Conclusion and Future Directions
|
|
- Blaze Sparks
- 8 years ago
- Views:
Transcription
1 Chapter 9 Conclusion and Future Directions The success of e-commerce and e-business applications depends upon the trusted users. Masqueraders use their intelligence to challenge the security during transaction over the Internet. Since millions of users are involved in business transactions over the Internet and they need to interoperate, it is difficult to eradicate impersonation. Thus it is necessary to take proper security measures that allow authentication of business partners, consumers and suppliers, prior to the interchange of information, goods and services. Public Key Infrastructure provides the required trust between users during transactions over the Internet. Trust models are used to establish trust relationship between the users. Hierarchical PKI is one of the most popular PKI trust models that the companies deploy as their security infrastructure. One of the important needs of current PKI is interoperability, which makes possible secure interconnection and co-operation between different PKI structures. In electronic commerce, different PKIs need to be interoperated. So there is a need for efficient methods to merge PKIs so as to achieve interoperability between them. In order to merge PKIs, one has to consider different cases such as whether the merging of companies is permanent or temporary. Depending upon the case, appropriate merging method is to be used. Certificate based user authentication is one more challenge in e-commerce and 147
2 e-business transactions. This can be done by verifying user certificates in PKI. For quick and easy verification of certificates in PKIs, efficient certificate verification algorithms are to be built since there is enough requirement for such methods. For verification of certificates, a user builds a chain of certificates from its trusted CA to the other user s certificate known as certification path. The processing of certificate paths may be a very complicated and time demanding operation, depending on the length of the certificate path and the possible inclusion of relations using cross-certification. Certificate path construction in a Hierarchical PKI is a straightforward process that simply requires the relying party to successively retrieve issuer certificates until a certificate is located that was issued by the trusted root. Peer-to-Peer(also called Mesh PKI) architecture is one of the most popular PKI trust models that is widely used in automated business transactions, but certificate path verification is very complex since there are multiple paths between users, and the certification path is bidirectional. 9.1 Major Contributions A general method to unify Hierarchical PKIs has been developed that takes a different approach from cross-certification technique. The method is to unify the multiple CAs without using cross-certification. By using this method, the trust model with an efficient path processing is built in comparison with the traditional merging methods with cross-certification. A certificate verifier should construct and validate the certification path. If there are crosscertifications, the path construction process is very complex. Cross-certification at the root is the most common solution to merge PKIs for their interoperability. But during acquisition of companies, cross-certification is not required because, whenever a company acquires another company, the 148
3 acquired company becomes a part of the acquiring company. In order to reduce the cost of maintaining Root CAs and to reduce the runtime for certificate path processing, a merging method of CAs without cross-certification has been developed. The Root CA of the company to be acquired is not necessary after merging and can be discarded. In the method, there is no cross-certification and the Root CAs of the acquired PKIs are ignored. So certificate path verification time and the employment cost of Root CAs is reduced significantly as compared to the methods already existing. The merging process is of low-cost. It can be easily constructed and is flexible. A strict hierarchical model is constructed by performing this merging process, so certification path processing is more efficient than other methods. Certificate path length is reduced which in turn reduces the verification time. All the Root CAs except the New Root CA can be ignored and so maintenance cost is reduced. The unification of PKIs for interoperability is possible only if their certificate policies are similar. In case of acquisition of companies, the acquired PKI has to adapt to the certificate policy of the acquiring PKI. However, for other cases, merging of PKIs is possible only if the compatibility score of the certificate policies of the PKIs to be merged, satisfies the final acceptance rule. So one of the contributions of the research work is a method developed to compare and assess certificate policies during merger and acquisition of companies. The method is applicable for merging PKIs with or without cross-certification. In Hierarchical PKI, certificate path is unidirectional, so certificate path development and validation is simple and straight forward. To reduce time required for certificate path verification, an efficient method for path processing in Hierarchical PKIs has been developed. The method uses a local cache in the client side with the Forward path verification technique so that 149
