Public Key Applications & Usage A Brief Insight

Similar documents
Using Entrust certificates with VPN

API-Security Gateway Dirk Krafzig

Introduction to Network Security Key Management and Distribution

Security Considerations for DirectAccess Deployments. Whitepaper

nexus PKI Solution Brief nexus PKI

Enterprise Security Management CheckPoint SecuRemote VPN v4.0 for pcanywhere

Kerberos: An Authentication Service for Computer Networks by Clifford Neuman and Theodore Ts o. Presented by: Smitha Sundareswaran Chi Tsong Su

CS 356 Lecture 28 Internet Authentication. Spring 2013

The Convergence of IT Security and Physical Access Control

Dr. Cunsheng DING HKUST, Hong Kong. Security Protocols. Security Protocols. Cunsheng Ding, HKUST COMP685C

Frans Bolk CEO UniQ-ID

The Convergence of IT Security and Physical Access Control

Information Security Basic Concepts

Mobility, Security and Trusted Identities: It s Right In The Palm of Your Hands. Ian Wills Country Manager, Entrust Datacard

How To Understand And Understand The Security Of A Key Infrastructure

Longmai Mobile PKI Solution

Fundamentals of Network Security - Theory and Practice-

Chapter 8. Network Security

Kerberos. Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, BC. From Italy (?).

Chapter 10. Cloud Security Mechanisms

Cloud Computing. Chapter 5 Identity as a Service (IDaaS)

The basic groups of components are described below. Fig X- 1 shows the relationship between components on a network.

Cryptography and Network Security Chapter 14

Enhancing Organizational Security Through the Use of Virtual Smart Cards

Lecture slides by Lawrie Brown for Cryptography and Network Security, 5/e, by William Stallings, Chapter 14 Key Management and Distribution.

WHITE PAPER Usher Mobile Identity Platform

Asheville-Buncombe Technical Community College Department of Networking Technology. Course Outline

Single Sign-On: Reviewing the Field

Module 7 Security CS655! 7-1!

Using etoken for SSL Web Authentication. SSL V3.0 Overview

Information Security

Creating Trust Online TM. Comodo Mutual Authentication Solution Overview: Comodo Two Factor Authentication Comodo Content Verification Certificates

Controller of Certification Authorities of Mauritius

ACADEMIA LOCAL CISCO UCV-MARACAY CONTENIDO DE CURSO CURRICULUM CCNA. SEGURIDAD CCNA SECURITY. VERSION 1.0

Chapter 9 Key Management 9.1 Distribution of Public Keys Public Announcement of Public Keys Publicly Available Directory

CHAPTER 1 INTRODUCTION

An Introduction to Entrust PKI. Last updated: September 14, 2004

Securing Virtual Desktop Infrastructures with Strong Authentication

Moving to Multi-factor Authentication. Kevin Unthank

CERTIFICATES AND CRYPTOGRAPHY

Kerberos-Based Authentication for OpenStack Cloud Infrastructure as a Service

Entrust Managed Services PKI. Getting started with digital certificates and Entrust Managed Services PKI. Document issue: 1.0

Strong Authentication: Enabling Efficiency and Maximizing Security in Your Microsoft Environment

Digital Certificates (Public Key Infrastructure) Reshma Afshar Indiana State University

Cryptography and network security CNET4523

Message authentication and. digital signatures

Introduction to SAML

ADDING STRONGER AUTHENTICATION for VPN Access Control

Security: Focus of Control. Authentication

Advanced Authentication

The DoD Public Key Infrastructure And Public Key-Enabling Frequently Asked Questions

Internal Server Names and IP Address Requirements for SSL:

Smart Card- An Alternative to Password Authentication By Ahmad Ismadi Yazid B. Sukaimi

How To Encrypt Data With Encryption

PKI - current and future

Copyright: WhosOnLocation Limited

CTS2134 Introduction to Networking. Module Network Security

Executive Summary P 1. ActivIdentity

7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security?

