Presentation is loading. Please wait.

Presentation is loading. Please wait.

Making Digital Security a Reality With PKI Nicholas A. Davis, UW-Madison November 28, 2006.

Published byVivien Joseph Modified over 9 years ago

Similar presentations

Presentation on theme: "Making Digital Security a Reality With PKI Nicholas A. Davis, UW-Madison November 28, 2006."— Presentation transcript:

1 Making Digital Security a Reality With PKI Nicholas A. Davis, UW-Madison November 28, 2006

2 Overview PKI 101 – Intro to digital certificates History of PKI at UW-Madison UW-Madison IT environment Why UW-Madison is interested in PKI PKI cost and model comparison What it all actually looks like in reality Our experience so far and our future plans Universal truths What we have learned Final thoughts How to get started today! Questions

3 Public Key Infrastructure (PKI) 101 PKI = System to manage digital certificates Digital Passport Digital key to unlock encrypted Data Digital pen to sign

4 PKI 101 (Continued) Digitally sign Microsoft Office documents, spreadsheets, email, PDF files, etc. Encrypt email in transit and storage, end to end Authenticate with a much stronger credential than username & password

5 History of PKI at UW- Madison October 2000 – UW-Madison and Dartmouth get together June 2004 – Requirements gathering May 2005 – Geotrust selected

6 UW-Madison IT Landcscape Faculty, Staff, Students Highly decentralized Public institution Research driven environment

7 Communities Served by UW- Madison AuthNZ It’s Not Just About Us Anymore

8 Why the UW-Madison is interested in digital security solutions Threat of identity theft (Authentication) – Alice and Bob story More university businesses conducted via the Internet (encryption) Non-repudiation (signing)

9 Up Front Development Costs Gartner Group estimates that the average commercial PKI system costs $1 million to implement 80% of PKI systems never get beyond “pilot” status Our estimated first year costs are substantially less than this

10 PKI Models Under Consideration In-House Commercial In-House Open Source Co-managed

11 Time to Implement Feature Set Cost of establishing sandbox, QA and production environments Hardware acquisition CP and CPS statements Open Source, 12 months In-House Commercial, 9 months Co-Managed Commercial, 1 month

12 Annual Cost Summary

13 Geotrust Selected as UW-Madison PKI Lower upfront fixed costs Lower 10 year costs Faster road to implementation Trusted Root Off Site Key Escrow Automated certificate delivery UW-Madison common look and feel No long term lock in

14 No Trusted Root With Open Source Unsigned Root means distrust both within and outside our core universe

15 Certificate Storage Aladdin Etoken USB based for ease of integration Excellent customer support Enhanced platform support

16 What does it actually look like in practice? -Sending-

17 What does it actually look like in practice (unlocking my private key) -sending-

18 What does it actually look like in practice? -receiving- (decrypted)

19 Digitally Signed and Verified, Encrypted

20 What does it actually look like in practice? -receiving- (intercepted)

21 The look of UW-Madison digital certificiates

22 Feature Set Trusted Root Seamless trust let’s us play globally via the Equifax Secure eBusiness CA1

23 Feature Set Key Escrow Is Big Brother watching? Who do the keys belong to anyway?

24 Feature Set – Distance Users – Co-Managed All the user needs is a web browser in order to get their certificate

25 Our Experience So Far Customers appreciate: Automated certificate delivery Trusted Root Key Escrow Uses: Using certificates for digital signing Using certificates for encrypted email Digital signing of mass email to campus

26 So Now What? Digital certificate management model proven Low hanging digital fruit has been harvested Is it time for me to retire?

27 Leveraging Our Existing System The UW-Madison PKI is in place today for signing and encryption Encourage others to change their way of doing business Integration with our current Web ISO for authentication

28 Example of Business Process Change UW-Madison Police and Security Building access: New centralized system Same historically weak business processes FERPA issues PKI to the rescue! 110 new users

29 Universal Truths People are not interested in vaporware to solve their problems Administrative controls don’t work If you don’t trust anyone, nobody will trust you. You have to play by the rules, even if you don’t like them

30 The Secret is Evolution, Not Revolution Revolutions are bloody! Evolution lets you gain immediate benefit today while planning for a better tomorrow without throwing away all your current systems