4 it gives better performance than that of the normal Forward path verification technique for certificate path verification. Path construction in a mesh environment is significantly more complicated than in a subordinated hierarchy, requiring the ability to iteratively obtain and combine sets of cross-certificates issued by various CAs. In this research work, an efficient method to convert a mesh or Peer-to-Peer PKI to its equivalent DFS spanning tree to simplify the certificate path construction has been developed. This reduces the complexity of certificate path verification in Peer-to-Peer PKIs by avoiding multiple paths between the users. A novel method to simplify the Certification Path Discovery in Peer-to-Peer PKI by establishing a Virtual hierarchy has also been developed. The resultant hierarchy may be a single rooted or a multi-rooted one. This eliminates the complexity of path verification in Mesh PKI because the path verification in Hierarchical PKI is simple and straightforward. The research contributions are summarized in Table 9.1 and Table 9.2. Table 9.1: Summary of research contributions Contribution Purpose Merging Hierarchical PKIs- Solution1 When the merging of companies is temporary and the companies dynamically change their collaborators. Merging Hierarchical PKIs- Solution2 During acquisition of companies, the merging of companies is permanent and the acquired company becomes a part of the acquiring company in the future. 150
5 Contribution Table 9.2: Summary of research contributions continued... Purpose A method to compare and assess Certificate Policies(CPs) during merger and acquisition of companies Certificate path verification method in Hierarchical PKIs In order to merge PKIs, the CPs of both the PKIs should match. Merging is possible only if the compatibility score of the CPs is satisfies the final acceptance rule. The existing certificate verification methods in Hierarchical PKI are not optimized. The proposed method is an optimized one that reduces certificate path verification time significantly. It is observed that, if the cache hit is doubled, the certificate path verification time is reduced by 50%. Certificate path verification method in Mesh or Peer-to- Peer PKIs-Solution1 Certificate path verification method in Mesh or Peer-to- Peer PKIs-Solution2 This method removes the complexity of certificate path verification in Mesh PKIs due to multiple paths between any two users in Mesh PKI. This method constructs a virtual hierarchy in a Mesh PKI, thus obtaining the best features of certificate path verification of Hierarchical PKI. In Hierarchical PKI, the certificate path construction is simple and straightforward since the certificate path is unidirectional. 151
6 9.2 Suggestions for future research Although our research work contributes toward the technical dimension of merging Hierarchical PKIs during merger and acquisition of companies for interoperability purpose, several measures still need to be taken at the legal/regulatory level. This needs to be done in order to provide a commercially viable service, yielding international co-operation and information exchange in e-commerce and e-business applications. The development of Certificate Policies and Certificate Practice Statements can be automated. This can be integrated with broader security policy and mechanisms. Based on the PKI architecture, there can be provision for online cross-certification services. Reverse Certificate Path Verification by constructing a binary tree using codeword algorithm increases certificate path length. So, more sophisticated algorithms need to be developed for reducing the certificate path length. Algorithms can be developed that work in more realistic environments. For example, we can have a varying number of LDAP servers for each domain. Also, the certificates can be issued or revoked dynamically. Further, more trust anchors can be configured for each relying party. Besides certificate path discovery, certificate revocation checking is another critical process in PKI. Certificate status information is needed for validating a certification path. Checking revocation information introduces additional time and space requirements. At the same time, not checking revocation information or relying on out-of-date information causes construction of invalid certification paths. In this case, relying parties have to repeat their efforts to try to discover a valid path. A simulation that models these situations can help users evaluate the trade-offs between performance overhead and successful rate. 152
7 Even though the certificate path development is more complex in a Mesh PKI, it is most widely used in applications such as MANET. There is enough scope to apply the principles of wired PKI to wireless PKI. Research can be carried out on certificate based user authentication in MANETs. The communicating parties have to provide credentials for authentication without knowing each other from prior sessions. In this case authentication must be based on certificates and a common trusted third party. A PKI is needed for certificate management through their lifecycle. Efficient and more sophisticated path verification(certificate based user authentication) algorithms are required in MANETs because mobile devices have limited processor capacity and memory storage. 153
Cross-Certification and PKI Policy Networking
Entrust Cross-Certification and PKI Policy Networking Author: Jim Turnbull Date: August 2000 Version: 1.0 Copyright 2000-2003 Entrust. All rights reserved. 1 Entrust is a registered trademark of Entrust,
More informationPublic Key Infrastructure
UT DALLAS Erik Jonsson School of Engineering & Computer Science Public Key Infrastructure Murat Kantarcioglu What is PKI How to ensure the authenticity of public keys How can Alice be sure that Bob s purported
More informationCreating Virtual Hierarchy in Peer-to-Peer PKI to Simplify Certificate Path Discovery
Creating Virtual Hierarchy in Peer-to-Peer PKI to Simplify Certificate Path Discovery Balachandra Muniyal Dept. of Information and Communication Technology, Manipal Institute of Technology, Manipal University,