OpenHRE Security Architecture. (DRAFT v0.5)

Arkansas Department of Information Systems Arkansas Department of Finance and Administration

Chapter 4. Authentication Applications. COSC 490 Network Security Annie Lu 1

Key Management. CSC 490 Special Topics Computer and Network Security. Dr. Xiao Qin. Auburn University

Applying Cryptography as a Service to Mobile Applications

Windows Web Based VPN Connectivity Details & Instructions

GlobalSign Enterprise Solutions

Security Guide. BES12 Cloud. for BlackBerry

Security Yokogawa Users Group Conference & Exhibition Copyright Yokogawa Electric Corporation Sept. 9-11, 2014 Houston, TX - 1 -

How CA Arcot Solutions Protect Against Internet Threats

Authentication Application

Security Digital Certificate Manager

: Network Security. Name of Staff: Anusha Linda Kostka Department : MSc SE/CT/IT

Case Study for Layer 3 Authentication and Encryption

Future directions of the AusCERT Certificate Service

Authentication Types. Password-based Authentication. Off-Line Password Guessing

Chapter 8 Security. IC322 Fall Computer Networking: A Top Down Approach. 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012

7.1. Remote Access Connection

Module 8. Network Security. Version 2 CSE IIT, Kharagpur

KEY DISTRIBUTION: PKI and SESSION-KEY EXCHANGE. Mihir Bellare UCSD 1

Weak Spots in Enterprise Mobility Management Dennis Schröder

Authentication Scenarios India. Ramachandran

CSE/EE 461 Lecture 23

RSA Digital Certificate Solution

VMware Zimbra Security. Protecting Your VMware Zimbra and Collaboration Environment

Data Protection: From PKI to Virtualization & Cloud

Skoot Secure File Transfer

Cross-layer security and resilience in wireless mesh networks

Securing End-to-End Internet communications using DANE protocol

2.4: Authentication Authentication types Authentication schemes: RSA, Lamport s Hash Mutual Authentication Session Keys Trusted Intermediaries

MAXIMUM DATA SECURITY with ideals TM Virtual Data Room

Cryptography and Network Security Chapter 14. Key Distribution. Key Management and Distribution. Key Distribution Task 4/19/2010

Browser Enhancements to Support SSL/TLS Session-Aware User Authentication

Cloud security architecture

Security. Contents. S Wireless Personal, Local, Metropolitan, and Wide Area Networks 1

BYOzzzz: Focusing on the Unsolved Challenges of Mobility, An Industry Perspective

Transcription:

Public Key Applications & Usage A Brief Insight

Scenario :: Identification, Authentication & Non- Repudiation :: Confidentiality :: Authenticity, requirements and e-business Integrity for electronic transaction requirements transaction. :: Secure assurance :: access Protection from Man-in-the Middle and :: Mutual authentication - by individuals replay attacks - between and by each other components applications. and others issues such as Eavesdropping, - Tampering, Impersonation, Spoofing, Misrepresentation

Public Key 101 - A Revision How many have wondered just what is Public Key Cryptography, PKI, PKCS, and PKIX are? Public Key Cryptography -Encryption algorithms, Message digest functions, Hashed Message Authentication Code (HMAC) functions, Secret key exchange algorithms, Digital signatures PKI - framework of services, technology, protocols, and standards. Basic Components - digital certificates, certificate revocation lists, and certification authorities. Digital Certificates, X.509

Things That We Already Know - Public Key Technology An enabling technology to provide security and to provide truly paperless, digital environments. Potential in applications that involve communications or movement of information over communications or computer networks. PK techniques along with PKI allow secure communication between parties without prior agreement or arrangement. Simplify security and identity management with a single security infrastructure

Digital Certificates Mechanism Trust establish for others can Digital Certificates add value verify, Provide your online ID Management identity Scalability - Managing The public Public key, Key properly and usage vouched of certificates. for by a to public-key cryptography - an Certificates important certificate & ingredient network authority of for TTP (CA), trusted - certificates offers transactions. a third party authorities - User with a (CAs), reliable - Verifying allow means PK the to authenticity to scale check - meet your of the identity an needs entity's to enterprise - Machine/Devices and purported inter enterprise public key. usage

