Digital Certificate Operation in a Complex Environment Presentation to the IT Support Staff Conference 24 June 2004.

Slides:



Advertisements
Similar presentations
HCQ P MEDICARES HEALTH CARE QUALITY IMPROVEMENT PROGRAM QualityNet Exchange Dennis Stricker Director, Information Systems Group Office of Clinical Standards.
Advertisements

Introduction of Grid Security
Digital Certificate Operation in a Complex Environment Matthew J. Dovey Oxford University Computing Services.
Experiences with Massive PKI Deployment and Usage Daniel Kouřil, Michal Procházka Masaryk University & CESNET Security and Protection of Information 2009.
Grid Computing, B. Wilkinson, 20045a.1 Security Continued.
1 Lecture 17: SSL/TLS history, architecture basic handshake session initiation/resumption key computation negotiating cipher suites application: SET.
Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.
Grid Computing Basics From the perspective of security or An Introduction to Certificates.
Grid Security Infrastructure Tutorial Von Welch Distributed Systems Laboratory U. Of Chicago and Argonne National Laboratory.
Lecture 2: Security Rachana Ananthakrishnan Argonne National Lab.
Cross Platform Single Sign On using client certificates Emmanuel Ormancey, Alberto Pace Internet Services group CERN, Information Technology department.
23 Oct PKI for the Mystified Introduction to Public Key Infrastructure and Cryptography Ivaylo Kostadinov.
Http Web Authentication Web authentication is used to verify a users identity before allowing access to certain web pages On web browsers you get a login.
INFORMATION SYSTEMS SERVICES UNIVERSITY OF LEEDS Presentation to the UK e-Science Grid Workshop ‘Managing Access to Resources on the Grid’ e-Science Institute,
Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.
A case for Shibboleth and grid security: are we paranoid about identity? UK e-Science All Hands Meeting, 2006 Mark Norman 19 Sept 2006.
WAP Public Key Infrastructure CSCI – Independent Study Fall 2002 Jaleel Syed Presentation No 5.
An In-Depth Examination of PKI Strengths, Weaknesses and Recommendations.
TIES — Technologies for Information Environment Security Sandy Shaw University of Edinburgh.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.
An Introduction to Security Concepts and Public Key Infrastructure (PKI) Mary Thompson.
Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.
Summer School Certificates Diego Romano & Gilda Team.
Apr 22, 2003Mårten Trolin1 Agenda Course high-lights – Symmetric and asymmetric cryptography – Digital signatures and MACs – Certificates – Protocols Interactive.
03 December 2003 Digital Certificate Operation in a Complex Environment Consultation/Stakeholders Meeting 3 December 2003.
03 December 2003 Digital Certificate Operation in a Complex Environment Report from Consultation/Stakeholders Meeting of 3 December 2003.
Encryption An Overview. Fundamental problems Internet traffic goes through many networks and routers Many of those networks are broadcast media Sniffing.
Presented by Xiaoping Yu Cryptography and PKI Cosc 513 Operating System Presentation Presented to Dr. Mort Anvari.
Copyright © B. C. Neuman, - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Fall Security Systems Lecture notes Dr.
03 December 2003 Digital Certificate Operation in a Complex Environment Presentation as part of the Digital Projects in Oxford series 4 February 2004.
Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE CSci530: Computer Security Systems Authentication.
03 December 2003 Public Key Infrastructure and Authentication Mark Norman DCOCE Oxford University Computing Services.
Security on the Internet Jan Damsgaard Dept. of Informatics Copenhagen Business School
SSL (Secure Socket Layer) and Secure Web Pages Rob Sodders, University of Florida CIS4930 “Advanced Web Design” Spring 2004
Public Key Infrastructure from the Most Trusted Name in e-Security.
Public Key Infrastructure Ammar Hasayen ….
Virginia Tech Overview of Tech Secure Enterprise Technology Initiatives e-Provisioning Group Frank Galligan Fed/Ed.
Cryptography 101 Frank Hecker
Alpha Five User Group, Bill Parker, SSL Security and WAS, July 2007 SSL Security with Alpha Five App Server Protecting sensitive or personal data.
Digital Certificates Public Key Deception Digital Certificates Certificate Authorities Public Key Infrastructures (PKIs)
CRYPTOGRAPHY PROGRAMMING ON ANDROID Jinsheng Xu Associate Professor North Carolina A&T State University.
魂▪創▪通魂▪創▪通 Use Case and Requirement for Future Work Sangrae Cho Authentication Research Team.
Lecture 12 Electronic Business (MGT-485). Recap – Lecture 11 E-Commerce Security Environment Security Threats in E-commerce Technology Solutions.
F. Guilleux, O. Salaün - CRU Middleware activities in French Higher Education.
Lecture 19 Page 1 CS 111 Online Symmetric Cryptosystems C = E(K,P) P = D(K,C) E() and D() are not necessarily the same operations.
KX509: Leveraging Kerberos to Obtain Digital Certificates for Web Client Authentication University of Michigan Kevin Coffman Bill Doster.
NENA Development Conference | October 2014 | Orlando, Florida Security Certificates Between i3 ESInet’s and FE’s Nate Wilcox Emergicom, LLC Brian Rosen.
© FPT SOFTWARE – TRAINING MATERIAL – Internal use 04e-BM/NS/HDCV/FSOFT v2/3 Securing a Microsoft ASP.NET Web Application.
Certificate-Based Operations. Module Objectives By the end of this module participants will be able to: Define how cryptography is used to secure information.
Security Overview  System protection requirements areas  Types of information protection  Information Architecture dimensions  Public Key Infrastructure.
Building Security into Your System Bill Major Gregory Ponto.
PKI Activities at Virginia September 2000 Jim Jokl
The Distribution Online Vending Pilot Project Demo Testing Certificate Management Kennedy P Subramoney 23 July 2004.
Oxford University e-Science Centre 1 Managing Access 4 Dec Managing Access to Resources on the Grid 4 December 2002.
Leveraging Campus Authentication for Grid Scalability Jim Jokl Marty Humphrey University of Virginia Internet2 Meeting April 2004.
Encryption. Introduction The incredible growth of the Internet has excited businesses and consumers alike with its promise of changing the way we live.
Belgian EID Card 15/12/2004 Derette Willy eID program manager.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.
Key Management. Authentication Using Public-Key Cryptography  K A +, K B + : public keys Alice Bob K B + (A, R A ) 1 2 K A + (R A, R B,K A,B ) 3 K A,B.
© Copyright 2009 SSLPost 01. © Copyright 2009 SSLPost 02 a recipient is sent an encrypted that contains data specific to that recipient the data.
EGI-InSPIRE RI Grid Training for Power Users EGI-InSPIRE N G I A E G I S Grid Training for Power Users Institute of Physics Belgrade.
X509 Web Authentication From the perspective of security or An Introduction to Certificates.
This courseware is copyrighted © 2016 gtslearning. No part of this courseware or any training material supplied by gtslearning International Limited to.
Setting and Upload Products
How to Check if a site's connection is secure ?
Using SSL – Secure Socket Layer
Public Key Infrastructure from the Most Trusted Name in e-Security
Building Security into Your System
National Trust Platform
Presentation transcript:

Digital Certificate Operation in a Complex Environment Presentation to the IT Support Staff Conference 24 June 2004

24 July Digital Certificate Operation in a Complex Environment What a mouthful. …bless you! What are we trying to do? –“To provide a detailed implementation and evaluation report of 'real world' digital certificate services at the University of Oxford” Attempt to learn from the experience of others Development/implementation of, a public key infrastructure… Evaluations Dissemination

24 July This talk The staff The aims What ARE digital certificates? Summary of PKI What have we done so far? Requirements and challenges The architecture Demonstration of our certificate request/issuing system Appeal for help!

24 July Staff Project team: –Project Manager: Mark Norman –Evaluators: Alun Edwards (OUCS), Johanneke Sytsema (SERS) –Systems Developer: Christian Fernau Project Board: –Mike Fraser/Paul Jeffreys (Co-Project Directors) –Frances Boyle (SERS)

24 July The aims (in short…) Use digital certificates for authentication at Oxford (and elsewhere) –Involves ‘building’ a PKI and –making some services ‘certificate aware’ Look at usability and issuing mechanisms –Registration, renewal, revocation etc. Have an open mind about the success –Maybe balance the high security (potential) with ease of use/implementation… …pragmatism?

24 July What ARE digital certificates? Lots of jargon: –X.509 –Public key infrastructure –Signing, encryption, hashes Where have you seen them before? –Secure Sockets Layer (SSL) –(DCOCE is about personal certificates) But what are they? –Little bits of digital information that are signed by a trusted authority

24 July And how do they work?

24 July But what is DCOCE interested in? Authentication (Unfortunately, not signing or encryption) Hello Mary had a little lamb Web server End user Mary had a little lamb Mary had a little lamb Mary had a little lamb OK. The server is happy that the end user is a holder of a genuine Oxford certificate!

24 July PKI – certificate issuing and use

24 July What are the real challenges? Usability, usability, usability –Concepts (currently) are too complex for most end users –Need to help them guard their private key –Disincentives against doing silly things e.g. our Local Institution Certificate Store (LICS) Browser support isn’t brilliant Moving from machine to machine So why not keep your certificate and private key on a central server, protected by a password!?!?!

24 July What have we done? Consultation – to refine our requirements Looked at registration information flow –And how we expect it could work in the future Architecture design – as per requirements Very nearly finished most parts of development

24 July What have we done wrong? Anonymity/pseudonymity –Have we exaggerated this as a requirement?

24 July A quick indication of the ‘requirements’ Basic level assurance –For most University users –Medium level for the Grid and others How to scale the registration –Trusting the registration servers –Generating keys locally –Being secure Mobility problems –Save certs and private keys on a central server? –Or use ‘devices’?

24 July And the real challenges are Oxford pilot/feasibility vs. production (a ‘system for HE/FE generally’) Getting users, and giving them something to play with –i.e. letting them use their certificate to authenticate to something useful Having to ‘ignore’ signing and encryption possibilities –(revocation problems with these)

24 July Architecture summary

24 July A quick demonstration of our prototype i3oofmj1v To end

24 July Requesting a certificate Includes a fair amount of help text And guidelines for good quality pass phrases

24 July The Registration Authority

24 July Downloading your certificate

24 July We need help! ITSS can really help us! We need: –Volunteers to be certificate users this summer* –Volunteers for ‘local’ RAs –Applications/web servers that need authentication * planned going live date for ITSS staff is 20 th July 2004 (we hope to involve more ‘end users’ in Sept and Oct)

More information at

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.