More informationBuilding a virtual hierarchy to simplify certification path discovery in mobile ad-hoc networks
Computer Communications 30 (2007) 1498 1512 www.elsevier.com/locate/comcom Building a virtual hierarchy to simplify certification path discovery in mobile ad-hoc networks Cristina Satizábal a,b, Juan Hernández-Serrano
More informationCertification Path Processing in the Tumbleweed Validation Authority Product Line Federal Bridge CA Meeting 10/14/2004
Certification Path Processing in the Tumbleweed Validation Authority Product Line Federal Bridge CA Meeting 10/14/2004 Stefan Kotes, Engineering Manager Agenda Tumbleweed company overview Certification
More informationComparing Cost of Ownership: Symantec Managed PKI Service vs. On- Premise Software
WHITE PAPER: COMPARING TCO: SYMANTEC MANAGED PKI SERVICE........ VS..... ON-PREMISE........... SOFTWARE................. Comparing Cost of Ownership: Symantec Managed PKI Service vs. On- Premise Software
More informationTest Plan for Department of Defense (DoD) Public Key Infrastructure (PKI) Interagency/Partner Interoperability. Version 1.0.3
Test Plan for Department of Defense (DoD) Public Key Infrastructure (PKI) Interagency/Partner Interoperability Version 1.0.3 Prepared for: Department of Defense (DoD) PKI August 27, 2008 Page 1 Table of
More informationUNDERSTANDING PKI: CONCEPTS, STANDARDS, AND DEPLOYMENT CONSIDERATIONS, 2ND EDITION
UNDERSTANDING PKI: CONCEPTS, STANDARDS, AND DEPLOYMENT CONSIDERATIONS, 2ND EDITION Foreword. Preface. About the Authors. I. CONCEPTS. 1. Introduction. 2. Public-Key Cryptography. Symmetric versus Asymmetric
More informationCopyright The McGraw-Hill Companies, Inc. Permission required for reproduction or display. 15.1
Chapter 15 Key Management Copyright The McGraw-Hill Companies, Inc. Permission required for reproduction or display. 15.1 Symmetric-key Distribution Symmetric-key cryptography is more efficient than asymmetric-key
More informationKeywords: Public Key Infrastructure, Cryptography, Certification Authority, Bridge Certificate Authority, B2B, and Electronic Commerce
Bridge Certification Authorities: Connecting B2B Public Key Infrastructures William T. Polk and Nelson E. Hastings National Institute of Standards and Technology Businesses are deploying Public Key Infrastructures
More informationPart III-a. Universität Klagenfurt - IWAS Multimedia Kommunikation (VK) M. Euchner; Mai 2001. Siemens AG 2001, ICN M NT
Part III-a Contents Part III-a Public-Key Infrastructure (PKI) Definition of a PKI and PKI components PKI Trust Models Digital Certificate, X.509 Certificate Management and Life Cycle Public Key Infrastructure
More informationITL BULLETIN FOR JULY 2012. Preparing for and Responding to Certification Authority Compromise and Fraudulent Certificate Issuance
ITL BULLETIN FOR JULY 2012 Preparing for and Responding to Certification Authority Compromise and Fraudulent Certificate Issuance Paul Turner, Venafi William Polk, Computer Security Division, Information
More informationDesigning Windows Server 2008 Active Directory Infrastructure and Services Course 6436B; 5 Days, Instructor-led
Designing Windows Server 2008 Active Directory Infrastructure and Services Course 6436B; 5 Days, Instructor-led Course Description During this five-day course, students will learn how to design an Active
More informationDigital Certificates (Public Key Infrastructure) Reshma Afshar Indiana State University
Digital Certificates (Public Key Infrastructure) Reshma Afshar Indiana State University October 2015 1 List of Figures Contents 1 Introduction 1 2 History 2 3 Public Key Infrastructure (PKI) 3 3.1 Certificate
More informationUnderstanding the differences in PIV, PIV-I, PIV-C August 23, 2010
Federal CIO Council Information Security and Identity Management Committee Identity, Credential, and Access Management Understanding the differences in PIV, PIV-I, PIV-C August 23, 2010 Tim Baldridge AWG
More informationTeleTrusT European Bridge CA Status and Outlook
TeleTrusT European Bridge CA Status and Outlook TeleTrusT Workshop, Saarbrücken, 2010-06-11 Dr. Guido von der Heidt, Siemens AG Copyright Siemens AG 2010. All rights reserved. Secure (E-Mail) Communication
More informationRECOMMENDATIONS for the PROCESSING of EXTENDED VALIDATION SSL CERTIFICATES January 2, 2014 Version 2.0
Forum RECOMMENDATIONS for the PROCESSING of EXTENDED VALIDATION SSL CERTIFICATES January 2, 2014 Version 2.0 Copyright 2007-2014, The CA / Browser Forum, all rights reserved. Verbatim copying and distribution
More informationDr. Cunsheng DING HKUST, Hong Kong. Security Protocols. Security Protocols. Cunsheng Ding, HKUST COMP685C
Cunsheng Ding, HKUST Lecture 06: Public-Key Infrastructure Main Topics of this Lecture 1. Digital certificate 2. Certificate authority (CA) 3. Public key infrastructure (PKI) Page 1 Part I: Digital Certificates
More informationThe IVE also supports using the following additional features with CA certificates:
1 A CA certificate allows you to control access to realms, roles, and resource policies based on certificates or certificate attributes. For example, you may specify that users must present a valid client-side
More informationCertificate Policies and Certification Practice Statements
Entrust White Paper Certificate Policies and Certification Practice Statements Author: Sharon Boeyen Date: February 1997 Version: 1.0 Copyright 2003 Entrust. All rights reserved. Certificate Policies and
More informationCertificates. Noah Zani, Tim Strasser, Andrés Baumeler
Certificates Noah Zani, Tim Strasser, Andrés Baumeler Overview Motivation Introduction Public Key Infrastructure (PKI) Economic Aspects Motivation Need for secure, trusted communication Growing certificate
More informationencryption keys, signing keys are not archived, reducing exposure to unauthorized access to the private key.
