Presentation is loading. Please wait.

Presentation is loading. Please wait.

EuroPKI Antonio Lioy Politecnico di Torino Dip. Automatica e Informatica.

Published byJuliana Evans Modified over 9 years ago

Similar presentations

Presentation on theme: "EuroPKI Antonio Lioy Politecnico di Torino Dip. Automatica e Informatica."— Presentation transcript:

1 EuroPKI Antonio Lioy Politecnico di Torino Dip. Automatica e Informatica

2 secure Web secure e-mail secure remote access secure VPN secure DNS X.509 certificate secure routing The Copernican revolution Win2000 security secure boot no viruses & Trojan horses IP security

3 Background n ICE-TEL project (1997-1998) n ICE-CAR project (1999-2000) n various national projects (1996-2000) n since January 1, 2000: EuroPKI

4 EuroPKI EuroPKI TLCA Politecnico di Torino CA City of Rome CA people servers EETIC CA EuroPKI Slovenia EuroPKI Italy EuroPKI Norway

5 Current status n root + n AT (IAIK) n IE (TCD) n IT (POLITO) n Italian tree, with 4 City Halls n integration with the Italian identity chip-card n NO will retire on Dec 31, 2000 n SI (IJS) n Slovenian tree n UK (UCL)

6 EuroPKI services n certification n revocation n publication n data validation n competence centre

7 Certification n X.509v3 certificates n global CP (Certification Policy) n local CPS (Certification Practice Statement)

8 Certification policy n current draft: n 28 pages n based on RFC-2527 (with extensions) n basic idea: n be as little restrictive as possible to allow anybody to join... n... while retaining a level of security useful for practical applications

9 CP requirements n personal identification of the subject n secure management of the CA n periodic publication of CRL

10 Applications supported n Web: n SSL/TLS n signed applets n SSL-based applications: n telnet, FTP, SMTP, POP, IMAP,... n e-mail: n S/MIME n IPsec (via SCEP) n DNS (?)

11 Publication n certificates and CRLs n Web servers: n for humans n directory server: n for applications n LDAP (local) directories n X.500 (global) directory n X.521 schema

12 Revocation n CRL (Certificate Revocation List) n cumulative list of revoked certificates n issued periodically n updated as needed n OCSP (On-Line Certificate Status Protocol): n “is this cert valid now?” n unknown, valid, invalid

13 Time-stamping n proof of data existence at a given date n IETF-PKIX-TSP-draft-12 n TSP server (Win32, Unix) n TSP client (GUI for Win32, shell for Unix) TSP server

14 Attribute certificate where should I put additional infos related to a certificate? in a directory, or in an attribute certificate (draft-ietf-pkix-ac509prof) in a directory, or in an attribute certificate (draft-ietf-pkix-ac509prof) inside the certificate, in order to keep all data together

15 Next steps n GARR PKI n European digital signature law n CDSA n automatic policy negotiation

16 Future n I have a dream... n... a pan-european open and public PKI to enable network security EuroPKI?

Download ppt "EuroPKI Antonio Lioy Politecnico di Torino Dip. Automatica e Informatica."

Similar presentations

New Security Services Based on PKI

New Security Services Based on PKI
PKI Strategy PKI Requirements Standard –Based on e-MARC or other Certificate Policy Statements –Specify key aspects that must be met by CA Cert format.

PKI Strategy PKI Requirements Standard –Based on e-MARC or other Certificate Policy Statements –Specify key aspects that must be met by CA Cert format.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
1st Expert Group Meeting (EGM) on Electronic Trade-ECO Cooperation on Trade Facilitation 23-25 May 2012, Kish Island, I.R.IRAN.

1st Expert Group Meeting (EGM) on Electronic Trade-ECO Cooperation on Trade Facilitation May 2012, Kish Island, I.R.IRAN.
1 eID validations services Houcine Bel Mamoune Unit manager eID Technical Drill down Session 7 April 2005.

1 eID validations services Houcine Bel Mamoune Unit manager eID Technical Drill down Session 7 April 2005.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Geneva, Switzerland, 2 June 2014 Introduction to public-key infrastructure (PKI) Erik Andersen, Q.11 Rapporteur, ITU-T Study Group 17 ITU Workshop.

Geneva, Switzerland, 2 June 2014 Introduction to public-key infrastructure (PKI) Erik Andersen, Q.11 Rapporteur, ITU-T Study Group 17 ITU Workshop.
Chapter 9 Deploying IIS and Active Directory Certificate Services

Chapter 9 Deploying IIS and Active Directory Certificate Services
Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.

Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 12 Applying Cryptography.

Security+ Guide to Network Security Fundamentals, Third Edition Chapter 12 Applying Cryptography.
PKI Activities at Virginia January 2004 CSG Meeting Jim Jokl.

PKI Activities at Virginia January 2004 CSG Meeting Jim Jokl.
Windows Vista And Longhorn Server PKI Enhancements Avi Ben-Menahem Lead Program Manager Windows Security Microsoft Corporation.

Windows Vista And Longhorn Server PKI Enhancements Avi Ben-Menahem Lead Program Manager Windows Security Microsoft Corporation.
Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.

Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.
APNIC Trial of Certification of IP Addresses and ASes RIPE 52 Plenary George Michaelson Geoff Huston.

APNIC Trial of Certification of IP Addresses and ASes RIPE 52 Plenary George Michaelson Geoff Huston.
Can PKI be made simple enough to be used by non-experts? Signature formats and context Antonio Lioy ( polito.it ) Politecnico di Torino Dip. Automatica.

Can PKI be made simple enough to be used by non-experts? Signature formats and context Antonio Lioy ( polito.it ) Politecnico di Torino Dip. Automatica.
CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.
Chapter 11: Active Directory Certificate Services

Chapter 11: Active Directory Certificate Services
CMSC 414 Computer and Network Security Lecture 19 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 19 Jonathan Katz.
CN1276 Server Kemtis Kunanuraksapong MSIS with Distinction MCTS, MCDST, MCP, A+

CN1276 Server Kemtis Kunanuraksapong MSIS with Distinction MCTS, MCDST, MCP, A+
CERTIFICATES “a document containing a certified statement, especially as to the truth of something ”

CERTIFICATES “a document containing a certified statement, especially as to the truth of something ”

Similar presentations

Ads by Google