Presentation is loading. Please wait.

Presentation is loading. Please wait.

Integrating security services with the automatic processing of e-mail content TERENA 2001 Antalya, 14-17 May 2001 Francesco Gennai, Marina Buzzi Istituto.

Published byLinda Fox Modified over 8 years ago

Similar presentations

Presentation on theme: "Integrating security services with the automatic processing of e-mail content TERENA 2001 Antalya, 14-17 May 2001 Francesco Gennai, Marina Buzzi Istituto."— Presentation transcript:

1 Integrating security services with the automatic processing of e-mail content TERENA 2001 Antalya, 14-17 May 2001 Francesco Gennai, Marina Buzzi Istituto per le Applicazioni Telematiche, CNR - Pisa, Italy Francesco.Gennai@iat.cnr.it, Marina.Buzzi@iat.cnr.it

2 Motivation The automatic processing of message content speeds up data processing, reducing human error as well. In this context, signature verification by e-mail client could become a system bottleneck, thus justifying an automatic verification system.

3 Objective To automate the verification process of signed e-mails (electronic forms) in order to simplify the registration of Internet domains under the.IT Top Level Domain.

4 Correct recognition of MIME parts containing protected data  The RFC 1847 (S-MIME) specifies how to apply security service to MIME body parts (two new content types are added: Multipart/signed and Multipart/encrypted).  The RFC 2630 describes the Cryptographic Message Syntax used to digitally sign, digest, authenticate, or encrypt messages.  The RFC 2633 defines the application/pkcs7-signature MIME type used to transport S/MIME signed messages and outlines requirements and recommendations for handling of incoming messages by receiving agents.

5 Correct application of the verification process to the extracted MIME parts Mechanisms for certificate retrieval and validation The RFC 2632 specifies basic rules to be applied by receiving agents in order to correctly verify a signed message. Framework for managing certificates and CRLs The I-D "Internet X.509 Public Key Infrastructure Certificate and CRL Profile" outlines the format and semantics of certificates and certificate revocation lists for the Internet PKI. Procedures are described for processing of certification paths in the Internet environment.

6 Tools MIME-compliant mail server OpenSSL toolkit (libraries and application samples) was fundamental for implementation of the system http://www.openssl.org/

7 MsgVerify system overview Msg/Fax input process Message input process Message Status Cache Message/Fax Database Verification Processes CA Database FAX input process printer CRL Database CRL Manager Process MsgSmtp Process LDAP query

8 MsgVerify system overview A global identifier is assigned to each message or fax entering the system, thus maintaining the temporal sequence of the requests; this is useful in order to avoid collisions on requests for the same domain name. The message is stored in the Message/Fax Database that includes both messages and requests received via fax, stored as postscript files. At the same time temporary information on the message status is stored in the Message Status Cache (for greater efficiency).

9 MsgVerify system overview A Message Verification process is activated in order to process the new message as well as messages already present in the Cache Database (due to temporary errors). The Message Verification process interacts with the CAs and CRLs databases. Certificates of trust CAs are added to (or removed from) the CA Database by the system administrator. CRLs are automatically downloaded by the CRL Manager Process (which uploads the local CRL Database).

10 MV verification processes MV verification processes MV verification processes MV verification processes NODO 1 (MX1) NODO 2 (MX2) MV input process 1 1 4 2243 3 1432 MV MsgSmtp process 1243 MsgVerify message pathway

11

12 Questions Please send an e-mail to: Francesco.Gennai@iat.cnr.it Marina.Buzzi@iat.cnr.it

Download ppt "Integrating security services with the automatic processing of e-mail content TERENA 2001 Antalya, 14-17 May 2001 Francesco Gennai, Marina Buzzi Istituto."

Similar presentations

Single Sign-On with GRID Certificates Ernest Artiaga (CERN – IT) GridPP 7 th Collaboration Meeting July 2003 July 2003.

Single Sign-On with GRID Certificates Ernest Artiaga (CERN – IT) GridPP 7 th Collaboration Meeting July 2003 July 2003.
Digital Certificate Installation & User Guide For Class-2 Certificates.

Digital Certificate Installation & User Guide For Class-2 Certificates.
Installation & User Guide

Installation & User Guide
Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.

Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.
Digital Certificate Installation & User Guide For Class-2 Certificates.

Digital Certificate Installation & User Guide For Class-2 Certificates.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Grid Computing, B. Wilkinson, 20045a.1 Security Continued.

Grid Computing, B. Wilkinson, 20045a.1 Security Continued.
Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.

Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.
Deploying and Managing Active Directory Certificate Services

Deploying and Managing Active Directory Certificate Services
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Public Key Management and X.509 Certificates

Public Key Management and X.509 Certificates
Report on Attribute Certificates By Ganesh Godavari.

Report on Attribute Certificates By Ganesh Godavari.
Review of draft-ietf-sidr-arch-01.txt Steve Kent BBN Technologies.

Review of draft-ietf-sidr-arch-01.txt Steve Kent BBN Technologies.
Lecture 23 Internet Authentication Applications

Lecture 23 Internet Authentication Applications
Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.

Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.
DESIGNING A PUBLIC KEY INFRASTRUCTURE

DESIGNING A PUBLIC KEY INFRASTRUCTURE
WAP Public Key Infrastructure CSCI 5939.02 – Independent Study Fall 2002 Jaleel Syed Presentation No 5.

WAP Public Key Infrastructure CSCI – Independent Study Fall 2002 Jaleel Syed Presentation No 5.
16.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.

16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.

Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.

Similar presentations

Ads by Google