The way the world does business is changing, and corporate security must change accordingly. For instance, e-mail now carries not only memos and notes, but also contracts and sensitive financial information.
More informationLecture 10 - Authentication
Lecture 10 - Authentication CMPSC 443 - Spring 2012 Introduction Computer and Network Security Professor Jaeger www.cse.psu.edu/~tjaeger/cse443-s12/ Kerberos: What to know 1) Alice T rent : {Alice + Bob
More informationEntrust Managed Services PKI
Entrust Managed Services PKI Entrust Managed Services PKI Windows Smart Card Logon Configuration Guide Using Web-based applications Document issue: 1.0 Date of Issue: June 2009 Copyright 2009 Entrust.
More informationLecture 10 - Authentication
CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Lecture 10 - Authentication CSE497b - Spring 2007 Introduction Computer and Network Security Professor Jaeger www.cse.psu.edu/~tjaeger/cse497b-s07/
More informationPKI implementation issues in B2B e-commerce Pita Jarupunphol and Chris J. Mitchell Information Security Group, Royal Holloway, University of London
PKI implementation issues in B2B e-commerce Pita Jarupunphol and Chris J. Mitchell Information Security Group, Royal Holloway, University of London About the authors Pita Jarupunphol (B.B.A. (Dhurakijpundit)
More informationCSC/ECE 574 Computer and Network Security. What Is PKI. Certification Authorities (CA)
Computer Science CSC/ECE 574 Computer and Network Security Topic 7.2 Public Key Infrastructure (PKI) CSC/ECE 574 Dr. Peng Ning 1 What Is PKI Informally, the infrastructure supporting the use of public
More informationassociate professor BME Híradástechnikai Tanszék Lab of Cryptography and System Security (CrySyS) buttyan@hit.bme.hu, buttyan@crysys.
Foundations for secure e-commerce (bmevihim219) Dr. Levente Buttyán associate professor BME Híradástechnikai Tanszék Lab of Cryptography and System Security (CrySyS) buttyan@hit.bme.hu, buttyan@crysys.hu
More informationEMC Celerra Version 5.6 Technical Primer: Public Key Infrastructure Support
EMC Celerra Version 5.6 Technical Primer: Public Key Infrastructure Support Technology Concepts and Business Considerations Abstract Encryption plays an increasingly important role in IT infrastructure
More informationTELSTRA RSS CA Subscriber Agreement (SA)
TELSTRA RSS CA Subscriber Agreement (SA) Last Revision Date: December 16, 2009 Version: Published By: Telstra Corporation Ltd Copyright 2009 by Telstra Corporation All rights reserved. No part of this
More informationNational Certification Authority Framework in Sri Lanka
National Certification Authority Framework in Sri Lanka By Rohana Palliyaguru Manager Operations & Principal Information Security Engineer What is digital Signature? According to UNCITRAL Text 25. Digital
More informationDoD Root Certificate Chaining Problem
DoD Public Key Enablement (PKE) Information Paper DoD Root Certificate Chaining Problem Contact: PKE_Support@disa.mil URL: http://iase.disa.mil/pki/pke Audience This document is intended for DoD system
More informationDriving Safely on Information Highway. April 2006
Driving Safely on Information Highway April 2006 Agenda FIPS 201 and PK enabling Challenges of PK enabling Ways to meet the challenges PKIF Webcullis (demo) TrustEnabler (demo) FIPS 201 unique PK enabling
More informationDesigning a Windows Server 2008 Active Directory Infrastructure and Services
Course Code: M6436 Vendor: Microsoft Course Overview Duration: 5 RRP: 2,025 Designing a Windows Server 2008 Active Directory Infrastructure and Services Overview During this five-day course, delegates
More informationFederal PKI (FPKI) Community Transition to SHA-256 Frequently Asked Questions (FAQ)
Federal PKI (FPKI) Community Transition to SHA-256 Frequently Asked Questions (FAQ) Version 1.0 January 18, 2011 Table of Contents 1. INTRODUCTION... 3 1.1 BACKGROUND... 3 1.2 OBJECTIVE AND AUDIENCE...
