Download presentation
Presentation is loading. Please wait.
Published byLucas Nichols Modified over 9 years ago
1
Identity Management Realities in Higher Education NET Quarterly Meeting January 12, 2005
2
2 Higher Education IT Environment Open campus, easy physical access to wired and wireless network Open network, no firewall or address translation to Internet – like an ISP Heterogeneous client computers Mix of very knowledgeable and very naïve users
3
3 IT Security Risks Escalate More and more important information and transactions are online: –Personal identity information –Financial transactions –Course enrollment, grades –Tests, quizzes administered online –Licensed materials –Confidential research data We must comply with increasingly strict regulations: –Health information - HIPAA: http://www.hhs.gov/ocr/hipaa/ http://www.hhs.gov/ocr/hipaa/ –Educational records - FERPA: http://www.ed.gov/policy/gen/guid/fpco/ferpa/index.html http://www.ed.gov/policy/gen/guid/fpco/ferpa/index.html
4
4 Dartmouth’s Identity Management Timesharing (’70s) and Dartmouth Name Directory (’80s) pre-dated LDAP and AD LDAP now (with legacy DND interface for backwards compatibility) Everyone has an LDAP entry Passwords centrally managed in LDAP Now provisioning accounts for applicants An early start, but now pretty standard fare…
5
5 More to the Picture… Having a good directory is important… but we also need to be sure the individual at the keyboard is who they claim to be. Sometimes strong identity management can reduce security by eliminating obscurity and enabling re- use of a single password for more applications.
6
6 Password Sharing Corrupts value of username/password for authentication Sticky notes next to computer Files (even web pages full of passwords) Logging co-workers onto a system so they can help Social engineering is a huge vulnerability!
7
7 Users Do Share Passwords PKI Lab survey of 171 undergraduates: 75% of them shared passwords, < 50% changed afterwards Social engineering examples in “Probing End-User Security Practices – Through Homework” (Prof. Sean Smith) –Offering squirt guns for passwords was 80% effective –83% provided their password to bogus survey web www.educause.edu/ir/library/pdf/eqm0449.pdf Need two factor authentication to address password sharing Lest you think your users are different, remember students comprise the future workforce.
8
8 PKI Provides Two Factor Authentication 1)Something the user has (credentials stored in the application or a smartcard or token) 2)Something a user knows (password to unlock credentials). Significant security improvement Reduces exposure to password sharing (token is difficult to share)
9
9 Underlying Key Technology Asymmetric key encryption: each key only way to decrypt data encrypted by the other. Private key kept secret and carefully protected by its holder. Public key freely distributed. In authentication, server challenges client to encrypt or decrypt something with private key. Ability to do so proves client identity. Private key and password always stay in the user’s possession.
10
10 Digital Signatures (Attaching Identity to Electronic Forms and Documents) Our computerized world still runs by handwritten signatures on paper. Digital signatures promise to revolutionize many business processes: –Improve assurance of electronic transactions, verify and record digital signatures –Reduce paperwork via electronic forms –Faster, cheaper, more traceable business processes –Fundamental building block of Web Services Federal digital signature information: http://museum.nist.gov/exhibits/timeline/item.cfm?itemId=78
11
11 Inter-institutional Trust Accepting credentials issued by a trusted collaborating institution –Signed forms and documents for business process (e.g. grant applications, financial aid forms, government reports) –Signed and encrypted email from a colleague at another school –Authentication to applications shared among consortiums of schools
12
12 Dartmouth PKI Lab R&D to make PKI a practical component of campus networks Multi-campus collaboration sponsored by the Mellon Foundation Dual objectives: –Deploy existing PKI technology to improve network applications (both at Dartmouth and elsewhere). –Improve the current state of the art. Identify security issues in current products. Develop solutions to the problems.
13
13 For More Information Outreach web: www.dartmouth.edu/~deploypki Dartmouth PKI Lab PKI Lab information: www.dartmouth.edu/~pkilab Dartmouth user information, getting a Dartmouth certificate: www.dartmouth.edu/~pki Mark.J.Franklin@dartmouth.edu I’ll happily send copies of these slides upon request.
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.