CCSDS Security Working Group Fall 2015 Meeting Certificate Management 9 November – 13 November 2015 Darmstadt Germany Charles Sheehe NASA/Glenn.

Slides:

Advertisements

Similar presentations

Smart Certificates: Extending X.509 for Secure Attribute Service on the Web October 1999 Joon S. Park, Ph.D. Center for Computer High Assurance Systems.

Advertisements

1 APNIC Resource Certification Service Project Routing SIG 7 Sep 2005 APNIC20, Hanoi, Vietnam George Michaelson.

Introduction of Grid Security

Router Identification Problem Statement J.W. Atwood 2008/03/11

Chapter 14 – Authentication Applications

Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

CS5204 – Operating Systems 1 Authentication. CS 5204 – Operating Systems2 Authentication Digital signature validation proves:  message was not altered.

CP3397 ECommerce.

Csci5233 Computer Security1 Bishop: Chapter 10 (Cont.) Key Management: Certificates.

Resource Certificate Profile Geoff Huston, George Michaelson, Rob Loomans APNIC IETF 67.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Donkey Project Introduction and ideas around February 21, 2003 Yuri Demchenko.

Fed/Ed PKI 2008, June Subject Unique Identifier or Equivalent William A. Weems & Mark B. Jones Academic Technology U. Texas Health Science Center at Houston.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

Geneva, Switzerland, 2 June 2014 Introduction to public-key infrastructure (PKI) Erik Andersen, Q.11 Rapporteur, ITU-T Study Group 17 ITU Workshop.

 A public-key infrastructure ( PKI ) is a set of hardware, software, people, policies, and procedures needed to create, manage, distribute, use, store,

Public Key Management and X.509 Certificates

Haidong Xue.  Part One: Review of the Knowledge in Textbook goals, issues, solutions  Part Two: Current Application X509.V3  Part Three: Future Work.

Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.

Authentication Cristian Solano. Cryptography is the science of using mathematics to encrypt and decrypt data. Public Key Cryptography –Problems with key.

HIT Standards Committee: Digital Certificate Trust – Policy Question for HIT Policy Committee March 29, 2011.

DESIGNING A PUBLIC KEY INFRASTRUCTURE

Apr 2, 2002Mårten Trolin1 Previous lecture On the assignment Certificates and key management –Obtaining a certificate –Verifying a certificate –Certificate.

SMUCSE 5349/7349 Public-Key Infrastructure (PKI).

CSCI283 Fall 2005 GWU All slides from Bishop’s slide set Public Key Infrastructure (PKI)

APNIC Trial of Certification of IP Addresses and ASes RIPE 52 Plenary George Michaelson Geoff Huston.

Resource Certificate Profile SIDR WG Meeting IETF 66, July 2006 draft-ietf-sidr-res-certs-01 Geoff Huston Rob Loomans George Michaelson.

1 Key Establishment Symmetric key problem: How do two entities establish shared secret key over network? Solution: trusted key distribution center (KDC)

Public Key Distribution and X.509 Wade Trappe. Distribution of Public Keys There are several techniques proposed for the distribution of public keys:

Copyright, 1996 © Dale Carnegie & Associates, Inc. Digital Certificates Presented by Sunit Chauhan.

Computer Science Public Key Management Lecture 5.

14 May 2002© TrueTrust Ltd1 Privilege Management in X.509(2000) David W Chadwick BSc PhD.

X.509 Certificate management in.Net By, Vishnu Kamisetty

Galileo - Knowledge Testing Service e-MSoft Artur Majuch.

Digital Certificates Made Easy Sam Lutgring Director of Informational Technology Services Calhoun Intermediate School District.

Cryptography and Network Security Chapter 14 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.

Introduction to Secure Messaging The Open Group Messaging Forum April 30, 2003.

NENA Development Conference | October 2014 | Orlando, Florida Security Certificates Between i3 ESInet’s and FE’s Nate Wilcox Emergicom, LLC Brian Rosen.

Lecture 23 Internet Authentication Applications modified from slides of Lawrie Brown.

Information Security Fundamentals Major Information Security Problems and Solutions Department of Computer Science Southern Illinois University Edwardsville.

