1 / 15

Gregorio Martínez Pérez gremar@dif.um.es University of Murcia

PROVIDING SECURITY TO UNIVERSITY ENVIRONMENT COMMUNICATIONS. Gregorio Martínez Pérez gremar@dif.um.es University of Murcia. MOTIVATION (I). Distributed applications on TCP/IP: impressive growth Services improvement Decreasing costs Very important security problems when

malcolm-patton
Download Presentation

Gregorio Martínez Pérez gremar@dif.um.es University of Murcia

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. PROVIDING SECURITY TO UNIVERSITY ENVIRONMENT COMMUNICATIONS Gregorio Martínez Pérez gremar@dif.um.es University of Murcia

  2. MOTIVATION (I) • Distributed applications on TCP/IP: impressive growth • Services improvement • Decreasing costs • Very important security problems when applications deal with confidential information

  3. MOTIVATION (II) • University of Murcia: infrastructure to provide secure communications • Must warrant: • Confidentiality • Authentication • Integrity • Complex task: • Broad community of users • Heterogeneous systems

  4. PUBLIC KEY INFRASTRUCTURE (I) • Certification Authority (CA) • Trust foundation of the overall system • We are using Netscape Certificate Server • Problem: certification request is a public operation • Solution: intermediate elements • RQServer (Requests Server) • RQClient (Certification Requests Client)

  5. PUBLIC KEY INFRASTRUCTURE (II) • Registration Authority (RA) • Constituted by • Administrative staff • Software applications • Performs the following tasks • To verify people identities • To generate the user private and public keys • To store the private key in the smart card • To create the certification requests • To create the revocation requests

  6. PUBLIC KEY INFRASTRUCTURE (III) • Directory Server • Main use: • To get the information needed to make certification requests • To store the final certificates • To get data stored in this server: LDAP protocol

  7. 1 KByte Security Field RSA Private Key PUBLIC KEY INFRASTRUCTURE (IV) • Smart Cards • Security device to store private keys • Two kinds of smart cards: • 4 Kbytes smart cards

  8. 16 Bytes Security Field Ciphered Private Keys DB RSA Private Key Ciphered Private Key IDEA Key CIPHER PUBLIC KEY INFRASTRUCTURE (V) • Smart Cards • Two kinds of smart cards: • 2 Kbytes smart cards

  9. MAIN OPERATIONS • Certificate Request • Certificate Recovery • Certificate Revocation

  10. Certification Authority Client Authent. SSL SSL RQServer CRON Client Authent. RQClient Client Authent. SSL SSL ID Number USER PERSONAL DATA Ciphered Private Keys DB Directory Server LDAP Registration Authority CERTIFICATE REQUEST RSA PRIVATE OR IDEA KEY

  11. Netscape Communicator Secure Server SSL PIN PKCS#11 Module SSL RSA PRIVATE OR IDEA KEY Ciphered Private Keys DB Directory Server CERTIFICATE RECOVERY

  12. Certification Authority SSL Client Authent. RQServer SSL CRON Client Authent. RVKClient Directory Server Client Authent. Client Authent. SSL SSL Ciphered Private Keys DB LDAP Registration Authority CERTIFICATE REVOCATION

  13. CONCLUSIONS • Complete security infrastructure • Certification Authority • Registration Authorities • Smart cards • Custom PKCS#11 Module • Main security protocols: SSL and S/MIME • Framework to develop custom security applications

  14. FUTURE WORK • Custom CA developed in Java • Solutions for other applications: Microsoft products (PC/SC) • New smart cards approaches: OCF, JavaCards, VOP • Parallel infrastructure that manages credentials: SPKI

  15. PROVIDING SECURITY TO UNIVERSITY ENVIRONMENT COMMUNICATIONS Gregorio Martínez Pérez gremar@dif.um.es University of Murcia

More Related