EuroPKI Antonio Lioy Politecnico di Torino Dip. Automatica e Informatica.

Slides:

Advertisements

Similar presentations

New Security Services Based on PKI

Advertisements

PKI Strategy PKI Requirements Standard –Based on e-MARC or other Certificate Policy Statements –Specify key aspects that must be met by CA Cert format.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

1st Expert Group Meeting (EGM) on Electronic Trade-ECO Cooperation on Trade Facilitation May 2012, Kish Island, I.R.IRAN.

1 eID validations services Houcine Bel Mamoune Unit manager eID Technical Drill down Session 7 April 2005.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

Geneva, Switzerland, 2 June 2014 Introduction to public-key infrastructure (PKI) Erik Andersen, Q.11 Rapporteur, ITU-T Study Group 17 ITU Workshop.

Chapter 9 Deploying IIS and Active Directory Certificate Services

Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.

Security+ Guide to Network Security Fundamentals, Third Edition Chapter 12 Applying Cryptography.

PKI Activities at Virginia January 2004 CSG Meeting Jim Jokl.

Windows Vista And Longhorn Server PKI Enhancements Avi Ben-Menahem Lead Program Manager Windows Security Microsoft Corporation.

Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.

APNIC Trial of Certification of IP Addresses and ASes RIPE 52 Plenary George Michaelson Geoff Huston.

Can PKI be made simple enough to be used by non-experts? Signature formats and context Antonio Lioy ( polito.it ) Politecnico di Torino Dip. Automatica.

CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.

Chapter 11: Active Directory Certificate Services

CMSC 414 Computer and Network Security Lecture 19 Jonathan Katz.

CN1276 Server Kemtis Kunanuraksapong MSIS with Distinction MCTS, MCDST, MCP, A+

CERTIFICATES “a document containing a certified statement, especially as to the truth of something ”

Copyright, 1996 © Dale Carnegie & Associates, Inc. Digital Certificates Presented by Sunit Chauhan.

CN2140 Server II Kemtis Kunanuraksapong MSIS with Distinction MCT, MCITP, MCTS, MCDST, MCP, A+

S/MIME and PKI Dartmouth College PKI Lab. What Is S/MIME? RFC 2633 (S/MIME Version 3)RFC 2633 Extensions to MIME Uses PKI certificates, keys, and.

Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning, Microsoft.

9/20/2000www.cren.net1 Root Key Cutting and Ceremony at MIT 11/17/99.

Online AAI José A. Montenegro GISUM Group Security Information Section University of Malaga Malaga (Spain) Web:

Virginia Tech Overview of Tech Secure Enterprise Technology Initiatives e-Provisioning Group Frank Galligan Fed/Ed.

Wolfgang Schneider NSI: A Client-Server-Model for PKI Services.

Building trust in networking in Newly Associated States through the use of secure information society technologies Aleksej Jerman Blazic TELEBALT 2002.

1 Lecture 11 Public Key Infrastructure (PKI) CIS CIS 5357 Network Security.

OpenVPN OpenVPN: an open source, cross platform client/server, PKI based VPN.

Securing Data at the Application Layer Planning Authenticity and Integrity of Transmitted Data Planning Encryption of Transmitted Data.

Introduction to Secure Messaging The Open Group Messaging Forum April 30, 2003.

1 San Diego, California 25 February Securing Routing: RPKI Overview Mark Kosters Chief Technology Officer.

Johnson & Johnson’s Public Key Infrastructure Bob Stahl

Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.

Public Key Infrastructure (X509 PKI) Presented by : Ali Fanian.

EuroPKI Antonio Lioy Politecnico di Torino Dip. Automatica e Informatica.

Configuring Directory Certificate Services Lesson 13.

Certificate revocation list

Digital Signatures A Brief Overview by Tim Sigmon April, 2001.

CERTIFICATES. What is a Digital Certificate? Electronic counterpart to a drive licenses or a passport. Enable individuals and organizations to secure.

Module 9: Fundamentals of Securing Network Communication.

Maintaining Network Health. Active Directory Certificate Services Public Key Infrastructure (PKI) Provides assurance that you are communicating with the.

Module 9: Designing Public Key Infrastructure in Windows Server 2008.

Public Key Infrastructure (X509 PKI) Presented by : Ali Fanian

IST E-infrastructure shared between Europe and Latin America ULAGrid Certification Authority Vanessa Hamar Universidad de Los.

Who’s watching your network The Certificate Authority In a Public Key Infrastructure, the CA component is responsible for issuing certificates. A certificate.