31 Integration with WebISO Easy Evolution WebISO is an independent authentication module for web apps. Currently username and password enabled Easily converts to digital certificate based authentication without requiring rewrite of all applications

32 But What About SecurID? SecurID = One Time Password authentication device (OTP) Great for authentication! What else does it do? Cost! Vendor Lock-in! Good point solution, but hardly forward thinking

33 Critical Success factors for the UW-Madison A focus on the customer requirements is of pinnacle importance Financial lifecycle modeling for both short and long term Being careful not to reinvent the wheel simply for the sake of pride Top down support from the CIO’s office

34 What We Have Learned A certificate is a certificate What matters most is what your organization does with the certificate once it is issued The challenge of implementing PKI is 30% technical and 70% user education, marketing and acceptance

35 Final Thoughts The key to success in a decentralized environment lies in motivating your users, not obligating your users Whether you choose to build or buy, remember to keep it simple for the customers Don’t spend time on duplication of effort

36 “But We Are Different…..” We all like to think we are different Setup a content filtering device with 100 keywords on your outgoing email Let me know what you discover Ignorance is not an excuse for weak security practices

37 Audience Question How is PKI similar to a Telephone network? The value of the system is proportional to the number of people who have a phone or a digital certificate!

38 “It can happen to you, it can happen to me, it can happen to everyone eventually…..”

39 The First Taste is Free! Download a FREE email digitial certificate www.ascertia.com www.thawte.com Perform inter-institutional testing with your organization and UW-Madison! Digital certificates are inherently supported in: Outlook, Outlook Express, Thunderbird, Mail.app, Mulberry, Eudora 7.0

40 Questions and Comments Nicholas Davis PKI Project Leader UW-Madison ndavis1@wisc.edu 608-262-3837 www.doit.wisc.edu/middleware/pki PLEASE PARTNER WITH US AS WE MOVE FORWARD WITH PKI! -----BEGIN CERTIFICATE----- MIIDLjCCApegAwIBAgICAdkwDQYJKoZIhvcNAQEFBQAwgYkxCzAJBgNVBAYTAlVT MSswKQYDVQQKEyJEaXZpc2lvbiBvZiBJbmZvcm1hdGlvbiBUZWNobm9sb2d5MSMw IQYDVQQLExpGYWN1bHR5IC0gU3RhZmYgLSBTdHVkZW50czEoMCYGA1UEAxMfVW5p dmVyc2l0eSBvZiBXaXNjb25zaW4tTWFkaXNvbjAeFw0wNjA5MDYxNjUzMjJaFw0w NzA5MDYxNjUzMjJaMIG8MQswCQYDVQQGEwJVUzESMBAGA1UECBMJV2lzY29uc2lu MRAwDgYDVQQHEwdNYWRpc29uMSgwJgYDVQQKEx9Vbml2ZXJzaXR5IG9mIFdpc2Nv bnNpbi1NYWRpc29uMSMwIQYDVQQLExpGYWN1bHR5IC0gU3RhZmYgLSBTdHVkZW50 czEXMBUGA1UEAxMOTmljaG9sYXMgRGF2aXMxHzAdBgkqhkiG9w0BCQEWEG5kYXZp czFAd2lzYy5lZHUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJECUO2/kNde rq9BXL9c60k7glXKSilVTS2hWfI7OVrVVVpSdOOVwd2djZ4EfuuJTmvwMRWdnU3h 124gFZWO+LiDhLx+iLC1bCwVbvUJPyfjViqXMoKgUNx7NStt6YlntqxvNfzW5Lxq NQ2VCu23AFqczmGxvX27M2VtSPg1oCWfAgMBAAGjcDBuMA4GA1UdDwEB/wQEAwIF 4DA7BgNVHR8ENDAyMDCgLqAshipodHRwOi8vY3JsLmdlb3RydXN0LmNvbS9jcmxz L3dpc2NvbnNpbi5jcmwwHwYDVR0jBBgwFoAUHJ5SUhsEYkcsaywBuGnxqTcsIyQw DQYJKoZIhvcNAQEFBQADgYEADgrwXFZyVWceIhbro0lR2NfdwqbkY1p1ywr9v8lf JGUfZ0scAxaNfdfkXMHJvMK7MZCQ65vXEO9YwTFAfugXK+AAFot0HhNvWMwvBLqX cYKps+A5VU9JnhNAKZJRIImiGCKjz2e+ZARm6fjTxheW5qJyJq30sbwukG/tsbXT jnw= -----END CERTIFICATE-----

41

Download ppt "Making Digital Security a Reality With PKI Nicholas A. Davis, UW-Madison November 28, 2006."

