Communications-Electronics Security Group. PKI interoperability issues for UK Government … again Richard Lampard

Slides:

Advertisements

Similar presentations

Get Started in e-Business. Aim This presentation is prepared to support and give a general overview of the ‘How to Get Started in e-Business’ Guide and.

Advertisements

Cross Platform Single Sign On using client certificates Emmanuel Ormancey, Alberto Pace Internet Services group CERN, Information Technology department.

The Community Authorisation Service – CAS Dr Steven Newhouse Technical Director London e-Science Centre Department of Computing, Imperial College London.

DESIGNING A PUBLIC KEY INFRASTRUCTURE

1 Authentication Applications Digital Signatures Security Concerns X.509 Authentication Service Kerberos Based on slides by Dr. Lawrie Brown of the Australian.

Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.

Cryptography1 CPSC 3730 Cryptography Chapter 10 Key Management.

Prototyping. CS351 - Software Engineering (AY2004)2 Scenario Customer: “We would like the word processor to check the spelling of what is typed in. We.

Introduction To Windows NT ® Server And Internet Information Server.

S/MIME and PKI Dartmouth College PKI Lab. What Is S/MIME? RFC 2633 (S/MIME Version 3)RFC 2633 Extensions to MIME Uses PKI certificates, keys, and.

Cryptography and Network Security Chapter 10. Chapter 10 – Key Management; Other Public Key Cryptosystems No Singhalese, whether man or woman, would venture.

Vendor Management for Critical Access Hospitals Provided By: The National Learning Consortium (NLC) Developed By: Health Information Technology Research.

The Crown and Suppliers: A New Way of Working Ways of Working14:20 – 15:05 Data Standards Open Source ICT Asset & Service Knowledgebase Agile Q&A Session.

Secure Electronic Transactions (SET). SET SET is an encryption and security specification designed to protect credit card transactions on the Internet.

Cryptography 101 Frank Hecker

Deploying a Certification Authority for Networks Security Prof. Dr. VICTOR-VALERIU PATRICIU Cdor.Prof. Dr. AUREL SERB Computer Engineering Department Military.

S/MIME and CMS Presentation for CSE712 By Yi Wen Instructor: Dr. Aidong Zhang.

CompSci 230 Software Design and Construction

Equal Partners The supply side view of the public sector.

E-Commerce Security Technologies : Theft of credit card numbers Denial of service attacks (System not availability ) Consumer privacy (Confidentiality.

Technical Working Group June 2001 Andrew Nash Steve Lloyd.

Lecture 23 Internet Authentication Applications modified from slides of Lawrie Brown.

Standards and innovation What is a standard? How do standards promote innovation? What is the role of governments and the UN?

HEPKI-TAG UPDATE Jim Jokl University of Virginia

Network Security Lecture 26 Presented by: Dr. Munam Ali Shah.

2014 e-ISuite CTSP Presentation 2014 e-ISuite CTSP Presentation.

E-Commerce Security Professor: Morteza Anvari Student: Xiaoli Li Student ID: March 10, 2001.

Chapter 23 Internet Authentication Applications Kerberos Overview Initially developed at MIT Software utility available in both the public domain and.

Certificate revocation list

Co Chairs C. W. Goldsmith University of Alabama at Birmingham David L. Wasley University of California Office of the President.

Simplify and Strengthen Security with Oracle Application Server Allan L Haensgen Senior Principal Instructor Oracle Corporation Session id:

Communications-Electronics Security Group. PKI interoperability issues for UK Government Richard Lampard

JSPG: User-level Accounting Data Policy David Kelsey, CCLRC/RAL, UK LCG GDB Meeting, Rome, 5 April 2006.

Secure Messaging Workshop The Open Group Messaging Forum February 6, 2003.

Cryptography and Network Security (CS435) Part Eight (Key Management)

12-July-2006IETF 66, Montreal1 Implementation Experience with a New Wireless EAP Method David Mitton RSA Security, Inc.

1 DCS 835 – Computer Networking and the Internet Digital Certificate and SSL (rev ) Team 1 Rasal Mowla (project leader) Alvaro Restrepo, Carlos.

Harshavardhan Achrekar - Grad Student Umass Lowell presents 1 Scenarios Authentication Patterns Direct Authentication v/s Brokered Authentication Kerberos.

Implementation of Supply Chain Management Rachel Butler Environmental Manager Finnforest UK.

1. 2 Overview In Exchange security is managed by assigning permissions in Active Directory Exchange objects are secured with DACL and ACEs Permissions.

SWEB SWEB Security and Privacy Technologies – Implementation Aspects Venue:SWEB Day in APV, Novi Sad Author(s):Dr. Milan Marković Organisations:MISANU.

Chapter 3 (B) – Key Management; Other Public Key Cryptosystems.

By Umair Ali. Dec 2004Version 1 -PKI - a security architecture – over the internet. -Provides an increased level of confidence for exchanging information.

Security Vulnerabilities Linda Cornwall, GridPP15, RAL, 11 th January 2006

Creating Ministry Ownership of the Software Development Process Jeffrey Wood Information Systems Director Compassion International ICCM June 1997.