More informationIntroduction to Network Security Key Management and Distribution
Introduction to Network Security Key Management and Distribution Egemen K. Çetinkaya Department of Electrical & Computer Engineering Missouri University of Science and Technology cetinkayae@mst.edu http://web.mst.edu/~cetinkayae/teaching/cpe5420fall2015
More informationOverview of CSS SSL. SSL Cryptography Overview CHAPTER
CHAPTER 1 Secure Sockets Layer (SSL) is an application-level protocol that provides encryption technology for the Internet, ensuring secure transactions such as the transmission of credit card numbers
More informationHow To Make A Trustless Certificate Authority Secure
Network Security: Public Key Infrastructure Guevara Noubir Northeastern University noubir@ccs.neu.edu Network Security Slides adapted from Radia Perlman s slides Key Distribution - Secret Keys What if
More informationRestricting Access with Certificate Attributes in Multiple Root Environments A Recipe for Certificate Masquerading
Restricting Access with Certificate Attributes in Multiple Root Environments A Recipe for Certificate Masquerading Capt James M. Hayes, USAF Systems and Network Attack Center National Security Agency Suite
More informationThe DoD Public Key Infrastructure And Public Key-Enabling Frequently Asked Questions
The DoD Public Key Infrastructure And Public Key-Enabling Frequently Asked Questions May 3, 2004 TABLE OF CONTENTS GENERAL PKI QUESTIONS... 1 1. What is PKI?...1 2. What functionality is provided by a
More informationCertificate Authority Product Overview Technology White Paper
RSA Keon Certificate Authority Product Overview Technology White Paper e-business is an integral component of everyday life-from online banking and brokerage transactions, to chip-based smart cards and
More informationDigital certificates and SSL
Digital certificates and SSL 20 out of 33 rated this helpful Applies to: Exchange Server 2013 Topic Last Modified: 2013-08-26 Secure Sockets Layer (SSL) is a method for securing communications between
More informationThe Security Framework 4.1 Programming and Design
Tel: (301) 587-3000 Fax: (301) 587-7877 E-mail: info@setecs.com Web: www.setecs.com Security Architecture for Development and Run Time Support of Secure Network Applications Sead Muftic, President/CEO
More informationModeling and Evaluation of Certification Path Discovery in the Emerging Global PKI
Modeling and Evaluation of Certification Path Discovery in the Emerging Global PKI Meiyuan Zhao 1 and Sean W. Smith 2 1 Communications Technology Lab Intel Corporation Hillsboro, OR 97124 meiyuan.zhao@intel.com
More informationNIST ITL July 2012 CA Compromise
NIST ITL July 2012 CA Compromise Prepared for: Intelligent People paul.turner@venafi.com 1 NIST ITL Bulletin on CA Compromise http://csrc.nist.gov/publications/nistbul/july-2012_itl-bulletin.pdf These
More informationLecture slides by Lawrie Brown for Cryptography and Network Security, 5/e, by William Stallings, Chapter 14 Key Management and Distribution.
Lecture slides by Lawrie Brown for Cryptography and Network Security, 5/e, by William Stallings, Chapter 14 Key Management and Distribution. 1 Opening quote. 2 The topics of cryptographic key management
More informationOverview. SSL Cryptography Overview CHAPTER 1
CHAPTER 1 Note The information in this chapter applies to both the ACE module and the ACE appliance unless otherwise noted. The features in this chapter apply to IPv4 and IPv6 unless otherwise noted. Secure
More informationWhite Paper: Managing Security on Mobile Phones
White Paper: Managing Security on Mobile Phones April 2006 Managing Security on Mobile Phones April 2006 Table of Contents Abstract...2 Executive Summary...2 The Importance Of Managing Security On Mobile
More informationConfiguration Guide for RFMS 3.0 Initial Configuration. WiNG 5 How-To Guide. Digital Certificates. July 2011 Revision 1.0
Configuration Guide for RFMS 3.0 Initial Configuration XXX-XXXXXX-XX WiNG 5 How-To Guide Digital Certificates July 2011 Revision 1.0 MOTOROLA and the Stylized M Logo are registered in the US Patent & Trademark
More informationChapter 5. Regression Testing of Web-Components
Chapter 5 Regression Testing of Web-Components With emergence of services and information over the internet and intranet, Web sites have become complex. Web components and their underlying parts are evolving
More informationA PKI ARCHITECTURE USING OPEN SOURCE SOFTWARE FOR E- GOVERNMENT SERVICES IN ROMANIA
A PKI ARCHITECTURE USING OPEN SOURCE SOFTWARE FOR E- GOVERNMENT SERVICES IN ROMANIA NICUȘOR VATRA The Doctoral School Department, The Bucharest Academy of Economic Studies, 6, Romana Square, district 1
More informationStrategies for the implementation of a Public Key Authentication Framework (PKAF) in Australia
Miscellaneous Publication Strategies for the implementation of a Public Key Authentication Framework (PKAF) in Australia SAA MP75 1996 STRATEGIES FOR THE IMPLEMENTATION OF A PUBLIC KEY AUTHENTICATION FRAMEWORK
More informationA PKI approach targeting the provision of a minimum security level within Internet
A PKI approach targeting the provision of a minimum security level within Internet Maryline Laurent-Maknavicius CNRS Samovar UMR 5157, GET/INT/LOR Maryline.Maknavicius@int-evry.fr Abstract After decades
More informationEntrust Managed Services PKI. Configuring secure LDAP with Domain Controller digital certificates
Entrust Managed Services Entrust Managed Services PKI Configuring secure LDAP with Domain Controller digital certificates Document issue: 1.0 Date of issue: October 2009 Copyright 2009 Entrust. All rights
More informationAuthentication Application
Authentication Application KERBEROS In an open distributed environment servers to be able to restrict access to authorized users to be able to authenticate requests for service a workstation cannot be
More informationIntroduction to Public Key Technology and the Federal PKI Infrastructure 26 February 2001
Introduction to Public Key Technology and the Federal PKI Infrastructure 26 February 2001 D. Richard Kuhn Vincent C. Hu W. Timothy Polk Shu-Jen Chang National Institute of Standards and Technology, 2001.
