PKI Activities at Virginia September 2000 Jim Jokl

Slides:

Advertisements

Similar presentations

Smart Certificates: Extending X.509 for Secure Attribute Service on the Web October 1999 Joon S. Park, Ph.D. Center for Computer High Assurance Systems.

Advertisements

Experiences with Massive PKI Deployment and Usage Daniel Kouřil, Michal Procházka Masaryk University & CESNET Security and Protection of Information 2009.

PKI Solutions: Buy vs. Build David Wasley, U. California (ret.) Jim Jokl, U. Virginia Nick Davis, U. Wisconsin.

May 06, 2002 Getting Started with Digital Certificates: Is PKI-Lite Real PKI? Internet2 Spring Meeting 2002 Wash, DC.

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.

EDUCAUSE 2001, Indianapolis IN Securing e-Government: Implementing the Federal PKI David Temoshok Federal PKI Policy Manager GSA Office of Governmentwide.

KIERAN JACOBSEN HP Understanding PKI and Certificate Services Gold Sponsors Silver Sponsors.

1st Expert Group Meeting (EGM) on Electronic Trade-ECO Cooperation on Trade Facilitation May 2012, Kish Island, I.R.IRAN.

Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.

HEPKI-TAG Activities January 2002 CSG Meeting Jim Jokl

1 HEPKI-TAG Update EDUCAUSE/Dartmouth PKI Summit July 26, 2005 Jim Jokl University of Virginia.

Password?. Project CLASP: Common Login and Access rights across Services Plan

Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.

PKI Activities at Virginia January 2004 CSG Meeting Jim Jokl.

DESIGNING A PUBLIC KEY INFRASTRUCTURE

Password?. Project CLASP: Common Login and Access rights across Services Plan

PKI: News from the Front and views from the Back Ken Klingenstein, Project Director, Internet2 Middleware Initiative Chief Technologist, University of.

Sentry: A Scalable Solution Margie Cashwell Senior Sales Engineer Sept 2000 Margie Cashwell Senior Sales Engineer

Dartmouth PKI Deployment Robert Brentrup PKI Summit July 14, 2004.

The PKI Lab at Dartmouth. Dartmouth PKI Lab R&D to make PKI a practical component of a campus network Multi-campus collaboration sponsored by the Mellon.

Dr. Sarbari Gupta Electrosoft Services Tel: (703) Security Characteristics of Cryptographic.

Introduction to PKI Mark Franklin September 10, 2003 Dartmouth College PKI Lab.

Copyright, 1996 © Dale Carnegie & Associates, Inc. Digital Certificates Presented by Sunit Chauhan.

Identity Management and PKI Credentialing at UTHSC-H Bill Weems Academic Technology University of Texas Health Science Center at Houston.

PKI-Enabled Applications That work! Linda Pruss Office of Campus Information Security

CAMP - June 4-6, Copyright Statement Copyright Robert J. Brentrup and Mark J. Franklin This work is the intellectual property of the authors.

1 USHER Update Fed/ED December 2007 Jim Jokl University of Virginia.

1 11 th Fed/Ed PKI Meeting Some quick updates from recent HEPKI-TAG and SURA work Jim Jokl

9/20/2000www.cren.net1 Root Key Cutting and Ceremony at MIT 11/17/99.

PKI Network Authentication Dartmouth Applications Robert Brentrup Educause/Dartmouth PKI Summit July 27, 2005.

Public Key Infrastructure from the Most Trusted Name in e-Security.

Technical Issues that Challenge PKI Deployments Jim Jokl University of Virginia PKI Meeting August 12, 2004.

Virginia Tech Overview of Tech Secure Enterprise Technology Initiatives e-Provisioning Group Frank Galligan Fed/Ed.

May 30 th – 31 st, 2006 Sheraton Ottawa. Microsoft Certificate Lifecycle Manager Saleem Kanji Technology Solutions Professional - Windows Server Microsoft.

Deploying a Certification Authority for Networks Security Prof. Dr. VICTOR-VALERIU PATRICIU Cdor.Prof. Dr. AUREL SERB Computer Engineering Department Military.

1 PKI Update September 2002 CSG Meeting Jim Jokl

PKI 150: PKI Parts Policy & Progress Part 2 Jim Jokl University of Virginia David Wasley University of California.

Security Directions - Release 6 and beyond SearchDomino.com Webcast Patricia Booth Security and Directory Product Management 9/25/02.

Introduction to Secure Messaging The Open Group Messaging Forum April 30, 2003.

NECTEC-GOC CA APGrid PMA face-to-face meeting. October, Sornthep Vannarat National Electronics and Computer Technology Center, Thailand.

NENA Development Conference | October 2014 | Orlando, Florida Security Certificates Between i3 ESInet’s and FE’s Nate Wilcox Emergicom, LLC Brian Rosen.

HEPKI-TAG UPDATE Jim Jokl University of Virginia

1 PKI & USHER/HEBCA Fall 2005 Internet2 Member Meeting Jim Jokl September 21, 2005.

Configuring Directory Certificate Services Lesson 13.

