Docstoc

ISSA_20030326_PCGuardian_PKI

Document Sample
ISSA_20030326_PCGuardian_PKI Powered By Docstoc
					   Secure Email
PKI Without the “I”
             Presented at:
   Federal Cyber-Security Conference
      U.S. Department of Interior

              Presented by
 Charlie Matthews, VP Customer Services
               PC Guardian
             March 26, 2003
            Topics of Discussion
            •    Is there a problem with PKI?
            •    What is PKI “without the I?”
            •    How does “PKI without the I” work?
            •    Summary




PC Guardian, 1133 East Francisco Blvd, San Rafael, CA 94901   2
Tel: 415-459-0190 | Fax: 415-459-1162 | info@pcguardian.com
            Public Key Infrastructure
            • A brief history...




PC Guardian, 1133 East Francisco Blvd, San Rafael, CA 94901   3
Tel: 415-459-0190 | Fax: 415-459-1162 | info@pcguardian.com
            1976: The beginning
            • Whitfield Diffie and Martin Hellman introduced
              public key cryptography in their “New Directions
              in Cryptography” white paper in 1976.
            • But … only within the last 10 years or so has
              technology become available to “manage” the
              public/private key pairs. This managed solution is
              referred to as Public Key Infrastructure (PKI).
            • Support for digital certificates has been a primary
              struggle and challenge for the market.

PC Guardian, 1133 East Francisco Blvd, San Rafael, CA 94901     4
Tel: 415-459-0190 | Fax: 415-459-1162 | info@pcguardian.com
            1999: “The Year of PKI!”
            • Mathew Nelson, InfoWorld: “Is 1999 the Year of
              PKI?”
            • John Ryan, Entrust : “…recognition by companies
              that they will all need a PKI is now upon us. So I
              think this year will be the year where people
              recognize they will definitely have a PKI in their
              enterprise.”



PC Guardian, 1133 East Francisco Blvd, San Rafael, CA 94901        5
Tel: 415-459-0190 | Fax: 415-459-1162 | info@pcguardian.com
            Four years later …
            • Gartner Group: “50 percent of all PKI software
              ultimately becomes shelfware.”
            • “2002 will be the year … PKI dies” Source:
              Gene Schultz - Principal Engineer with Lawrence
              Berkeley Laboratory




PC Guardian, 1133 East Francisco Blvd, San Rafael, CA 94901     6
Tel: 415-459-0190 | Fax: 415-459-1162 | info@pcguardian.com
            PKI – what went wrong?
            • “There are now many successful PKI rollouts that
              serve the needs of organizations well. But the PKI
              movement has been doomed from its onset, and
              by the end of this year (2002) the demise of
              this movement will be widely
              acknowledged.” (Schultz)




PC Guardian, 1133 East Francisco Blvd, San Rafael, CA 94901    7
Tel: 415-459-0190 | Fax: 415-459-1162 | info@pcguardian.com
            What went wrong?
            • “I would in fact even like to go on record as being
              in favor of PKI. However, promise and reality are
              not the same. A large number of
              organizations have tried to implement a
              PKI, but have failed. In many cases the PKIs
              were designed and put in place, but were not
              used at all or used very little afterwards.”
            • “…among financial institutions, only 14 percent
              had invested in PKI products and only one
              percent actually used them.” (Schultz)

PC Guardian, 1133 East Francisco Blvd, San Rafael, CA 94901     8
Tel: 415-459-0190 | Fax: 415-459-1162 | info@pcguardian.com
            What went wrong?
            • Lack of interoperability: Failure to obtain cross
              certification between Certificate Authorities
              (especially root CAs) belonging to different PKI
              trees that are run by different vendor software.
            • Complexity: Failure to use a technology that
              superficially seems easy, but which has complex
              underlying mechanisms and procedures. Most
              users do not understand what a public key is.
            • Cost: PKI is very expensive.

