Providing secure mobile access to information servers with temporary certificates Diego R. López

Slides:

Advertisements

Similar presentations

Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.

Advertisements

MyProxy: A Multi-Purpose Grid Authentication Service

SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.

Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.

Lecture 23 Internet Authentication Applications

Chapter 5 Network Security Protocols in Practice Part I

Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.

Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.

DESIGNING A PUBLIC KEY INFRASTRUCTURE

Kerberos and PKI Cooperation Daniel Kouřil, Luděk Matyska, Michal Procházka Masaryk University AFS & Kerberos Best Practices Workshop 2006.

Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.

16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.

Security Overview Hofstra University University College for Continuing Education - Advanced Java Programming Lecturer: Engin Yalt May 24, 2006.

Real-Time Authentication Using Digital Signature Schema Marissa Hollingsworth BOISECRYPT ‘09.

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 5 Database Application Security Models.

Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.

Mar 4, 2003Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities.

Key Management public-key encryption helps address key distribution problems have two aspects of this: –distribution of public keys –use of public-key.

CN1276 Server Kemtis Kunanuraksapong MSIS with Distinction MCTS, MCDST, MCP, A+

Asper School of Business University of Manitoba Systems Analysis & Design Instructor: Bob Travica System interfaces Updated: November 2014.

CERTIFICATES “a document containing a certified statement, especially as to the truth of something ”

Chapter 5 Database Application Security Models

Digital Certificates Public Key Deception Digital Certificates Certificate Authorities Public Key Infrastructures (PKIs)

OV Copyright © 2011 Element K Content LLC. All rights reserved. System Security  Computer Security Basics  System Security Tools  Authentication.

Chapter 10: Authentication Guide to Computer Network Security.

Networks and Security. Types of Attacks/Security Issues  Malware  Viruses  Worms  Trojan Horse  Rootkit  Phishing  Spyware  Denial of Service.

MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter Four Configuring Outlook and Outlook Web Access.

Masud Hasan Secue VS Hushmail Project 2.

Introduction to Secure Messaging The Open Group Messaging Forum April 30, 2003.

Hands-On Microsoft Windows Server Security Enhancements in Windows Server 2008 Windows Server 2008 was created to emphasize security –Reduced attack.

Key Management with the Voltage Data Protection Server Luther Martin IEEE P May 7, 2007.

Database Application Security Models Database Application Security Models 1.

Introduction to Secure Sockets Layer (SSL) Protocol Based on:

Unit 1: Protection and Security for Grid Computing Part 2

Configuring Directory Certificate Services Lesson 13.

Chapter 23 Internet Authentication Applications Kerberos Overview Initially developed at MIT Software utility available in both the public domain and.

Certificate-Based Operations. Module Objectives By the end of this module participants will be able to: Define how cryptography is used to secure information.

Module 9: Fundamentals of Securing Network Communication.

Secure Messaging Workshop The Open Group Messaging Forum February 6, 2003.

Introduction to Public Key Infrastructure January 2004 CSG Meeting Jim Jokl.

1 Securing Data and Communication. 2 Module - Securing Data and Communication ♦ Overview Data and communication over public networks like Internet can.

Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®

Authentication of Signaling in VoIP Applications Authors: Srinivasan et al. (MIT Campus of Anna University, India) Source: IJNS review paper Reporter:

INTRODUCTION TO WEB APPLICATION Chapter 1. In this chapter, you will learn about:  The evolution of the Internet  The beginning of the World Wide Web,

CS 4244: Internet Programming Security 1.0. Introduction Client identification and cookies Basic Authentication Digest Authentication Secure HTTP.

CPS Computer Security Tutorial on Creating Certificates SSH Kerberos CPS 290Page 1.

Security fundamentals Topic 5 Using a Public Key Infrastructure.

Advanced Sendmail Part 1

Module 2: Introducing Windows 2000 Security. Overview Introducing Security Features in Active Directory Authenticating User Accounts Securing Access to.

Creating and Managing Digital Certificates Chapter Eleven.

King Mongkut’s University of Technology Network Security 8. Password Authentication Methods Prof. Reuven Aviv, Jan Password Authentication1.

CPS Computer Security Tutorial on Creating Certificates SSH Kerberos CPS 290Page 1.

1 Certification Issue : how do we confidently know the public key of a given user? Authentication : a process for confirming or refuting a claim of identity.

VPN. CONFIDENTIAL Agenda Introduction Types of VPN What are VPN Tokens Types of VPN Tokens RSA How tokens Work How does a user login to VPN using VPN.

Securing Access to Data Using IPsec Josh Jones Cosc352.

Pertemuan #8 Key Management Kuliah Pengaman Jaringan.

Encryption and Security Tools for IA Management Nick Hornick COSC 481 Spring 2007.

1 Example security systems n Kerberos n Secure shell.

SSL: Secure Socket Layer By: Mike Weissert. Overview Definition History & Background SSL Assurances SSL Session Problems Attacks & Defenses.

