Electronic Security and PKI Richard Guida Chair, Federal PKI Steering Committee Chief Information Officers Council 202-622-1552.

Slides:

Advertisements

Similar presentations

© ITU Telecommunication Development Bureau (BDT) – E-Strategy Unit.. Page - 1 Seminar on Standardization and ICT Development for the Information.

Advertisements

1 ABCs of PKI TAG Presentation 18 th May 2004 Paul Butler.

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.

EDUCAUSE 2001, Indianapolis IN Securing e-Government: Implementing the Federal PKI David Temoshok Federal PKI Policy Manager GSA Office of Governmentwide.

The U.S. Federal PKI Richard Guida, P.E. Chair, Federal PKI Steering Committee Chief Information Officers Council

15June’061 NASA PKI and the Federal Environment 13th Fed-Ed PKI Meeting 15 June ‘06 Presenter: Tice DeYoung.

Public Key Infrastructure (PKI) Hosting Services.

Identity Standards (Federal Bridge Certification Authority – Certificate Lifecycle) Oct,

HIT Standards Committee: Digital Certificate Trust – Policy Question for HIT Policy Committee March 29, 2011.

NIH – EDUCAUSE PKI Interoperability Pilot Update Peter Alterman, Ph.D. Director of Operations, Office of Extramural Research, NIH and Senior Advisor to.

6/1/20151 Digital Signature and Public Key Infrastructure Course:COSC Instructor:Professor Anvari Student ID: Name:Xin Wen Date:11/25/00.

Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.

PKI in US Higher Education TAGPMA Meeting, March 2006 Rio De Janeiro, Brazil.

David L. Wasley Information Resources & Communications Office of the President University of California Directories and PKI Basic Components of Middleware.

Department of Information Engineering1 Major Concerns in Electronic Commerce Authentication –there must be proof of identity of the parties in an electronic.

Uncle Sam, Meet The PKI! Richard Guida Chair, Federal PKI Steering Committee Michèle Rubenstein Department of the Treasury,

WAP Public Key Infrastructure CSCI – Independent Study Fall 2002 Jaleel Syed Presentation No 5.

Toward the Use of DIGITAL Signatures in the Commonwealth of Virginia Prepared for the Council on Technology Services by the Privacy, Security & Access.

Figure 1: SDR / MExE Download Framework SDR Framework Network Server Gateway MExE Download + Verification Using MExE Repository (Java sandbox) MExE Applet.

The U.S. Federal PKI and the Federal Bridge Certification Authority

EDUCAUSE Fed/Higher ED PKI Coordination Meeting

6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.

E-Gov and Security Keren Cummins Digital Signature Trust Co. Richard Guida Chair, Federal PKI Steering Committee.

Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.

Richard Guida, P.E. Member, Government Information Technology Services Board Chair, Federal PKI Steering Committee

E-Government Security and necessary Infrastructures Dimitrios Lekkas Dept. of Systems and Products Design Engineering University of the Aegean

UNCLASS DoD Public Key Infrastructure LCDR Tom Winnenberg DISA API1 Chief Engineer 25 April 2002.

Introduction to Public Key Infrastructure (PKI) Office of Information Security The University of Texas at Brownsville & Texas Southmost College.

Identity Management and PKI Credentialing at UTHSC-H Bill Weems Academic Technology University of Texas Health Science Center at Houston.

CAMP - June 4-6, Copyright Statement Copyright Robert J. Brentrup and Mark J. Franklin This work is the intellectual property of the authors.

I DENTITY M ANAGEMENT Joe Braceland Mount Airey Group, Inc.

Digital Signature Xiaoyan Guo/ Xiaohang Luo/

Controller of Certifying Authorities PKI Technology - Role of CCA Assistant Controller (Technology) Controller of Certifying Authorities Ministry of Communications.

Controller of Certifying Authorities Public Key Infrastructure for Digital Signatures under the IT Act, 2000 : Framework & status Mrs Debjani Nag Deputy.

Digital Signature Technologies & Applications Ed Jensen Fall 2013.

Deploying a Certification Authority for Networks Security Prof. Dr. VICTOR-VALERIU PATRICIU Cdor.Prof. Dr. AUREL SERB Computer Engineering Department Military.

Access America-- Fulfilling the Vision of Electronic Service Delivery Peter N. Weiss Information Policy and Technology Office of Management and Budget.

Digital Signatures A Brief Overview by Tim Sigmon August, 2000.

Introduction to Secure Messaging The Open Group Messaging Forum April 30, 2003.

Cryptography, Authentication and Digital Signatures

The Evolving U.S. Federal PKI Richard Guida Chair, Federal PKI Steering Committee Federal Chief Information Officers Council

U.S. General Services Administration Federal Technology Service November 9, 1999 Judith Spencer Director, Center for Governmentwide Security Office of.

Cryptography Chapter 14. Learning Objectives Understand the basics of algorithms and how they are used in modern cryptography Identify the differences.

Chapter 23 Internet Authentication Applications Kerberos Overview Initially developed at MIT Software utility available in both the public domain and.

1 June Richard Guida Stephanie Evans Johnson & Johnson Director, WWIS WWIS SAFE Infrastructure Overview.

Digital Signatures A Brief Overview by Tim Sigmon April, 2001.