PC Guardian, 1133 East Francisco Blvd, San Rafael, CA 94901   9
Tel: 415-459-0190 | Fax: 415-459-1162 | info@pcguardian.com
            What went wrong?
            • It is a good and sound concept that lacked a
              simple, cost effective, method of implementation.
            • It is not completely dead. PKI is just waiting for
              the market to package it into something that
              works.
            • “The primary fault lies with certificate
              management.” (Shultz)



PC Guardian, 1133 East Francisco Blvd, San Rafael, CA 94901   10
Tel: 415-459-0190 | Fax: 415-459-1162 | info@pcguardian.com
            Cost
             Standard PKI can be very expensive to implement.
                                          *Cost Per Seat         *Cost Per Seat
               Vendor                     at 5,000 Seats        at 20,000 Seats

               Entrust                                   $225             $111

               Verisign                                  $114                $75
                       costs. Source: “Choosing a PKI Vendor,” Renaissance
             * First-year

             Worldwide, Inc., March 2000.

PC Guardian, 1133 East Francisco Blvd, San Rafael, CA 94901                    11
Tel: 415-459-0190 | Fax: 415-459-1162 | info@pcguardian.com
            What customers really
            want...
            • A secure and practical method of message
              transmission.
            • One that …
              1. Any end user can understand and use.
              2. Offers level of security relative to Total Cost
              of Ownership.
              3. Can evolve with technology.



PC Guardian, 1133 East Francisco Blvd, San Rafael, CA 94901        12
Tel: 415-459-0190 | Fax: 415-459-1162 | info@pcguardian.com
            Specifically…
            • Sends secure messages to those outside as well
              as those within the organization.
            • Simple to use, simple to deploy, simple to
              administer.
            • Does not require recipients to install special
              software.
            • Is cost-efficient.
            • Can use certificates when the “time is right.”

PC Guardian, 1133 East Francisco Blvd, San Rafael, CA 94901    13
Tel: 415-459-0190 | Fax: 415-459-1162 | info@pcguardian.com
  PC Guardian’s
   Secure Email
PKI Without The “I”
           PC Guardian’s
    Encryption Plus® Email 3.0
               and
Encryption Plus® Secure Export 5.0
            Technology overview
            • EP Email: A plug-in for Lotus Notes or Microsoft
              Outlook.
            • EP Secure Export: Stand alone version.
            • Support both peer-to-peer Public Private Key
              (PPK) and Symmetrical Key (SK) technology.
            • Simple to deploy using any common deployment
              process.
            • Little or no training for Admin, technicians, help
              desk staff, or end users.

PC Guardian, 1133 East Francisco Blvd, San Rafael, CA 94901    15
Tel: 415-459-0190 | Fax: 415-459-1162 | info@pcguardian.com
The User Program
                 Peer-to-Peer Key Distribution
                              If sender and recipient have EP
                             Email installed, they can exchange
         Company A                                                         Company B
                               public keys directly via email.




1   Company A User sends an email                             2     Company B User sends an
      containing his public key to                                email containing her public key
           Company B user.                                              to Company A user.

4   The email containing Company                              3   The email containing Company
         B user’s public key is                                       A user’s public key is
      automatically received and                                    automatically received and
    added to the Recipient Manager.                               added to the Recipient Manager



PC Guardian, 1133 East Francisco Blvd, San Rafael, CA 94901                                 17
Tel: 415-459-0190 | Fax: 415-459-1162 | info@pcguardian.com
                    Symmetrical Key Technology
                          as an option
          Company A User           1                                  Company B User
          Encryption Plus                  Users A and B             No Encryption Plus
                                        agree on a password.




  2
      User A enters this password and
      sends User B an encrypted                                3
      message.
                                                                   User B receives a file that
                                                                   can be decrypted using the
                                                                   shared password.
                                                                   Encryption Plus Email or
                                                                   Secure Export do not have
                                                                   to be installed.


PC Guardian, 1133 East Francisco Blvd, San Rafael, CA 94901                                      18
Tel: 415-459-0190 | Fax: 415-459-1162 | info@pcguardian.com
            It Must Be Simple
              Sender creates message as usual and             User A
              clicks the SEND button.


              The SEND process is hooked.


              We access the recipient’s Public Key            The message is encrypted and
              (or Symmetrical Key) to encrypt the             continues its journey to the
              message.                                        recipient.



PC Guardian, 1133 East Francisco Blvd, San Rafael, CA 94901                                  19
Tel: 415-459-0190 | Fax: 415-459-1162 | info@pcguardian.com
            It Must Be Simple (cont)
              The encrypted message is
              received as usual.


           User B
                                       Are we installed?