More informationPurpose of PKI PUBLIC KEY INFRASTRUCTURE (PKI) Terminology in PKIs. Chain of Certificates
Purpose of PKI PUBLIC KEY INFRASTRUCTURE (PKI) Purpose, Methods, Revocation, PKIX To distribute public keys securely Requires - Certificates and Certification Authorities - Method for retrieving certificates
More informationU. S. Department of Justice Information Technology Strategic Plan. Appendix E. Public Key Infrastructure at the Department of Justice.
U. S. Department of Justice Information Technology Strategic Plan Public Key Infrastructure at the Department of Justice White Paper * Introduction As part of its strategic plan, the Department of Justice
More informationSBClient SSL. Ehab AbuShmais
SBClient SSL Ehab AbuShmais Agenda SSL Background U2 SSL Support SBClient SSL 2 What Is SSL SSL (Secure Sockets Layer) Provides a secured channel between two communication endpoints Addresses all three
More informationModule 2: Deploying and Managing Active Directory Certificate Services
Course Syllabus Course 6426B: Configuring and Troubleshooting Identity and Access Solutions with Windows Server 2008 Active Directory About this Course This three-day instructor-led course provides in-depth
More informationHow to Prepare Your Salesforce Service for Certificate Changes
How to Prepare Your Salesforce Service for Certificate Changes Salesforce, Winter 16 @salesforcedocs Last updated: December 8, 2015 Copyright 2000 2015 salesforce.com, inc. All rights reserved. Salesforce
More informationPublic Key Infrastructure for a Higher Education Environment
Public Key Infrastructure for a Higher Education Environment Eric Madden and Michael Jeffers 12/13/2001 ECE 646 Agenda Architectural Design Hierarchy Certificate Authority Key Management Applications/Hardware
More informationProtect Identities for people, workstations, mobiles, networks
ot Corporate ID Protect Identities for people, workstations, mobiles, networks Address your security needs with the leader in the corporate identity market Corporate security challenges The security of
More informationSecuring LAN Connected Devices in Industrial Sites with TLS and Multicast DNS
Securing LAN Connected Devices in Industrial Sites with TLS and Multicast DNS Tero Keski-Valkama May 28, 2015 Version 1.0 Abstract This whitepaper outlines a more flexible and more secure user interface
More informationwww.novell.com/documentation Administration Guide Certificate Server 3.3.8 May 2013
www.novell.com/documentation Administration Guide Certificate Server 3.3.8 May 2013 Legal Notices Novell, Inc., makes no representations or warranties with respect to the contents or use of this documentation,
More informationVIDEO Intypedia013en LESSON 13: DNS SECURITY. AUTHOR: Javier Osuna García-Malo de Molina. GMV Head of Security and Process Consulting Division
VIDEO Intypedia013en LESSON 13: DNS SECURITY AUTHOR: Javier Osuna García-Malo de Molina GMV Head of Security and Process Consulting Division Welcome to Intypedia. In this lesson we will study the DNS domain
More informationTransglobal Secure Collaboration Program Secure E-Mail v.1 Enterprise E-Mail Environment High Level Design
Transglobal Secure Collaboration Program Secure E-Mail v.1 Enterprise E-Mail Environment High Level Design Prepared by: TSCP Secure E-Mail v.1 Project Team Version: 2.0.2 Date: 16 July 2012 TSCP Secure
More information6.1.2 Installing AD DS 7:45
Module 6 Active Directory Module 6 discusses using Active Directory roles; using RODC to access read-only partitions of an Active Directory database, adding Certificate Services role services, managing
More informationConcept of Electronic Approvals
E-Lock Technologies Contact info@elock.com Table of Contents 1 INTRODUCTION 3 2 WHAT ARE ELECTRONIC APPROVALS? 3 3 HOW DO INDIVIDUALS IDENTIFY THEMSELVES IN THE ELECTRONIC WORLD? 3 4 WHAT IS THE TECHNOLOGY
More information1 Public Key Cryptography and Information Security
International Carpathian Control Conference ICCC 2002 MALENOVICE, CZECH REPUBLIC May 27-30, 2002 IMPLEMENTATION ISSUES OF PKI TECHNOLOGY Victor-Valeriu PATRICIU, Marin BICA and Ion BICA Department of Computer
More informationCertificate Management. PAN-OS Administrator s Guide. Version 7.0
