Gregorio Martínez Pérez [email protected] University of Murcia PROVIDING SECURITY TO UNIVERSITY...
-
Upload
brice-nash -
Category
Documents
-
view
218 -
download
0
Transcript of Gregorio Martínez Pérez [email protected] University of Murcia PROVIDING SECURITY TO UNIVERSITY...
![Page 1: Gregorio Martínez Pérez gremar@dif.um.es University of Murcia PROVIDING SECURITY TO UNIVERSITY ENVIRONMENT COMMUNICATIONS.](https://reader036.fdocuments.in/reader036/viewer/2022082506/56649ea05503460f94ba3279/html5/thumbnails/1.jpg)
Gregorio Martínez Pérez
University of Murcia
PROVIDING SECURITY TO UNIVERSITY ENVIRONMENT
COMMUNICATIONS
![Page 2: Gregorio Martínez Pérez gremar@dif.um.es University of Murcia PROVIDING SECURITY TO UNIVERSITY ENVIRONMENT COMMUNICATIONS.](https://reader036.fdocuments.in/reader036/viewer/2022082506/56649ea05503460f94ba3279/html5/thumbnails/2.jpg)
University of MurciaUniversity of Murcia
Distributed applications on TCP/IP: impressive growth
Services improvement Decreasing costs
Very important security problems when applications deal with confidential information
MOTIVATION (I)
![Page 3: Gregorio Martínez Pérez gremar@dif.um.es University of Murcia PROVIDING SECURITY TO UNIVERSITY ENVIRONMENT COMMUNICATIONS.](https://reader036.fdocuments.in/reader036/viewer/2022082506/56649ea05503460f94ba3279/html5/thumbnails/3.jpg)
University of MurciaUniversity of Murcia
University of Murcia: infrastructure to
provide secure communications Must warrant:
•Confidentiality•Authentication•Integrity
Complex task:•Broad community of users•Heterogeneous systems
MOTIVATION (II)
![Page 4: Gregorio Martínez Pérez gremar@dif.um.es University of Murcia PROVIDING SECURITY TO UNIVERSITY ENVIRONMENT COMMUNICATIONS.](https://reader036.fdocuments.in/reader036/viewer/2022082506/56649ea05503460f94ba3279/html5/thumbnails/4.jpg)
University of MurciaUniversity of Murcia
Certification Authority (CA) Trust foundation of the overall system We are using Netscape Certificate
Server•Problem: certification request is a public
operation•Solution: intermediate elements
– RQServer (Requests Server)– RQClient (Certification Requests Client)
PUBLIC KEY INFRASTRUCTURE (I)
![Page 5: Gregorio Martínez Pérez gremar@dif.um.es University of Murcia PROVIDING SECURITY TO UNIVERSITY ENVIRONMENT COMMUNICATIONS.](https://reader036.fdocuments.in/reader036/viewer/2022082506/56649ea05503460f94ba3279/html5/thumbnails/5.jpg)
University of MurciaUniversity of Murcia
Registration Authority (RA) Constituted by
•Administrative staff•Software applications
Performs the following tasks•To verify people identities •To generate the user private and public keys•To store the private key in the smart card•To create the certification requests •To create the revocation requests
PUBLIC KEY INFRASTRUCTURE (II)
![Page 6: Gregorio Martínez Pérez gremar@dif.um.es University of Murcia PROVIDING SECURITY TO UNIVERSITY ENVIRONMENT COMMUNICATIONS.](https://reader036.fdocuments.in/reader036/viewer/2022082506/56649ea05503460f94ba3279/html5/thumbnails/6.jpg)
University of MurciaUniversity of Murcia
Directory Server Main use:
•To get the information needed to make certification requests
•To store the final certificates
To get data stored in this server: LDAP protocol
PUBLIC KEY INFRASTRUCTURE (III)
![Page 7: Gregorio Martínez Pérez gremar@dif.um.es University of Murcia PROVIDING SECURITY TO UNIVERSITY ENVIRONMENT COMMUNICATIONS.](https://reader036.fdocuments.in/reader036/viewer/2022082506/56649ea05503460f94ba3279/html5/thumbnails/7.jpg)
University of MurciaUniversity of Murcia
Smart Cards Security device to store private keys Two kinds of smart cards:
•4 Kbytes smart cards
PUBLIC KEY INFRASTRUCTURE (IV)