X.509 Format -----BEGIN CERTIFICATE----- MIICKzCCAZSgAwIBAgIBAzANBgkqhkiG9w0BAQQFADA3MQswCQYDVQQGEwJV UzER MA8GA1UEChMITmV0c2NhcGUxFTATBgNVBAsTDFN1cHJpeWEncyBDQTAeFw05 NzEw MTgwMTM2MjVaFw05OTEwMTgwMTM2MjVaMEgxCzAJBgNVBAYTAlVTMREwDwY DVQQK EwhOZXRzY2FwZTENMAsGA1UECxMEUHViczEXMBUGA1UEAxMOU3Vwcml5YSB TaGV0 dhkwgz8wdqyjkozihvcnaqefbqadgy0amigjaogbamr6ezipgfjx3urjgejmkiqg 7SdATYazBcABu1AVyd7chRkiQ31FbXFOGD3wNktbf6hRo6EAmM5/R1AskzZ8AW7L iqzbcrxpc0k4du+2q6xju2mpm/8wkumontuvzpo+sgxelmhvcheqoocwfdizywyz NMmrJgaoMa2MS6pUkfQVAgMBAAGjNjA0MBEGCWCGSAGG+EIBAQQEAwIAgDAf BgNV HSMEGDAWgBTy8gZZkBhHUfWJM1oxeuZc+zYmyTANBgkqhkiG9w0BAQQFAAOBg QBt I6/z07Z635DfzX4XbAFpjlRl/AYwQzTSYx8GfcNAqCqCwaSDKvsuj/vwbf91o3j3 UkdGYpcd2cYRCgKi4MwqdWyLtpuHAH18hHZ5uvi00mJYw8W2wUOsY0RC/a/IDy84 hw3wwehbuqvk5sy4/zj4otjx7dwnmdgwbwfprqjd1a== -----END CERTIFICATE-- ---

Some of possible Public Key Technology usage Date Time Stamping Secured Online Banking Signing & Encryption PDF & Document Secure Email Watermark PKI Code Signing Online File Storage system Cloud Network Security - Strong Device Infrastructure Secured Cloud &(mobile Authenticated Identities; smart credentials WiFi, Document s VPN, BYOD, - E-Documents Federated User/Enterprise Identity and Certificate Access Secure to securely Remote Mobile Access - Client Management File Watermark Secure Secure Device Transfer access Web (Protecting Form cloud-based - E-Certificates Online Code ( Sijil ) File Signing PKI Email Date Secured Time S/MIME Stamping Online Banking Signing Data Server -Smart SSL/TLS Card -& Digital storage Encryption / protect Token Login from online fraud, Entered - E-Statements applications - DTS + Digital Signing system phishing, - Access Digital man-in-the-middle - & Enterprise Convergence Stored ) Signatures, provide Legal Signatures Signing &- Long SSO & In Encryption) (physical, Term Electronic (MITM) Validation attacks logical Forms) PDF Multipurpose Digital Identity (Smartphone - IPSec and VPN mobile access) - Machine / Device Authentication - Firewalls, Routers and Networking Devices Document User/Enterprise Certificate Federated Identity and Access Management Network Security Strong Device Infrastructure Identities; WiFi, VPN, BYOD, Remote Access Secure File Transfer (Protecting Data Entered & Stored In Electronic Forms Secured Authentication Document Secure Web Form Mobile Device

PKI Federated Identity Identity federation streamlines and simplifies IAM processes. By allowing to link, re-use and combine identities across multiple domains, it means users no longer require distinct credentials for each domain. One particularly flexible incarnation is single sign-on, whereby one-off authentication grants seamless access to a host of federated services.

PKI BYOD Integrated Multi-Factor Authentication for users and devices - Identification of User Identity - Authorization to access application - Encrypted Connection - Audit User Activity Data is not stored locally - minimizing risk of data leakage if device is lost or stolen End user convenience through instant secure access to information Must be compatible with all end devices

New Challenges Open Organizations - Require Safe Identity - Firewall & VPN no longer define the border of security domain Internet of Things - M2M -By 2020 more 200 billion devices connected to Internet Critical Infrastructure Privacy in Internet - Protect Identity & Private Data Anonymity

THANK YOU ariffuddin@digicert.com.my

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information