Similar presentations

HCQ P MEDICARES HEALTH CARE QUALITY IMPROVEMENT PROGRAM QualityNet Exchange Dennis Stricker Director, Information Systems Group Office of Clinical Standards.

HCQ P MEDICARES HEALTH CARE QUALITY IMPROVEMENT PROGRAM QualityNet Exchange Dennis Stricker Director, Information Systems Group Office of Clinical Standards.
UTILIZING WITH ITA. offers an entire suite of benefits for you and your students. You can also set up s for the purpose.

UTILIZING WITH ITA. offers an entire suite of benefits for you and your students. You can also set up s for the purpose.
1 PKI Buy vs. Build Decision at UW-Madison Presented by Nicholas Davis PKI Project Leader UWMadison, Division of Information Technology.

1 PKI Buy vs. Build Decision at UW-Madison Presented by Nicholas Davis PKI Project Leader UWMadison, Division of Information Technology.
PKI Solutions: Buy vs. Build David Wasley, U. California (ret.) Jim Jokl, U. Virginia Nick Davis, U. Wisconsin.

PKI Solutions: Buy vs. Build David Wasley, U. California (ret.) Jim Jokl, U. Virginia Nick Davis, U. Wisconsin.
Digital Certificate Installation & User Guide For Class-2 Certificates.

Digital Certificate Installation & User Guide For Class-2 Certificates.
Mobile Devices in the DoD

Mobile Devices in the DoD
Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.

Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.
Digital Certificate Installation & User Guide For Class-2 Certificates.

Digital Certificate Installation & User Guide For Class-2 Certificates.
Digital Certificate Installation & User Guide For Class-2 Certificates.

Digital Certificate Installation & User Guide For Class-2 Certificates.
Grid Security Infrastructure Tutorial Von Welch Distributed Systems Laboratory U. Of Chicago and Argonne National Laboratory.

Grid Security Infrastructure Tutorial Von Welch Distributed Systems Laboratory U. Of Chicago and Argonne National Laboratory.
SSL & SharePoint IT:Network:Applications. Agenda Secure Socket Layer Encryption 101 SharePoint Customization SharePoint Integration.

SSL & SharePoint IT:Network:Applications. Agenda Secure Socket Layer Encryption 101 SharePoint Customization SharePoint Integration.
Cross Platform Single Sign On using client certificates Emmanuel Ormancey, Alberto Pace Internet Services group CERN, Information Technology department.

Cross Platform Single Sign On using client certificates Emmanuel Ormancey, Alberto Pace Internet Services group CERN, Information Technology department.
Grid Security. Typical Grid Scenario Users Resources.

Grid Security. Typical Grid Scenario Users Resources.
Identity Management Realities in Higher Education NET Quarterly Meeting January 12, 2005.

Identity Management Realities in Higher Education NET Quarterly Meeting January 12, 2005.
PKI Past, Present and Future at the UW Nicholas Davis, PKI Project Leader Eighth Annual Educause PKI Summit.

PKI Past, Present and Future at the UW Nicholas Davis, PKI Project Leader Eighth Annual Educause PKI Summit.
1 eAuthentication in Higher Education Tim Bornholtz Session #47.

1 eAuthentication in Higher Education Tim Bornholtz Session #47.
Public Key Infrastructure at the University of Pittsburgh Robert F. Pack, Vice Provost Academic Planning and Resources Management March 27, 2000 CNI Spring.

Public Key Infrastructure at the University of Pittsburgh Robert F. Pack, Vice Provost Academic Planning and Resources Management March 27, 2000 CNI Spring.
Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.

Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.
Secure Communications … or, the usability of PKI.

Secure Communications … or, the usability of PKI.
The Unique Challenges of Rolling Out a PKI in the U.W. Academic Environment Nicholas A. Davis.

The Unique Challenges of Rolling Out a PKI in the U.W. Academic Environment Nicholas A. Davis.

Similar presentations

Ads by Google