                                         Yes        No        User is prompted for password
                                                              to decrypt message.

                                                              The encrypted message is
                                                              decrypted automatically.

PC Guardian, 1133 East Francisco Blvd, San Rafael, CA 94901                              20
Tel: 415-459-0190 | Fax: 415-459-1162 | info@pcguardian.com
                                                Based on the concept of the
                                                Recipient Manager. (A simplified
                                                address book.)




PC Guardian, 1133 East Francisco Blvd, San Rafael, CA 94901                 21
Tel: 415-459-0190 | Fax: 415-459-1162 | info@pcguardian.com
                                                Recipient Manager auto prompts
                                                for recipient info.




PC Guardian, 1133 East Francisco Blvd, San Rafael, CA 94901              22
Tel: 415-459-0190 | Fax: 415-459-1162 | info@pcguardian.com
                                                Recipient’s info now stored in
                                                Recipient Manager. Sender now
                                                sends Public Key.


                                                Recipient accepts Public Key.
                                                Program automatically mails
                                                Recipient Public Key to sender.

PC Guardian, 1133 East Francisco Blvd, San Rafael, CA 94901                 23
Tel: 415-459-0190 | Fax: 415-459-1162 | info@pcguardian.com
             Easy to deploy
        1                  Admin                                                Users
       Your organization
       assigns an admin.
                                    3
                                        User setup files are
        2                               installed on the user
       The program creates              machines.
       admin key and user
       setup files
                                                                    Program is installed using common
                                                                4   installation tools and a unique Public
                                                                    Private Key is created for each user.
PC Guardian, 1133 East Francisco Blvd, San Rafael, CA 94901                                      24
Tel: 415-459-0190 | Fax: 415-459-1162 | info@pcguardian.com
            Simple
            • Deploy in any standard deployment model.
            • Public/Private Keys transparently generated on
              user workstations.
            • User populates Recipient Manager with email
              addresses of others.
            • Users send Public Keys to those in Recipient
              Manager.
            • Public Keys of others automatically returned and
              stored in Recipient Manager
            • Messages automatically encrypted at send time.

PC Guardian, 1133 East Francisco Blvd, San Rafael, CA 94901      25
Tel: 415-459-0190 | Fax: 415-459-1162 | info@pcguardian.com
            Features
            • Protects data via 256-bit AES
            • Automatically generates public-private keys using Elliptic
              Curve Cryptography with a 233-bit key
            • Includes simplified public key exchange
            • Needs no Digital Certificates (but future release will
              support x.509 certificates)
            • Needs no key servers
            • Includes option to require user passwords
            • Allows encrypted files pass through content-filtering
              firewalls
            • Administrators can recover encrypted data

PC Guardian, 1133 East Francisco Blvd, San Rafael, CA 94901         26
Tel: 415-459-0190 | Fax: 415-459-1162 | info@pcguardian.com
            Benefits
            • Requires little training
            • Uses simplified, secure Public-Private Key and
              optional Symmetrical Key technology
            • Recipients outside the organization do not need
              special software to receive encrypted email
            • Requires minimal infrastructure or financial
              investment to implement



PC Guardian, 1133 East Francisco Blvd, San Rafael, CA 94901     27
Tel: 415-459-0190 | Fax: 415-459-1162 | info@pcguardian.com
            Cost
                                           Cost Per Seat               Cost Per Seat
               Vendor                     at 5,000 Seats             at 20,000 Seats

               Entrust                                        $225             $111

               Verisign                                       $114              $75

               PC Guardian                                    $28               $19
             First-year costs.

PC Guardian, 1133 East Francisco Blvd, San Rafael, CA 94901                        28
Tel: 415-459-0190 | Fax: 415-459-1162 | info@pcguardian.com
            PC Guardian
             http://www.pcguardian.com
             http://www.pcguardian.co.uk

             800-288-8126 (USA & Canada)
             +1-415-459-0190
             (0) 1752 318 078 (United Kingdom)




PC Guardian, 1133 East Francisco Blvd, San Rafael, CA 94901   29
Tel: 415-459-0190 | Fax: 415-459-1162 | info@pcguardian.com

				
DOCUMENT INFO
Shared By:
Categories:
Tags:
Stats:
views:2
posted:5/16/2012
language:English
pages:29
fanzhongqing fanzhongqing http://
About