Presentation is loading. Please wait.

Presentation is loading. Please wait.

Digital Certificate Operation in a Complex Environment Presentation to the IT Support Staff Conference 24 June 2004.

Published byMolly Patrick Modified over 9 years ago

Similar presentations

Presentation on theme: "Digital Certificate Operation in a Complex Environment Presentation to the IT Support Staff Conference 24 June 2004."— Presentation transcript:

1 Digital Certificate Operation in a Complex Environment Presentation to the IT Support Staff Conference 24 June 2004

2 24 July 20042 Digital Certificate Operation in a Complex Environment What a mouthful. …bless you! What are we trying to do? –“To provide a detailed implementation and evaluation report of 'real world' digital certificate services at the University of Oxford” Attempt to learn from the experience of others Development/implementation of, a public key infrastructure… Evaluations Dissemination

3 24 July 20043 This talk The staff The aims What ARE digital certificates? Summary of PKI What have we done so far? Requirements and challenges The architecture Demonstration of our certificate request/issuing system Appeal for help!

4 24 July 20044 Staff Project team: –Project Manager: Mark Norman –Evaluators: Alun Edwards (OUCS), Johanneke Sytsema (SERS) –Systems Developer: Christian Fernau Project Board: –Mike Fraser/Paul Jeffreys (Co-Project Directors) –Frances Boyle (SERS)

5 24 July 20045 The aims (in short…) Use digital certificates for authentication at Oxford (and elsewhere) –Involves ‘building’ a PKI and –making some services ‘certificate aware’ Look at usability and issuing mechanisms –Registration, renewal, revocation etc. Have an open mind about the success –Maybe balance the high security (potential) with ease of use/implementation… …pragmatism?

6 24 July 20046 What ARE digital certificates? Lots of jargon: –X.509 –Public key infrastructure –Signing, encryption, hashes Where have you seen them before? –Secure Sockets Layer (SSL) –(DCOCE is about personal certificates) But what are they? –Little bits of digital information that are signed by a trusted authority

7 24 July 20047 And how do they work?

8 24 July 20048 But what is DCOCE interested in? Authentication (Unfortunately, not signing or encryption) Hello Mary had a little lamb Web server End user Mary had a little lamb Mary had a little lamb Mary had a little lamb OK. The server is happy that the end user is a holder of a genuine Oxford certificate!

9 24 July 20049 PKI – certificate issuing and use

10 24 July 200410 What are the real challenges? Usability, usability, usability –Concepts (currently) are too complex for most end users –Need to help them guard their private key –Disincentives against doing silly things e.g. our Local Institution Certificate Store (LICS) Browser support isn’t brilliant Moving from machine to machine So why not keep your certificate and private key on a central server, protected by a password!?!?!

11 24 July 200411 What have we done? Consultation – to refine our requirements Looked at registration information flow –And how we expect it could work in the future Architecture design – as per requirements Very nearly finished most parts of development

12 24 July 200412 What have we done wrong? Anonymity/pseudonymity –Have we exaggerated this as a requirement?

13 24 July 200413 A quick indication of the ‘requirements’ Basic level assurance –For most University users –Medium level for the Grid and others How to scale the registration –Trusting the registration servers –Generating keys locally –Being secure Mobility problems –Save certs and private keys on a central server? –Or use ‘devices’?

14 24 July 200414 And the real challenges are Oxford pilot/feasibility vs. production (a ‘system for HE/FE generally’) Getting users, and giving them something to play with –i.e. letting them use their certificate to authenticate to something useful Having to ‘ignore’ signing and encryption possibilities –(revocation problems with these)

15 24 July 200415 Architecture summary

16 24 July 200416 A quick demonstration of our prototype https://typhon.oucs.ox.ac.uk:8443/lics-web/showStatic?file=indexHTML i3oofmj1v To end

17 24 July 200417 Requesting a certificate Includes a fair amount of help text And guidelines for good quality pass phrases

18 24 July 200418 The Registration Authority

19 24 July 200419 Downloading your certificate

20 24 July 200420 We need help! ITSS can really help us! We need: –Volunteers to be certificate users this summer* –Volunteers for ‘local’ RAs –Applications/web servers that need authentication * planned going live date for ITSS staff is 20 th July 2004 (we hope to involve more ‘end users’ in Sept and Oct)

21 More information at http://www.dcoce.ox.ac.uk

Download ppt "Digital Certificate Operation in a Complex Environment Presentation to the IT Support Staff Conference 24 June 2004."

