (Switzerland)

Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.

Online Security Tuesday April 8, 2003 Maxence Crossley.

A S I A P A C I F I C N E T W O R K I N F O R M A T I O N C E N T R E 36th RIPE Meeting Budapest 2000 APNIC Certificate Authority Status Report.

Introduction to PKI Mark Franklin September 10, 2003 Dartmouth College PKI Lab.

CN1276 Server Kemtis Kunanuraksapong MSIS with Distinction MCTS, MCDST, MCP, A+

ISA 3200 NETWORK SECURITY Chapter 10: Authenticating Users.

MCDST : Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 15: Internet Explorer and Remote Connectivity Tools.

Configuring Active Directory Certificate Services Lesson 13.

Digital Signature Xiaoyan Guo/ Xiaohang Luo/

Public Key Infrastructure from the Most Trusted Name in e-Security.

Security using Encryption Security Features Message Origin Authentication - verifying that the sender is who he or she says they are Content Integrity.

Digital Certificates Public Key Deception Digital Certificates Certificate Authorities Public Key Infrastructures (PKIs)

Digital Certificate Installation & User Guide For Class - 2 Certificates.

Best Practices in Deploying a PKI Solution BIEN Nguyen Thanh Product Consultant – M.Tech Vietnam

Module 10: Designing an AD RMS Infrastructure in Windows Server 2008.

Session 11: Security with ASP.NET

Internet Security for Small & Medium Business Week 6

KX509: Leveraging Kerberos to Obtain Digital Certificates for Web Client Authentication University of Michigan Kevin Coffman Bill Doster.

Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®

Unit 1: Protection and Security for Grid Computing Part 2

Configuring Directory Certificate Services Lesson 13.

Copyright © First Option 2008 First Option WebCheck The 1st Option in IT.

USNSCC Instructions for Test Admin View this manual using Microsoft’s Internet Explorer. May not be compatible with other browsers To download this document.

Introduction to Public Key Infrastructure January 2004 CSG Meeting Jim Jokl.

One Platform, One Solution: eToken TMS 5.1 Customer Presentation November 2009.

Security, Authorisation and Authentication.

Shibboleth: An Introduction

Public Works and Government Services Canada Travaux publics et Services gouvernementaux Canada Brenda Watkins Director Policy and Business Strategies Information.

Security fundamentals Topic 5 Using a Public Key Infrastructure.

© Copyright 2009 SSLPost 01. © Copyright 2009 SSLPost 02 a recipient is sent an encrypted that contains data specific to that recipient the data.

Task Force CoRD Meeting / XML Security for Statistical Data Exchange Gregory Farmakis Agilis SA.

Presented by: Defense Manpower Data Center Access Card Office

U.S. Department of Agriculture eGovernment Program eAuthentication Initiative eAuthentication Solution Screens Review Meeting October 7, 2003.

July 19, Secure Messaging Models Co-existence and Interoperability Russell W. Chung New York, NY July 19, 2005.

Presented by: Harlow & Harlow, LLP

Setting and Upload Products

Simple Authentication for the Web

PAYMENT GATEWAY Presented by SHUJA ASHRAF SHAH ENROLL: 4471

AIM/education directory (Ed dir)

Authentication.

BASICS OF ELECTRONIC TIMEKEEPING

Installation & User Guide

Unit 8 Network Security.

The new EDAMIS and its security

Presentation transcript:

1 Using PKI for the Census MSIS 2004, Geneva Mel Turner, Lise Duquet Statistics Canada

2 2 Agenda Government of Canada common infrastructure Census of Population, Census of Agriculture –Business requirements –Security/Confidentiality requirements A new common service – SEAL (Session Encryption with Automated Login) –Attributes –Components –Application flows Why is SEAL appropriate for statistical data collection?

3 3 Business objectives Offer all Canadians the option to complete their Census forms using the Internet –Census of Population and Census of Agriculture are conducted every 5 years. –13.5 million households and farms in May Conduct a Census Dress Rehearsal – households and farms in May Target Internet take-up rate of 20% to 25% –Peak period on or around Census day. Provide the most secure way to connect Canadians to protect confidentiality of data.

4 4 Business requirements Simple and single-step access –Need to authenticate a form, not a person –No pre-registration required Convenient and ease of use –Accessible anytime, anywhere –Supported Web browsers –Ability to suspend and resume a session for long forms –Nothing left behind the user’s workstation Capable of securely handling large volumes –Highly visible application –Response window focused on “Census day”

5 5 Confidentiality requirements Confidentiality protection of data submitted on-line –PKI technology provides confidentiality and digital signature. –SEAL uses PKI for confidentiality protection only. Strong encryption using an anonymous PKI certificate –Bi-directional, end-to-end encryption. –Need to securely return instructions, sensitive data captured in a previous session or real-time updates to the user. Security interface transparent to the user –The steps taken by SEAL to maintain a secure session are invisible to the user.

6 6 SEAL Attributes Pool of anonymous PKI Certificates –PKI certificates bulk generated in advance. –PKI certificate recycled at the end of each session. –No user maintenance. Anonymous PKI User ID, Password and Distinguished Names (DN) –Automatic login and logoff from SEAL, invisible to the user Dedicated Certificate Authority –Not cross-certified with other authorities. End-to-end bi-directional encryption with Entrust ® TruePass 7.0

7 7 Census Login Attempt to access Census site Establish TruePass™ Frameset Prompt user for Access Code (printed on form) User enters Access Code Get encrypted Access Code and validate Reverse proxy confirmation Retrieve a random userid and auto-login Anonymous certificates Establish user session User completes Census Form User Browser Common PKI Infrastructure Census Application

8 8 User submits data TruePass™ applet encrypts user data (data remains encrypted until it reaches Census application) Data is decrypted using Statcan private key Response is processed (edit checks) User continues User Browser Common PKI Infrastructure Census Application Encrypt response using respondent public key Reverse proxy pass thru TruePass™ applet decrypts data transparently “Submit” On logout or timeout Userid and certificate are recycled Anonymous certificates

9 9 Re-use of SEAL? Designed as a “service”, not an application. Bi-directional encryption using anonymous PKI certificates. –Secure exchange of confidential or sensitive information on-line where the identity of the individual is not relevant. –Secure exchange of data based on an access code (e.g. e-file) –Secure online forms or e-transactions where there is a need to securely return real-time updates, approvals or instructions to the user. –Confidential (but not digitally signed) . Transparent certificate management to department –No individual data observed or retained by SEAL –No pre-registration; invisible and non-intrusive to the user –Ease of deployment.