DataGrid WP6 CA meeting, CERN, 12 December 2002 IISAS Certification Authority Jan Astalos Department of Parallel and Distributed Computing Institute of.

CAMP PKI UPDATE August 2002 Jim Jokl

Digital Signatures A Brief Overview by Tim Sigmon April, 2001.

1 Introduction to Microsoft Windows 2000 Windows 2000 Overview Windows 2000 Architecture Overview Windows 2000 Directory Services Overview Logging On to.

Introduction to Public Key Infrastructure January 2004 CSG Meeting Jim Jokl.

1 7 th CACR Information Workshop Vulnerabilities of Multi- Application Systems April 25, 2001 MAXIMUS.

Public Key Infrastructure (X509 PKI) Presented by : Ali Fanian

Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®

John Douglass, Developer Ron Hutchins, Dir. Engineering Herbert Baines, Dir. InfoSec.

© 2003 The MITRE Corporation. All rights reserved For Internal MITRE Use Addressing ISO-RTO e-MARC Concerns: Clarifications and Ramifications Response.

Leveraging Campus Authentication for Grid Scalability Jim Jokl Marty Humphrey University of Virginia Internet2 Meeting April 2004.

“Trust me …” Policy and Practices in PKI David L. Wasley Fall 2006 PKI Workshop.

Security fundamentals Topic 5 Using a Public Key Infrastructure.

Creating and Managing Digital Certificates Chapter Eleven.

Bridge Certification Architecture A Brief Overview by Tim Sigmon May, 2000.

Copyright Statement Copyright Robert J. Brentrup This work is the intellectual property of the author. Permission is granted for this material to.

Exploring Access to External Content Providers with Digital Certificates University of Chicago Team Charles Blair James Mouw.

X509 Web Authentication From the perspective of security or An Introduction to Certificates.

29 th EUGridPMA meeting, September 2013, Bucharest AEGIS Certification Authority Dušan Radovanović University of Belgrade Computer Centre.

Secure Enterprise Technology Initiatives e-Provisioning Group

OpenCA Maria Lizarraga.

جايگاه گواهی ديجيتالی در ايران

Public Key Infrastructure from the Most Trusted Name in e-Security

Fed/ED December 2007 Jim Jokl University of Virginia

September 2002 CSG Meeting Jim Jokl

BG.ACAD CA Self-audit report 2018

Presentation transcript:

PKI Activities at Virginia September 2000 Jim Jokl

Campus PKI Deployment l Targeted functions »UVa E-forms –Authentication / Signing? »Web applications –authentication –student mock election »S/MIME »Oracle ERP l Focus on Authentication and not Authorization

CA Plans l Standard Assurance CA »Easy to obtain cert »No serious business applications »Simple policy, practices, and subscriber agreement l High Assurance CA »Hard to obtain certificate »Good for business apps, grades, etc »Authentication, signing only »More complicated policy, practices, and subscriber agreement l Now: an Anonymous CA too

Standard Assurance CA l Authentication: »Last Name, DoB, ID Number, Password on one of our major systems l Lifespan: »Faculty/Staff – one year »Students – mid-September of next year »Non-degree Continuing Education – end of semester l Uses: S/MIME, Web Auth, Library, some business apps, etc

High Assurance CA (Less Defined at Present) l Authentication: »Same as above, plus »RA function – some form(s) of ID checked l Lifespan: longer – a few years l Likely to require hardware token l Applications: »All of above plus ERP, real business transactions, grades, etc

Anonymous CA l Authentication: »Use any UVa certificate to authenticate l Truly anonymous – we keep no records l No way to revoke certificate l Lifespan: short (weeks)

Technical Infrastructure l Open source solution: OpenSSL on Solaris l Web site walks user through downloading root certificate l Apache Web authentication module l Publish into LDAP directory l mySQL database for cert store l Demo Apps: authentication, Home Directory browser, form signing

Technical Infrastructure Profile & Hierarchy l Profile »Use DC= naming for Issuer and Subject »Left E= in Subject and Issuer fields l CA Hierarchy »UVa Main »UVa Annual »EE Certificates

Technical Infrastructure Protection of Private Keys l UVa Main private key »Linux box – no network interface, removable hard disk, CD burner »Access only by two or more “systems” staff »Stored in vault - under non-IT control, logged, etc l UVa Annual private key »Locked rack in secure, manned machine room »All possible network services disabled »Two “systems” staff required for access »All access logged by operators

Technical Infrastructure Hardware Tokens and Issues l Hardware token work (mobility) »Smart cards, iButtons »Card services RFP »Biometrics l Browser timeout of password for key store for authentication and signing l Oracle ERP versions l Library concern about users l Dual keys, encryption, and the Standard Assurance CA

Project Team - Cost l Technical l Support staff & Publications l Non-central computing »library & sponsored programs »Audit Department l Overall methodology helps »User documentation »Subscriber agreements »Policy and Practices statements l Probably 1½ person years to date