Online Certificate Status Protocol ‘OCSP’ Dave Hirose July Outline: What is OCSP? Digital Signatures Certificate Revocation List Technical aspects.

PKI: News from the Front and views from the Back Ken Klingenstein, Project Director, Internet2 Middleware Initiative Chief Technologist, University of.

“Trust me …” Policy and Practices in PKI David L. Wasley Fall 2006 PKI Workshop.

PKI Future Directions 29 November 2001 Russ Housley RSA Laboratories CS – Class of 1981.

Security fundamentals Topic 5 Using a Public Key Infrastructure.

Module 2: Introducing Windows 2000 Security. Overview Introducing Security Features in Active Directory Authenticating User Accounts Securing Access to.

Some Technical Issues in PKI Deployment David Chadwick

Active Directory. Computers in organizations Computers are linked together for communication and sharing of resources There is always a need to administer.

1 Public Key Infrastructure Dr. Rocky K. C. Chang 25 February, 2002.

8-Mar-01D.P.Kelsey, Certificates, WP6, Amsterdam1 WP6: Certificates for DataGrid Testbeds David Kelsey CLRC/RAL, UK

Revocation in WebPKI Phill Hallam-Baker Comodo. Standards intersection PKIX OTHER.

Maintaining Network Health Lesson 10. Active Directory Certificates Services 2 A component of Microsoft Identity Lifecycle Management (ILM) ILM allow.

Digital Certificates Presented by: Matt Weaver. What is a digital certificate? Trusted ID cards in electronic format that bind to a public key; ex. Drivers.

Cryptography and Network Security

Secure Enterprise Technology Initiatives e-Provisioning Group

کاربرد گواهی الکترونیکی در سیستمهای کاربردی (امضای دیجیتال)

Security in ebXML Messaging

زير ساخت كليد عمومي و گواهي هويت

Public-Key Certificates

جايگاه گواهی ديجيتالی در ايران

Resource Certificate Profile

National Trust Platform

Presentation transcript:

EuroPKI Antonio Lioy Politecnico di Torino Dip. Automatica e Informatica

secure Web secure secure remote access secure VPN secure DNS X.509 certificate secure routing The Copernican revolution Win2000 security secure boot no viruses & Trojan horses IP security

Background n ICE-TEL project ( ) n ICE-CAR project ( ) n various national projects ( ) n since January 1, 2000: EuroPKI

EuroPKI EuroPKI TLCA Politecnico di Torino CA City of Rome CA people servers EETIC CA EuroPKI Slovenia EuroPKI Italy EuroPKI Norway

Current status n root + n AT (IAIK) n IE (TCD) n IT (POLITO) n Italian tree, with 4 City Halls n integration with the Italian identity chip-card n NO will retire on Dec 31, 2000 n SI (IJS) n Slovenian tree n UK (UCL)

EuroPKI services n certification n revocation n publication n data validation n competence centre

Certification n X.509v3 certificates n global CP (Certification Policy) n local CPS (Certification Practice Statement)

Certification policy n current draft: n 28 pages n based on RFC-2527 (with extensions) n basic idea: n be as little restrictive as possible to allow anybody to join... n... while retaining a level of security useful for practical applications

CP requirements n personal identification of the subject n secure management of the CA n periodic publication of CRL

Applications supported n Web: n SSL/TLS n signed applets n SSL-based applications: n telnet, FTP, SMTP, POP, IMAP,... n n S/MIME n IPsec (via SCEP) n DNS (?)

Publication n certificates and CRLs n Web servers: n for humans n directory server: n for applications n LDAP (local) directories n X.500 (global) directory n X.521 schema

Revocation n CRL (Certificate Revocation List) n cumulative list of revoked certificates n issued periodically n updated as needed n OCSP (On-Line Certificate Status Protocol): n “is this cert valid now?” n unknown, valid, invalid

Time-stamping n proof of data existence at a given date n IETF-PKIX-TSP-draft-12 n TSP server (Win32, Unix) n TSP client (GUI for Win32, shell for Unix) TSP server

Attribute certificate where should I put additional infos related to a certificate? in a directory, or in an attribute certificate (draft-ietf-pkix-ac509prof) in a directory, or in an attribute certificate (draft-ietf-pkix-ac509prof) inside the certificate, in order to keep all data together

Next steps n GARR PKI n European digital signature law n CDSA n automatic policy negotiation

Future n I have a dream... n... a pan-european open and public PKI to enable network security EuroPKI?