Certificate Management PAN-OS Administrator s Guide Version 7.0 Contact Information Corporate Headquarters: Palo Alto Networks 4401 Great America Parkway Santa Clara, CA 95054 www.paloaltonetworks.com/company/contact-us
More informationCommittee on National Security Systems
Committee on National Security Systems CNSS POLICY No.25 March 2009 NATIONAL POLICY FOR PUBLIC KEY INFRASTRUCTURE IN NATIONAL SECURITY SYSTEMS. 1 CHAIR FOREWORD 1. (U) The CNSS Subcommittee chartered a
More informationAuthentication Applications
Authentication Applications CSCI 454/554 Authentication Applications will consider authentication functions developed to support application-level authentication & digital signatures Kerberos a symmetric-key
More informationCertificate technology on Pulse Secure Access
Certificate technology on Pulse Secure Access How-to Guide Published Date July 2015 Contents Introduction: 3 Creating a Certificate signing request (CSR): 3 Import Intermediate CAs: 5 Using Trusted Client
More informationCOMPARISON OF CERTIFICATE POLICIES FOR- MERGING PUBLIC KEY INFRASTRUCTURESDURING MERGER AND ACQUISITION OF COMPANIES
COMPARISON OF CERTIFICATE POLICIES FOR- MERGING PUBLIC KEY INFRASTRUCTURESDURING MERGER AND ACQUISITION OF COMPANIES Balachandra Muniyal 1, Prema K.V 2, Mamatha Balachandra 3 1 Dept. of Information and
More informationAuthentication is not Authorization?! And what is a "digital signature" anyway?
Authentication is not Authorization?! And what is a "digital signature" anyway? Prepared by R. David Vernon Revised 12/01 Introduction REV 1A As part of the IT Architecture Initiative, the Office of Information
More informationImplementing and Administering Security in a Microsoft Windows Server 2003 Network
Implementing and Administering Security in a Microsoft Windows Server 2003 Network Course 2823: Five days; Instructor-led Introduction This five-day instructor-led course addresses the MCSA and MCSE skills
More informationCertificate technology on Junos Pulse Secure Access
Certificate technology on Junos Pulse Secure Access How-to Introduction:... 1 Creating a Certificate signing request (CSR):... 1 Import Intermediate CAs: 3 Using Trusted Client CA on Juno Pulse Secure
More informationAPPENDIX C - PRICING INDEX DIR-SDD-2514 VERIZON BUSINESS NETWORK SERVICES, INC SERVICES
APPENDIX C - PRICING INDEX DIR-SDD-2514 VERIZON BUSINESS NETWORK SERVICES, INC SERVICES Application Vulnerability Scanning. A web-based application service hosted by Verizon Business to provide customers
More informationMaking Digital Signatures Work across National Borders
Making Digital Signatures Work across National Borders Jon Ølnes, Anette Andresen, Leif Buene, Olga Cerrato, Håvard Grindheim DNV (Det Norske Veritas), Norway DNV trusted third party for 140 years Det
More informationAAI - Authentication and Authorization Infrastructure Task Force Certificate Authority Final Report
AAI - Authentication and Authorization Infrastructure Task Force Certificate Authority Final Report 2003 SWITCH Document management Version/status: 1.0 / final Date: 15-JUL-03 Author(s): René Hüsler HTA
More informationPKI Uncovered. Cisco Press. Andre Karamanian Srinivas Tenneti Francois Dessart. 800 East 96th Street. Indianapolis, IN 46240
PKI Uncovered Andre Karamanian Srinivas Tenneti Francois Dessart Cisco Press 800 East 96th Street Indianapolis, IN 46240 Contents Introduction XIII Part I Core Concepts Chapter 1 Crypto Refresh 1 Confidentiality,
More informationState of PKI for SSL/TLS
State of PKI for SSL/TLS NIST Workshop on Improving Trust in the Online Marketplace Russ Housley Vigil Security, LLC Introduction State of the PKI for SSL/TLS: Mostly working, but too fragile Facing motivated
More informationSecurity Digital Certificate Manager
IBM i Security Digital Certificate Manager 7.1 IBM i Security Digital Certificate Manager 7.1 Note Before using this information and the product it supports, be sure to read the information in Notices,
More informationSSL Certificates and Bomgar
SSL Certificates and Bomgar 2015 Bomgar Corporation. All rights reserved worldwide. BOMGAR and the BOMGAR logo are trademarks of Bomgar Corporation; other trademarks shown are the property of their respective
More informationConfiguring Digital Certificates
CHAPTER 36 This chapter describes how to configure digital certificates and includes the following sections: Information About Digital Certificates, page 36-1 Licensing Requirements for Digital Certificates,