Understanding Web Server Programming

Module 8: Securing Network Traffic by Using IPSec and Certificates

Some bits on how it works

Distributed Systems Bina Ramamurthy 11/12/2018 From the CDK text.

Distributed Systems Bina Ramamurthy 11/30/2018 B.Ramamurthy.

Distributed Systems Bina Ramamurthy 12/2/2018 B.Ramamurthy.

Module 8: Securing Network Traffic by Using IPSec and Certificates

Distributed Systems Bina Ramamurthy 4/22/2019 B.Ramamurthy.

Integrated Security System

Presentation transcript:

Providing secure mobile access to information servers with temporary certificates Diego R. López

Providing secure mobile access to information servers using temporary certificates Diego R. López - Introduction Objectives of the system Secure access standards and mobility requirements Temporary (short-lived) certificates Characteristics Loading and issuing System implementation Components Authentication protocol The user’s view Conclusions

Providing secure mobile access to information servers using temporary certificates Diego R. López - User mobility and secure access l User mobility (not just computer mobility) w Minimal HW/SW requirements w Simplicity of use l Secure access to servers w User authentication w Short-lived “connections”

Providing secure mobile access to information servers using temporary certificates Diego R. López - Secure access standards l Based on SSL/TLS l Server and client exchange X.509 certificates l X.509 certificates are assumed to be w Static Ô Associated with an entity’s identity w Valid in the long term Ô Identity is not often subject to change w Permanently stored by browsers and other information clients

Providing secure mobile access to information servers using temporary certificates Diego R. López - Mobility requirements l A token is used w Removable w Protected by a secret known to the user l Current standard: PKCS#11 w Used by most common clients w Requires specific software and/or hardware

Providing secure mobile access to information servers using temporary certificates Diego R. López - Temporary (short-lived) certificates l Are issued for a short period w Typical validity is a few hours w Time “removes” them l Simplify key generation procedures w Weaker algorithms or shorter key lengths can be employed l Simplify key management procedures w CA key changes only affect servers, not clients

Providing secure mobile access to information servers using temporary certificates Diego R. López - Loading temporary certificates l A loading program authenticates the user w The token contains both Ô The loading program Ô The authentication data l Minimal hardware and software requirements w An (almost) universal token: a diskette w An (almost) universal language: Java

Providing secure mobile access to information servers using temporary certificates Diego R. López - Issuing temporary certificates l An on-line Certification Authority (CA) has to issue the certificate w Validate the authentication data w Analyze user request Ô Server(s) to be accessed Ô Validity period w Issue the certificate

Providing secure mobile access to information servers using temporary certificates Diego R. López - System components (client side) l An Information Reader (IR): w Any information client able to use X.509 certificates w In the current implementation, Netscape 4.xx l A Temporary Certificate Client (TCC): w Negotiates with the service the session parameters w Starts the IR and initiates key generation procedures w The client JAR file is about 700K

Providing secure mobile access to information servers using temporary certificates Diego R. López - System components (authentication data) l A PKCS#12 object encrypted with a passphrase w Contains one of the keys (the private key) from a keypair assigned to the user w Included with other configuration data in a text file stored in the token: TCSERVER erika.cica.es:4433:4434 TCS1-CICA URL TBI-IDBS TIME 30 USER C=es, O=cica, CN=p BEGIN CICAP MIIC3AIBAzCABgkqhkiG9w0BBwGggCSABIICvjCCArowggK2Bgsqhki AqCCAqUwggKhMBsGCiqGSIb3DQEMAQYwDQQIrGHBS1QCRGkCAQEEggK XqyG5goN4YYGtiv8/NoLxnRhZG6Jdleybh90uMUmhyaivCxnLFoIKlf XTMohqpPdnl6CS5eF1u8V2dSv9+zAd3jh2E2He1hyWQBeSV7UpHWefb...

Providing secure mobile access to information servers using temporary certificates Diego R. López - System components (server side) l A Temporary Certificate Sever (TCS) w Acts as a (set of) on-line CA(s) l A directory that holds data pertaining to users w The other key (the public key) from the keypair assigned to the user w Acceptable session parameters w CAs the user can request certificates from

Providing secure mobile access to information servers using temporary certificates Diego R. López - Authentication protocol 5.- Kc2,CA ? 6.- Kc2, CA TCC token 1.- Passphrase 2.-Connect to TCS 3.- Rs 4. Ekc1(Rs,Rc),Kt2 7.-Skca (Kt2) 8.- Acces to information servers Others WWW News Databases TCSDirectoryIR

Providing secure mobile access to information servers using temporary certificates Diego R. López - The user’s view

Providing secure mobile access to information servers using temporary certificates Diego R. López - Conclusions l Thin-client based approach to information servers access control w Eases user mobility: Ô Practically any host with Internet access can be employed w Simplifies access control management l Open issues w Generalization of the procedures for other IRs w Finer granularity in access control w Token-less authentication protocol (applet)