Key Management. Session and Interchange Keys  Key management – distribution of cryptographic keys, mechanisms used to bind an identity to a key, and.

Introduction to Public Key Infrastructure January 2004 CSG Meeting Jim Jokl.

Security Overview  System protection requirements areas  Types of information protection  Information Architecture dimensions  Public Key Infrastructure.

DIGITAL SIGNATURE. GOOD OLD DAYS VS. NOW GOOD OLD DAYS FILE WHATEVER YOU WANT – PUT ‘NA’ OR ‘-’ OR SCRATCH OUT FILE BACK DATED, FILE BLANK FORMS, FILE.

Federal and State PKI Bridge Evolution: Cutting Across Stovepipes EDUCAUSE 2000 October 12th, 2000.

Security in ebXML Messaging CPP/CPA Elements. Elements of Security P rivacy –Protect against information being disclosed or revealed to any entity not.

NIST E-Authentication Technical Guidance Bill Burr Manager, Security Technology Group National Institute of Standards and Technology

DIGITAL SIGNATURE.

The Evolving Federal PKI Gary Moore Entrust Technologies Richard Guida Chair, Federal PKI Steering Committee.

Security fundamentals Topic 5 Using a Public Key Infrastructure.

Federal Agencies and PKI Richard Guida, P.E. Member, Government Information Technology Services Board Chair, Federal PKI Steering Committee

Using Public Key Cryptography Key management and public key infrastructures.

Bridge Certification Architecture A Brief Overview by Tim Sigmon May, 2000.

1 Public Key Infrastructure Rocky K. C. Chang 6 March 2007.

Interoperability and the Evolving Federal PKI Richard Guida, P.E. Member, Government Information Technology Services Board Chair, Federal PKI Steering.

The Federal E-Authentication Initiative David Temoshok Director, Identity Policy GSA Office of Governmentwide Policy February 12, 2004 The E-Authentication.

E-Authentication Guidance Jeanette Thornton, Office of Management and Budget “Getting to Green with E-Authentication” February 3, 2004 Executive Session.

TAG Presentation 18th May 2004 Paul Butler

TAG Presentation 18th May 2004 Paul Butler

U.S. Federal e-Authentication Initiative

Technical Approach Chris Louden Enspier

Presentation transcript:

Electronic Security and PKI Richard Guida Chair, Federal PKI Steering Committee Chief Information Officers Council

Authentication and Confidentiality: Technical Approaches Shared secrets ( including “Symmetric Crypto”) –Personal ID Numbers –Passwords –Biometrics (including digitized signatures) Public key technology (“Asymmetric Crypto”) –Key pair - no shared secrets

Shared-Secret Approach Shared secret for authentication or confidentiality –Different for each pair of users –No nonrepudiation –Need to pre-arrange and securely transport –If one party fails to protect, both compromised

4 Public Key Technology Approach Two keys, mathematically linked One is kept private, other is made public Private not deducible from public For digital signature: One key signs, the other validates For confidentiality: One key encrypts, the other decrypts

5 Public Key Technology Advantages No shared secret - hence good foundation for nonrepudiation –Improved further with hardware token Identity/signature cryptographically bound to entire document Credential (digital certificate) is interoperable and extensible

An electronic credential which: –Binds an individual’s public key to his or her identity –Is digitally signed by a trusted third party (called Certification Authority) Provides a trusted way to obtain an individual’s public key –Digital Signature on the certificate precludes undetected alteration of contents Public Key (Digital) Certificate

Public Key Infrastructure Registration Authorities to identity proof users Certification Authorities to issue certificates and CRLs Repositories (publicly available data bases) to hold certificates and CRLs Some mechanism to recover data when encryption keys are lost/compromised Certificate Policy and related paper

Federal PKI Approach Establish Federal PKI Policy Authority (for policy interoperability) Develop/deploy Bridge CA using COTS (for technical interoperability) –Prototype 2/8/00, production end of 2000 Deal with directory issues in parallel –Border directory concept; “White Pages” Use ACES for public transactions

Federal PKI Policy Authority Voluntary interagency group - NOT an “agency” Governing body for interoperability through FBCA – Agency/FBCA certificate policy mappings Oversees operation of FBCA, authorizes issuance of FBCA certificates

Federal Bridge CA Non-hierarchical hub (“peer to peer”) Maps levels of assurance in disparate certificate policies (“policyMapping”) Ultimate bridge to CAs external to Federal government Allows certificates issued by one agency to be accepted by other agencies/parties

Intra-Agency PKI Examples DOD (>250K certs => >>4M by 2002; high assurance with smartcards) FAA (~1K certs => 20K+ in 2000; software now, migrating to smartcards) FDIC (~7K certs => 20K+ in 2000) NASA (~1K certs => 25K+ in 2000) USPTO (~1K certs => 15K+ in 2000)

Electronic Signatures under GPEA Government Paperwork Elimination Act (October 1998) Technology neutral - agencies select based on specifics of applications (e.g., risk) Gives electronic signature full legal effect Focus: transactions with Federal agencies Draft OMB Guidance 3/99; final 5/00

Organization

PKI Use and Implementation Issues Misunderstanding what it can and can’t do Requiring legacy fixes to implement Waiting for standards to stabilize High cost - a yellow herring Interoperability woes - a red herring Legal trepidation - the brightest red herring