More informationHow To Install The Snow Active Directory Discovery Service On Windows 7.5.1 (Windows) (Windows 7) (Powerbook) (For Windows) (Amd64) (Apple) (Macintosh) (Netbook) And (Windows
USER GUIDE Product Snow Active Directory Discovery Version 1.0 Release date 2014-04-29 Document date 2015-02-09 CONTENT ABOUT THIS DOCUMENT... 3 SNOW ACTIVE DIRECTORY DISCOVERY... 3 PREREQUISITES... 4
More informationSecurity Digital Certificate Manager
System i Security Digital Certificate Manager Version 5 Release 4 System i Security Digital Certificate Manager Version 5 Release 4 Note Before using this information and the product it supports, be sure
More informationTopological Properties
Advanced Computer Architecture Topological Properties Routing Distance: Number of links on route Node degree: Number of channels per node Network diameter: Longest minimum routing distance between any
More informationDeployment of IEEE 802.1X for Wired Networks Using Microsoft Windows
Operating System Deployment of IEEE 802.1X for Wired Networks Using Microsoft Windows Microsoft Corporation Published: October 2003 Updated: October 2005 Abstract This article describes how to deploy IEEE
More informationMS 20414 Implementing an Advanced Server Infrastructure
MS 20414 Implementing an Advanced Server Infrastructure P a g e 1 of 10 About this Course In this course, students will learn how to plan and implement some of the more advanced features available in Windows
More informationCyber Warnings E-Magazine August 2015 Edition Copyright Cyber Defense Magazine, All rights reserved worldwide
1 Cyber Warnings E-Magazine August 2015 Edition End-to-End Encryption for Emails. An Organizational Approach by Dr Burkhard Wiegel, Founder and CEO, Zertificon Solutions The threat to electronic enterprise
More informationMicrosoft 6436 - Design Windows Server 2008 Active Directory
1800 ULEARN (853 276) www.ddls.com.au Microsoft 6436 - Design Windows Server 2008 Active Directory Length 5 days Price $4169.00 (inc GST) Overview During this five-day course, students will learn how to
More informationSecureAuth Authentication: How SecureAuth performs what was previously impossible using X.509 certificates
SecureAuth Authentication: How SecureAuth performs what was previously impossible using X.509 certificates As enterprises move their applications to the Web and mobile platforms, providing strong security
More informationContents. Identity Assurance (Scott Rea Dartmouth College) IdM Workshop, Brisbane Australia, August 19, 2008
Identity Assurance (Scott Rea Dartmouth College) IdM Workshop, Brisbane Australia, August 19, 2008 Contents Authentication and Identity Assurance The Identity Assurance continuum Plain Password Authentication
More informationTesting Intelligent Device Communications in a Distributed System
Testing Intelligent Device Communications in a Distributed System David Goughnour (Triangle MicroWorks), Joe Stevens (Triangle MicroWorks) dgoughnour@trianglemicroworks.com United States Smart Grid systems
More informationThe Convergence of IT Security and Physical Access Control
The Convergence of IT Security and Physical Access Control Using a Single Credential to Secure Access to IT and Physical Resources Executive Summary Organizations are increasingly adopting a model in which
More informationImplementing Microsoft Security Networks Course No. MS2823 h 5 Days
COURSE OVERVIEW This five-day instructor-led course addresses the MCSA and MCSE skills path for IT Pro security practitioners, specifically addressing the training needs of those preparing for the 70-299
More informationBlending FreeIPA in a Certificate Infrastructure
FreeIPA 3.3 Training Series Blending FreeIPA in a Certificate Infrastructure Jan Cholasta 2014-02-18 FreeIPA and PKI (1) Some services require certificates for secure communication FreeIPA includes CA
More informationConfiguring and Troubleshooting Identity and Access Solutions with Windows Server 2008 Active Directory
Configuring and Troubleshooting Identity and Access Solutions with Windows Server 2008 Active Directory Course Number: 6426A Course Length: 3 Days Course Overview This three-day instructor-led course provides
More information