VTCA Project Team - PowerPoint PPT Presentation

1 / 12
About This Presentation
Title:

VTCA Project Team

Description:

Secure Enterprise Technology Initiatives. Internet Application Development ... Tech. Encryption ... Entrust, Verisign, RSA Keon, Baltimore Tech UniCERT ... – PowerPoint PPT presentation

Number of Views:54
Avg rating:3.0/5.0
Slides: 13
Provided by: ValuedGate2193
Category:
Tags: vtca | project | team | tech

less

Transcript and Presenter's Notes

Title: VTCA Project Team


1
VTCA Project Team
Secure Enterprise Technology Initiatives Internet
Application Development

e-Provisioning Group
Frank Galligan frankg_at_vt.edu
Baha Al-Amood balamood_at_vt.edu
PKI Advisory Group University Security
Office Certificate Policy Workgroup
2
Topics
  • Network Security Review
  • Security Issues
  • Encryption As a Solution
  • Why are CAs Needed?
  • Public Key Encryption Example
  • Digital Certificates
  • CA Services
  • What is the VTCA?
  • PKI Background
  • VTCA Project
  • VTCA Architecture
  • VTCA Certificate Request Process
  • Future Direction

3
Security Issues
Privacy
Authentication
Interception
Spoofing
Integrity
Nonrepudiation
Modification
Proof of parties involved
4
Encryption as a Solution
  • Public Key Encryption uses mathematically
    related, but not identical keys
  • Public Key and Private Key pair

GTE CyberTrust
  • Information encrypted with the public key can
    only be decrypted using the private key

5
Encryption Example
How does B know that its As public key?
GTE CyberTrust
Public Key
Encrypted Data
  • Public Key is used to Encrypt Data
  • Private Key is used to Decrypt Data

6
Digital Certificates
  • B wants to be sure that the public key belongs to
    A and not to someone masquerading as A on an open
    network.
  • We can use a trusted third party or Certification
    Authority (CA) to authenticate that the public
    key belongs to A.
  • After A has provided proof of identity, the
    Certification Authority creates a message or
    Digital Certificate
  • containing As name and public key.

Digital Certificate
7
CA Services
  • CA is a Trusted Third Party or the Middleman
  • CA Basic Services
  • Process requests for digital certificates
    (CSR)
  • Issue digital certificates
  • Revoke digital certificates
  • Maintain and publish a certificate
    revocation list (CRL)
  • Ensure the integrity and confidentiality
    of the its private key
  • CA Solutions
  • Commercial Thawte, Entrust, Verisign, RSA
    Keon, Baltimore Tech UniCERT
  • OpenSource OpenCA a GUI for OpenSSL

8
PKI Background
  • Pilot CA running OpenCA
  • IDDL S/MIME and XML forms pilot
  • CS Department Globas Grid Project
  • Smartcards Hokie Passport Office
  • Commercial PKI Programs
  • Evolving requirements for using SSL, TLS
  • Virginia Tech CA Project

9
VTCA Project
  • Architecture Hierarchical Model
  • Level of Assurance FIPS 140-1 Level 3 HSM
  • Vendor or OpenSource OpenSource OpenCA
  • Deployment Model Phased
  • Scope Internal Use
  • Registration Authority Administrators IRM
  • CP and CPS Documents University Security Office

10
VTCA Architecture
Virginia Tech Root CA
Server CA
Windows 2K3 CA ?
S/MIME CA
User CA
SSL Web Server Certificates
Personal Certificates
S/MIME Certificates
11
Certificate Request Process

Certification Authority Server
Registration Authority Server
Hardware Security Module
Subscriber
Internet
Private Network
CA Administrator
RA Administrator
12
Future Direction
  • Phase I - Dec 2003
  • Basic CA and RA services implemented
  • Server certificates available for pilot groups
  • CP and CPS documents completed
  • Administrative organization in place
  • Phase II VT Root Certificate Deployment June
    2004
  • Links on MyPortal
  • VTNET CD Fall 2004
  • Media Blitz
  • SSL Web Server Certificates
  • User Services Training
  • Phase III - December 2004
  • Subordinate User CA
  • Secure Email (S/MIME) certificates
  • Object Signing certificates
  • SSL Client Authentication Pilot
  • Smartcard Pilot
Write a Comment
User Comments (0)
About PowerShow.com