Presentation is loading. Please wait.

Presentation is loading. Please wait.

Gregorio Martínez Pérez University of Murcia PROVIDING SECURITY TO UNIVERSITY ENVIRONMENT COMMUNICATIONS.

Published byBrice Nash Modified over 9 years ago

Similar presentations

Presentation on theme: "Gregorio Martínez Pérez University of Murcia PROVIDING SECURITY TO UNIVERSITY ENVIRONMENT COMMUNICATIONS."— Presentation transcript:

1 Gregorio Martínez Pérez gremar@dif.um.es University of Murcia PROVIDING SECURITY TO UNIVERSITY ENVIRONMENT COMMUNICATIONS

2 University of Murcia * Distributed applications on TCP/IP: impressive growth ë Services improvement ë Decreasing costs * Very important security problems when applications deal with confidential information MOTIVATION (I)

3 University of Murcia * University of Murcia: infrastructure to provide secure communications ë Must warrant: Confidentiality Authentication Integrity ë Complex task: Broad community of users Heterogeneous systems MOTIVATION (II)

4 University of Murcia * Certification Authority (CA) ë Trust foundation of the overall system ë We are using Netscape Certificate Server Problem: certification request is a public operation Solution: intermediate elements –RQServer (Requests Server) –RQClient (Certification Requests Client) PUBLIC KEY INFRASTRUCTURE (I)

5 University of Murcia * Registration Authority (RA) ë Constituted by Administrative staff Software applications ë Performs the following tasks To verify people identities To generate the user private and public keys To store the private key in the smart card To create the certification requests To create the revocation requests PUBLIC KEY INFRASTRUCTURE (II)

6 University of Murcia * Directory Server ë Main use: To get the information needed to make certification requests To store the final certificates ë To get data stored in this server: LDAP protocol PUBLIC KEY INFRASTRUCTURE (III)

7 University of Murcia * Smart Cards ë Security device to store private keys ë Two kinds of smart cards: 4 Kbytes smart cards PUBLIC KEY INFRASTRUCTURE (IV) 1 KByte Security Field RSA Private Key

8 University of Murcia * Smart Cards ëTwo kinds of smart cards: 2 Kbytes smart cards PUBLIC KEY INFRASTRUCTURE (V) 16 Bytes Security Field Ciphered Private Keys DB IDEA Key CIPHER Ciphered Private Key RSA Private Key

9 University of Murcia * Certificate Request * Certificate Recovery * Certificate Revocation MAIN OPERATIONS

10 University of Murcia CERTIFICATE REQUEST Registration Authority RSA PRIVATE OR IDEA KEY LDAP Certification Authority SSL RQServer Client Authent. SSL Ciphered Private Keys DB SSL Client Authent. ID Number Directory Server USER PERSONAL DATA RQClient Client Authent. SSL CRON

11 University of Murcia CERTIFICATE RECOVERY PKCS#11 Module Netscape Communicator SSL Secure Server PIN RSA PRIVATE OR IDEA KEY Ciphered Private Keys DB SSL Directory Server

12 University of Murcia CERTIFICATE REVOCATION Registration Authority RQServer Client Authent. SSL LDAP Directory Server Certification Authority SSL Client Authent. RVKClient Client Authent. SSL CRON Ciphered Private Keys DB SSL Client Authent.

13 University of Murcia * Complete security infrastructure ë Certification Authority ë Registration Authorities ë Smart cards ë Custom PKCS#11 Module ë Main security protocols: SSL and S/MIME * Framework to develop custom security applications CONCLUSIONS

14 University of Murcia * Custom CA developed in Java * Solutions for other applications: Microsoft products (PC/SC) * New smart cards approaches: OCF, JavaCards, VOP * Parallel infrastructure that manages credentials: SPKI FUTURE WORK

15 Gregorio Martínez Pérez gremar@dif.um.es University of Murcia PROVIDING SECURITY TO UNIVERSITY ENVIRONMENT COMMUNICATIONS

Download ppt "Gregorio Martínez Pérez University of Murcia PROVIDING SECURITY TO UNIVERSITY ENVIRONMENT COMMUNICATIONS."

Similar presentations

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.
New Security Services Based on PKI

New Security Services Based on PKI
Introduction to z/OS Security Lesson 4: There’s more to it than RACF

Introduction to z/OS Security Lesson 4: There’s more to it than RACF
SSL Implementation Guide Onno W. Purbo

SSL Implementation Guide Onno W. Purbo
WPKI available technology diagram and the business model

WPKI available technology diagram and the business model
Public Key Infrastructure (PKI)

Public Key Infrastructure (PKI)
1 Lecture 17: SSL/TLS history, architecture basic handshake session initiation/resumption key computation negotiating cipher suites application: SET.

1 Lecture 17: SSL/TLS history, architecture basic handshake session initiation/resumption key computation negotiating cipher suites application: SET.
Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.

Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.
Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 23: Internet Authentication Applications.

Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 23: Internet Authentication Applications.
Lecture 23 Internet Authentication Applications

Lecture 23 Internet Authentication Applications
Public Key Infrastructure Ben Sangster February 23, 2006.

Public Key Infrastructure Ben Sangster February 23, 2006.
Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.

Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.
PKI Administration Using EJBCA and OpenCA

PKI Administration Using EJBCA and OpenCA
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 12 Applying Cryptography.

Security+ Guide to Network Security Fundamentals, Third Edition Chapter 12 Applying Cryptography.
The UMU-PBNM Antonio F. Gomez Skarmeta Gregorio Martínez

The UMU-PBNM Antonio F. Gomez Skarmeta Gregorio Martínez
Kerberos and PKI Cooperation Daniel Kouřil, Luděk Matyska, Michal Procházka Masaryk University AFS & Kerberos Best Practices Workshop 2006.

Kerberos and PKI Cooperation Daniel Kouřil, Luděk Matyska, Michal Procházka Masaryk University AFS & Kerberos Best Practices Workshop 2006.
WAP Public Key Infrastructure CSCI 5939.02 – Independent Study Fall 2002 Jaleel Syed Presentation No 5.

WAP Public Key Infrastructure CSCI – Independent Study Fall 2002 Jaleel Syed Presentation No 5.
Figure 1: SDR / MExE Download Framework SDR Framework Network Server Gateway MExE Download + Verification Using MExE Repository (Java sandbox) MExE Applet.

Figure 1: SDR / MExE Download Framework SDR Framework Network Server Gateway MExE Download + Verification Using MExE Repository (Java sandbox) MExE Applet.
Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.

Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.

Similar presentations

Ads by Google