Unit 1: Protection and Security for Grid Computing Part 2

Chapter 23 Internet Authentication Applications Kerberos Overview Initially developed at MIT Software utility available in both the public domain and.

CERTIFICATES. What is a Digital Certificate? Electronic counterpart to a drive licenses or a passport. Enable individuals and organizations to secure.

Attribute Certificate By Ganesh Godavari. Talk About An Internet Attribute Certificate for Authorization -- RFC 3281.

1 DCS 835 – Computer Networking and the Internet Digital Certificate and SSL (rev ) Team 1 Rasal Mowla (project leader) Alvaro Restrepo, Carlos.

Certificate Requests to HIP Jani Pellikka 80 th IETF Mar 27 th – Apr 1 st 2011 Prague, Czech Republic.

X.509 Topics PGP S/MIME Kerberos. Directory Authentication Framework X.509 is part of the ISO X.500 directory standard. used by S/MIME, SSL, IPSec, and.

PKI: News from the Front and views from the Back Ken Klingenstein, Project Director, Internet2 Middleware Initiative Chief Technologist, University of.

PKI Future Directions 29 November 2001 Russ Housley RSA Laboratories CS – Class of 1981.

Module 2: Introducing Windows 2000 Security. Overview Introducing Security Features in Active Directory Authenticating User Accounts Securing Access to.

Pkiuniversity.com. Alice Bob Honest Abe’s CA Simple PKI hierarchy.

A Simple Traceable Pseudonym Certificate System for RSA-based PKI SCGroup Jinhae Kim.

1 APNIC Trial of Certification of IP Addresses and ASes RIPE October 2005 Geoff Huston.

1 Certification Issue : how do we confidently know the public key of a given user? Authentication : a process for confirming or refuting a claim of identity.

LDAP for PKI Problems Cannot search for particular certificates or CRLs Cannot retrieve particular certificates or CRLs.

Key Management and Distribution Anand Seetharam CST 312.

GRID-FR French CA Alice de Bignicourt.

Trusted? 05/4/2016 Charles Sheehe, CCSDS Security Working Group GRC POC All information covered is from public sources 1.

Trusted? 05/4/2016 Charles Sheehe, CCSDS Security Working Group GRC POC All information covered is from public sources.

کاربرد گواهی الکترونیکی در سیستمهای کاربردی (امضای دیجیتال)

APNIC Trial of Certification of IP Addresses and ASes

Message Security, User Authentication, and Key Management

زير ساخت كليد عمومي و گواهي هويت

APNIC Trial of Certification of IP Addresses and ASes

Resource Certificate Profile

Resource Certificate Profile SIDR WG Meeting IETF 66, July 2006

PKI (Public Key Infrastructure)

Presentation transcript:

CCSDS Security Working Group Fall 2015 Meeting Certificate Management 9 November – 13 November 2015 Darmstadt Germany Charles Sheehe NASA/Glenn

Certificate needs A Structure A provider A protocol

What do we need Structure CCountry STState LCity OOrganizational name OUOrganizational Unit name CNDomain name These data element should be formatted identically to the way W3C PKI structures the “Issuer” element: as a record reflecting the identity of the CA.

What do we need Structure continued, 1 Version Serial Number Algorithm ID Validity Not Before Not After Subject Key Info Key Algorithm Subject Key Issuer Unique Identifier Subject Unique Identifier Any extensions with defined meanings (optional)

What do we need Structure continued, 2 ROLEThe role of the subject in the SANA CA ecosystem. Can take values of CA National CA Agency CA Domain CA DEVICE Cert OPERATOR Cert SOFTWARE Cert INSTALLER Cert Each role will carry particular capabilities to engage in various kinds of communication. For instance, the INSTALLER role will be able to supply device installation metadata to SANA CA. The National CA role will be authorized to engage in National CA-CA and National CA-Agency CA communications. SANA_IDFor a role certificate, this field contains the certification SANA ID SERIAL_NUMFor a multiple end points within an SANA ID.

What do we need Provider and protocol Certificate management organization Protocol for certificats: Automatic Certificate Management Environment (ACME) draft-barnes-acme-04

Discussion