© 2003 The MITRE Corporation. All rights reserved For Internal MITRE Use Addressing ISO-RTO e-MARC Concerns: Clarifications and Ramifications Response.

Health eDecisions Use Case 2: CDS Guidance Service Strawman of Core Concepts Use Case 2 1.

Matej Bel University Cascaded signatures Ladislav Huraj Department of Computer Science Faculty of Natural Sciences Matthias Bel University Banska Bystrica.

Protocols for public-key management. Key management –two problems Distribution of public keys (for public- key cryptography) Distribution of secret keys.

“Trust me …” Policy and Practices in PKI David L. Wasley Fall 2006 PKI Workshop.

User Interface Requirement for the Internet X.509 PKI Jaeho Yoon (on behalf of Tae K. Choi) KOREA INFORMATION SECURITY AGENCY August 4, 2004.

Creating and Managing Digital Certificates Chapter Eleven.

E-SIGNED DocFlow SYSTEM in GEORGIAN FINANCIAL SECTOR NANA ENUKIDZE – E-Business Development Consultant.

Lecture 9 Overview. Digital Signature Properties CS 450/650 Lecture 9: Digital Signatures 2 Unforgeable: Only the signer can produce his/her signature.

Cryptography and Network Security Chapter 10 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.

1 Public Key Infrastructure Rocky K. C. Chang 6 March 2007.

1 Chapter 3-3 Key Distribution. 2 Key Management public-key encryption helps address key distribution problems have two aspects of this: –distribution.

EMI is partially funded by the European Commission under Grant Agreement RI Common Authentication Library Daniel Kouril, for the CaNL PT EGI CF.

Pertemuan #8 Key Management Kuliah Pengaman Jaringan.

Data and Applications Security Developments and Directions

Cryptography and Network Security

刘振上海交通大学计算机科学与工程系电信群楼3-509

Secure Electronic Transactions (SET)

刘振上海交通大学计算机科学与工程系电信群楼3-509

Cryptography and Network Security

Presentation transcript:

Communications-Electronics Security Group

PKI interoperability issues for UK Government … again Richard Lampard

… or, The triumphant return of Richard Lampard! Richard Lampard

… or, Oh dear, Lisa must really be scraping the barrel. Richard Lampard

Structure 1.Quick introduction 2.Why is interoperability crucial? 3.ALICE 4.Vendor interoperability trial 5.Summary

1.Quick introduction Communications-Electronics Security Group –a government agency –UK national Infosec authority –operates on a cost-recovery basis –aims to encourage adoption of PKI and related technologies by UK government, the armed forces and wider public sector Capitalising on the UK’s Sigint knowledge base, we will help to protect the nation’s security and safety, and deny foreign Sigint success

2.Why is interoperability crucial? CA Repository TSP

2.Why is interoperability crucial? Encoding –DER versus BER –GeneralizedTime vs UTCTime –DN ordering –Base 64 vs ASN.1 –PrintableString vs TeletextString –RFC 822 address included in DN

2.Why is interoperability crucial? Implementation problems –misinterpretations of standards, crass mistakes, incorrect assumptions, or “short cuts” –ASN.1 compiler bugs –arbitrary or machine limitations e.g. serial number length –inability to deal with incorrect or unexpected behaviour e.g. bad certification requests

2.Why is interoperability crucial? Directories (gulp!) –inability to use same Directory –schema clashes Proprietary private key token formats

2.Why is interoperability crucial? Client CA Repository

2.Why is interoperability crucial? Client CA Repository

3.ALICE Test level of interoperability provided by national implementations of international and NATO standards Hence, reduce risk to national procurements and developments

3.ALICE

STANAG 4406 interoperability

3.ALICE STANAG 4406 PCT with basic certificate exchange

3.ALICE STANAG 4406 S/MIME and basic certificate exchange

3.ALICE STANAG 4406 S/MIME and full PKI support

3.ALICE SMTP S/MIME and full PKI support

3.ALICE

4.Vendor interoperability trial Previous interoperability work attracted some criticism –we didn’t always have most up to date version or based on beta code –not enough vendor involvement –test scenario did not present a level playing field

4.Vendor interoperability trial Invite vendors to participate Agree scenario Agree config- uration Internet dry run Assemble testbed Bake-off Open to HMG users!

4.Vendor interoperability trial Why are we doing this? –give vendors the chance to prove their claims –… or enough rope to show otherwise –provides an up to date view of interoperability for products out of the box –shows CESG’s commitment to working with multiple vendors –shows CESG’s departmental customers the state of play –does anyone want to play?

5.Summary Lack of interoperability will still be a major problem for UK Government Key HMG efforts: –ALICE –vendor interoperability trial –and of course, participation in PKI Forum

5.Summary PKI is done neither for personal acclaim (because the applications get all the glory), nor for financial gain (if you’re a civil servant). Therefore, CESG PKI experts must be the purest form of security consultant. Discuss.

Communications-Electronics Security Group