1 KByte
Security Field
RSA Private Key
![Page 8: Gregorio Martínez Pérez gremar@dif.um.es University of Murcia PROVIDING SECURITY TO UNIVERSITY ENVIRONMENT COMMUNICATIONS.](https://reader036.fdocuments.in/reader036/viewer/2022082506/56649ea05503460f94ba3279/html5/thumbnails/8.jpg)
University of MurciaUniversity of Murcia
Smart Cards Two kinds of smart cards:
•2 Kbytes smart cards
PUBLIC KEY INFRASTRUCTURE (V)
16 Bytes
Security Field
Ciphered PrivateKeys DB
IDEAKey
CIPHERCiphered
Private Key
RSA Private Key
![Page 9: Gregorio Martínez Pérez gremar@dif.um.es University of Murcia PROVIDING SECURITY TO UNIVERSITY ENVIRONMENT COMMUNICATIONS.](https://reader036.fdocuments.in/reader036/viewer/2022082506/56649ea05503460f94ba3279/html5/thumbnails/9.jpg)
University of MurciaUniversity of Murcia
Certificate Request
Certificate Recovery
Certificate Revocation
MAIN OPERATIONS
![Page 10: Gregorio Martínez Pérez gremar@dif.um.es University of Murcia PROVIDING SECURITY TO UNIVERSITY ENVIRONMENT COMMUNICATIONS.](https://reader036.fdocuments.in/reader036/viewer/2022082506/56649ea05503460f94ba3279/html5/thumbnails/10.jpg)
University of MurciaUniversity of Murcia
CERTIFICATE REQUEST
Registration Authority
RSA PRIVATEOR IDEAKEY
LDAP
Certification Authority
SSL
RQServerClient Authent.
SSL
Ciphered Private Keys DB
SSLClient Authent.
IDNumber
DirectoryServer
USER PERSONAL DATA
RQClient
Client Authent.SSL
CRON
![Page 11: Gregorio Martínez Pérez gremar@dif.um.es University of Murcia PROVIDING SECURITY TO UNIVERSITY ENVIRONMENT COMMUNICATIONS.](https://reader036.fdocuments.in/reader036/viewer/2022082506/56649ea05503460f94ba3279/html5/thumbnails/11.jpg)
University of MurciaUniversity of Murcia
CERTIFICATE RECOVERY
PKCS#11 Module
Netscape Communicator
SSL Secure Server
PIN
RSAPRIVATEOR IDEAKEY
Ciphered Private Keys DB
SSL
DirectoryServer
![Page 12: Gregorio Martínez Pérez gremar@dif.um.es University of Murcia PROVIDING SECURITY TO UNIVERSITY ENVIRONMENT COMMUNICATIONS.](https://reader036.fdocuments.in/reader036/viewer/2022082506/56649ea05503460f94ba3279/html5/thumbnails/12.jpg)
University of MurciaUniversity of Murcia
CERTIFICATE REVOCATION
Registration Authority
RQServerClient Authent.
SSL
LDAPDirectoryServer
Certification Authority
SSL Client Authent.
RVKClient
Client Authent.SSL
CRON
Ciphered Private Keys DB
SSLClient Authent.
![Page 13: Gregorio Martínez Pérez gremar@dif.um.es University of Murcia PROVIDING SECURITY TO UNIVERSITY ENVIRONMENT COMMUNICATIONS.](https://reader036.fdocuments.in/reader036/viewer/2022082506/56649ea05503460f94ba3279/html5/thumbnails/13.jpg)
University of MurciaUniversity of Murcia
Complete security infrastructure Certification Authority Registration Authorities Smart cards Custom PKCS#11 Module Main security protocols: SSL and S/MIME
Framework to develop custom security applications
CONCLUSIONS
![Page 14: Gregorio Martínez Pérez gremar@dif.um.es University of Murcia PROVIDING SECURITY TO UNIVERSITY ENVIRONMENT COMMUNICATIONS.](https://reader036.fdocuments.in/reader036/viewer/2022082506/56649ea05503460f94ba3279/html5/thumbnails/14.jpg)
University of MurciaUniversity of Murcia
Custom CA developed in Java Solutions for other applications: Microsoft products (PC/SC) New smart cards approaches: OCF, JavaCards, VOP Parallel infrastructure that manages credentials: SPKI
FUTURE WORK
![Page 15: Gregorio Martínez Pérez gremar@dif.um.es University of Murcia PROVIDING SECURITY TO UNIVERSITY ENVIRONMENT COMMUNICATIONS.](https://reader036.fdocuments.in/reader036/viewer/2022082506/56649ea05503460f94ba3279/html5/thumbnails/15.jpg)
Gregorio Martínez Pérez
University of Murcia
PROVIDING SECURITY TO UNIVERSITY ENVIRONMENT
COMMUNICATIONS