Similar presentations

HCQ P MEDICARES HEALTH CARE QUALITY IMPROVEMENT PROGRAM QualityNet Exchange Dennis Stricker Director, Information Systems Group Office of Clinical Standards.

HCQ P MEDICARES HEALTH CARE QUALITY IMPROVEMENT PROGRAM QualityNet Exchange Dennis Stricker Director, Information Systems Group Office of Clinical Standards.
Introduction of Grid Security

Introduction of Grid Security
Digital Certificate Operation in a Complex Environment Matthew J. Dovey Oxford University Computing Services.

Digital Certificate Operation in a Complex Environment Matthew J. Dovey Oxford University Computing Services.
Experiences with Massive PKI Deployment and Usage Daniel Kouřil, Michal Procházka Masaryk University & CESNET Security and Protection of Information 2009.

Experiences with Massive PKI Deployment and Usage Daniel Kouřil, Michal Procházka Masaryk University & CESNET Security and Protection of Information 2009.
Grid Computing, B. Wilkinson, 20045a.1 Security Continued.

Grid Computing, B. Wilkinson, 20045a.1 Security Continued.
1 Lecture 17: SSL/TLS history, architecture basic handshake session initiation/resumption key computation negotiating cipher suites application: SET.

1 Lecture 17: SSL/TLS history, architecture basic handshake session initiation/resumption key computation negotiating cipher suites application: SET.
Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.

Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.
Grid Computing Basics From the perspective of security or An Introduction to Certificates.

Grid Computing Basics From the perspective of security or An Introduction to Certificates.
Grid Security Infrastructure Tutorial Von Welch Distributed Systems Laboratory U. Of Chicago and Argonne National Laboratory.

Grid Security Infrastructure Tutorial Von Welch Distributed Systems Laboratory U. Of Chicago and Argonne National Laboratory.
Lecture 2: Security Rachana Ananthakrishnan Argonne National Lab.

Lecture 2: Security Rachana Ananthakrishnan Argonne National Lab.
Cross Platform Single Sign On using client certificates Emmanuel Ormancey, Alberto Pace Internet Services group CERN, Information Technology department.

Cross Platform Single Sign On using client certificates Emmanuel Ormancey, Alberto Pace Internet Services group CERN, Information Technology department.
23 Oct 20081 PKI for the Mystified Introduction to Public Key Infrastructure and Cryptography Ivaylo Kostadinov.

23 Oct PKI for the Mystified Introduction to Public Key Infrastructure and Cryptography Ivaylo Kostadinov.
Http Web Authentication Web authentication is used to verify a users identity before allowing access to certain web pages On web browsers you get a login.

Http Web Authentication Web authentication is used to verify a users identity before allowing access to certain web pages On web browsers you get a login.
INFORMATION SYSTEMS SERVICES UNIVERSITY OF LEEDS Presentation to the UK e-Science Grid Workshop ‘Managing Access to Resources on the Grid’ e-Science Institute,

INFORMATION SYSTEMS SERVICES UNIVERSITY OF LEEDS Presentation to the UK e-Science Grid Workshop ‘Managing Access to Resources on the Grid’ e-Science Institute,
Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.

Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.
A case for Shibboleth and grid security: are we paranoid about identity? UK e-Science All Hands Meeting, 2006 Mark Norman 19 Sept 2006.

A case for Shibboleth and grid security: are we paranoid about identity? UK e-Science All Hands Meeting, 2006 Mark Norman 19 Sept 2006.
WAP Public Key Infrastructure CSCI 5939.02 – Independent Study Fall 2002 Jaleel Syed Presentation No 5.

WAP Public Key Infrastructure CSCI – Independent Study Fall 2002 Jaleel Syed Presentation No 5.
An In-Depth Examination of PKI Strengths, Weaknesses and Recommendations.

An In-Depth Examination of PKI Strengths, Weaknesses and Recommendations.
TIES — Technologies for Information Environment Security Sandy Shaw University of Edinburgh.

TIES — Technologies for Information Environment Security Sandy Shaw University of Edinburgh.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.

Similar presentations

Ads by Google