8A3 by shimeiyan

VIEWS: 2 PAGES: 15

									 PROVIDING SECURITY TO
UNIVERSITY ENVIRONMENT
    COMMUNICATIONS
      Gregorio Martínez Pérez
        gremar@dif.um.es
       University of Murcia
       MOTIVATION (I)
 Distributed applications on TCP/IP:
 impressive growth
    Services improvement
    Decreasing costs
 Very important security problems
 when
  applications deal with confidential
  informationUniversity of Murcia
      MOTIVATION (II)
 University of Murcia: infrastructure to
 provide secure communications
    Must warrant:
      • Confidentiality
      • Authentication
      • Integrity
    Complex task:
      • Broad community of users
      • Heterogeneous systems
                 University of Murcia
       PUBLIC KEY
   INFRASTRUCTURE (I)
 Certification Authority (CA)
    Trust foundation of the overall system
    We are using Netscape Certificate Server
      • Problem: certification request is a public operation
      • Solution: intermediate elements
         – RQServer (Requests Server)
         – RQClient (Certification Requests Client)

                   University of Murcia
      PUBLIC KEY
  INFRASTRUCTURE (II)
 Registration Authority (RA)
    Constituted by
      • Administrative staff
      • Software applications
    Performs the following tasks
      •   To verify people identities
      •   To generate the user private and public keys
      •   To store the private key in the smart card
      •   To create the certification requests
      •   To create the revocation requests
                   University of Murcia
      PUBLIC KEY
  INFRASTRUCTURE (III)
 Directory Server
    Main use:
      • To get the information needed to make certification
        requests
      • To store the final certificates

    To get data stored in this server: LDAP
     protocol
                 University of Murcia
      PUBLIC KEY
  INFRASTRUCTURE (IV)
 Smart Cards
    Security device to store private keys
    Two kinds of smart cards:
      • 4 Kbytes smart cards
        1 KByte
             Security Field              RSA
                                         Private
                                         Key

                  University of Murcia
               PUBLIC KEY
           INFRASTRUCTURE (V)
   Smart Cards
           Two kinds of smart cards:
              • 2 Kbytes smart cards
                                          RSA
16 Bytes                                  Private
                                          Key
     Security Field

                      IDEA                Ciphered     Ciphered Private
                                  CIPHER
                      Key                Private Key      Keys DB



                         University of Murcia
    MAIN OPERATIONS

 Certificate Request

 Certificate Recovery

 Certificate Revocation


             University of Murcia
     CERTIFICATE REQUEST
                                                           Client
                                SSL                   SSL Authent.
    Registration                         RQServer                    CRON

    Authority                  Client
                              Authent.
                                                         RQClient
 Client    SSL
Authent.            RSA            USER                      SSL
             ID   PRIVATE        PERSONAL
           Number OR IDEA          DATA
                    KEY                             Certification
                                                    Authority
Ciphered                    Directory
Private                                               LDAP
 Keys DB
                            Server



                            University of Murcia
CERTIFICATE RECOVERY
                                           SSL   Secure
             Netscape                            Server
             Communicator
                                     PIN

              PKCS#11 Module
                                      RSA
                                    PRIVATE
                             SSL    OR IDEA
                                      KEY


 Directory               Ciphered
 Server                  Private
                          Keys DB



                  University of Murcia
CERTIFICATE REVOCATION
                                                 Client
                      SSL                   SSL Authent.
 Registration                  RQServer                        CRON

 Authority           Client
                    Authent.
                                               RVKClient
                                                   SSL    Client
  Client    SSL                                          Authent.
 Authent.

                                          Certification
                                          Authority
      Ciphered
      Private
       Keys DB    Directory
                  Server                    LDAP



                  University of Murcia
        CONCLUSIONS
 Complete security infrastructure
    Certification Authority
    Registration Authorities
    Smart cards
    Custom PKCS#11 Module
    Main security protocols: SSL and S/MIME
 Framework to develop custom security
 applications
              University of Murcia
        FUTURE WORK
 Custom CA developed in Java
 Solutions for other applications:
 Microsoft products (PC/SC)
 New smart cards approaches:
 OCF, JavaCards, VOP
 Parallel infrastructure that manages
 credentials: SPKI
             University of Murcia
 PROVIDING SECURITY TO
UNIVERSITY ENVIRONMENT
    COMMUNICATIONS
      Gregorio Martínez Pérez
        gremar@dif.um.es
       University of Murcia

								
To top