SlideShare a Scribd company logo

PKI_in_Depth__TATT__Niza_Ben_Neji__TMGC

Nizar Ben Neji
Nizar Ben Neji
1 of 9
Download to read offline
26th – 30th October 2015 Public Key Infrastructure (PKI) – In Depth Telecommunications Authority ofTrinidad andTobago (TATT) Dr. Eng. Nizar Ben Neji 26th – 30th October 2015 Trinidad andTobago TMG Consultancy Ltd, London www.tmgconsultancy.co.uk / info@tmgconsultancy.co.uk ©TMG Consultancy Ltd
Content 1. Role of Cryptography in BuildingTrust in the Digital World Security objectives (Authentication, Confidentiality, Integrity and non- repudiation Role of the modern cryptography in information security: o Asymmetric cipher algorithms (RSA, DSA, ECDSA, …) o Symmetric cipher algorithms (AES, DES, 3DES, …) ©TMG Consultancy Ltd Deployment, Management and Use of PKI – Trinidad and Tobago – 26-30 October 2015 1 o Symmetric cipher algorithms (AES, DES, 3DES, …) o Hash algorithms (SHA1, SHA2, …) 2. Elements of Public Key Infrastructure (PKI) Certificate Policy (CP) and Certification Practice Statements (CPS) PKI Architecture (Root CA, Subordinate CAs, Bridge CA, Cross- certification, Mutual recognition between CAs, Certification Path, …) Registration Authorities (RAs) Digital Certificates (Structure, Basic fields, Extensions and Profiles)
Content Certificate Revocation Lists (CRLs) Recommended CryptographicAlgorithms and Key Lengths Publishing Certificates and CRLs Validation Authority (VA) and OCSP Responder PKI Solutions (OpenSSL, EJBCA, Microsoft CA, …) 3. Trust Models in PKI ©TMG Consultancy Ltd Deployment, Management and Use of PKI – Trinidad and Tobago – 26-30 October 2015 2 3. Trust Models in PKI Rooted HierarchicalTrust Model Network (Cross Certification)Trust Model Bridge CA Model Trust List Based Model 4. Hardware Protection of Cryptographic Secrets Cryptographic Smartcard Card (for end users),
Content Hardware Security Module (HSM) (for servers), LongTerm Storage of Cryptographic Proofs 5. Relevant PKI Standards, Protocols and Standardization Organizations • ITUTelecommunication Standardization Sector IETF PKIXWorking Group ©TMG Consultancy Ltd Deployment, Management and Use of PKI – Trinidad and Tobago – 26-30 October 2015 3 • IETF PKIXWorking Group • RSA Security Laboratories • EuropeanTelecommunications Standards Institute (ETSI) • National Institute of Standards andTechnology (NIST) • American National Standard Institute (ANSI) • CA/Browser Forum • Relevant PKI Standards and Protocols
Content 6. Digital Signature Standards and Mechanisms • Purpose, Forms and Groups • Main Properties of Digital Signature • Advanced Electronic Signature • Necessity of a Legal Framework Electronic Signature Policy ©TMG Consultancy Ltd Deployment, Management and Use of PKI – Trinidad and Tobago – 26-30 October 2015 4 • Electronic Signature Policy • Creation of a digital signature • Digital Signature Formats • CMS/PKCS#7 format (Cryptographic Message Syntax) • CAdES (CMS Advanced Electronic Signature) • S/MIME signature • XMLDSig (XML Digital Signature) • XAdES (XML Advanced Electronic Signature) • PDF [ISO 32000-1] • PAdES (PDF Advanced Electronic Signature)
Content 7. Time Stamping Service • Importance ofTime Stamping (TS) Documents • TS Standards • Accurate Source ofTime and NTP • Architecture of aTS Solution Time StampingAuthority ©TMG Consultancy Ltd Deployment, Management and Use of PKI – Trinidad and Tobago – 26-30 October 2015 5 • Time StampingAuthority • Time Stamping Client'sTool • TS Request • TSToken 8. Transition to the ElectronicTransactions E-Terms Basic Electronic Services
Content Security requirements in E-Government Legal, Institutional andTechnical Preparation Security requirements in E-Procurement Security requirements in E-Banking Security requirements in E-Commerce Security Over the Internet ©TMG Consultancy Ltd Deployment, Management and Use of PKI – Trinidad and Tobago – 26-30 October 2015 6 Security Over the Internet SSL/TLS VPN SSL Cryptographic Programming Libraries MS CAPI JAVA IAIK JAVA Bouncycastle Oracle JCE/JCA
Practical Labs 1. Setting up an Enterprise PKI: 1. CertificationAuthority 2. Registration Authority 3. LDAP Repository to publish certificates and CRLs 4. OCSP Responder Installing digital certificates in: ©TMG Consultancy Ltd Deployment, Management and Use of PKI – Trinidad and Tobago – 26-30 October 2015 7 2. Installing digital certificates in: 1. MS Keystore 2. Mozilla Keystore 3. JAVA Keystore 4. Cryptographic Smartcard 3. Securing MS Office Documents 4. Securing Acrobat PDF Documents
Practical Labs 5. Setting up SSL on Apache Web Server 1. Simple SSL Authentication 2. Mutual SSL Authentication 6. Digitally sign source code (Secure JAVAWeb Applet) 7. Securing Messaging Systems (S/MIME, POPS, SMTPS and ©TMG Consultancy Ltd Deployment, Management and Use of PKI – Trinidad and Tobago – 26-30 October 2015 8 7. Securing Messaging Systems (S/MIME, POPS, SMTPS and IMAPS) 6. Digitally sign messages 7. Encrypt messages 8. Setting up an End to End VPN SSL Connection using digital certificates for authentication

Recommended

Digital Security Capacity Building: Role of the University
Digital Security Capacity Building: Role of the UniversityDigital Security Capacity Building: Role of the University
Digital Security Capacity Building: Role of the UniversityNizar Ben Neji
 
Pki and OpenSSL
Pki and OpenSSLPki and OpenSSL
Pki and OpenSSLTony Fabeen
 
Enhancing System Security Using PKI
Enhancing System Security Using PKIEnhancing System Security Using PKI
Enhancing System Security Using PKIChin Wan Lim
 
PKI and Applications
PKI and ApplicationsPKI and Applications
PKI and ApplicationsSvetlin Nakov
 
Implementing Public-Key-Infrastructures
Implementing Public-Key-InfrastructuresImplementing Public-Key-Infrastructures
Implementing Public-Key-InfrastructuresOliver Pfaff
 
PKI in Korea
PKI in KoreaPKI in Korea
PKI in KoreaThe World Bank
 
Marco Casassa Mont: Pki overview
Marco Casassa Mont: Pki overviewMarco Casassa Mont: Pki overview
Marco Casassa Mont: Pki overviewInformation Security Awareness Group
 
PKI Industry growth in Bangladesh
PKI Industry growth in BangladeshPKI Industry growth in Bangladesh
PKI Industry growth in BangladeshBangladesh Network Operators Group
 

Recommended

Digital Security Capacity Building: Role of the University
Digital Security Capacity Building: Role of the UniversityDigital Security Capacity Building: Role of the University
Digital Security Capacity Building: Role of the UniversityNizar Ben Neji
 
Pki and OpenSSL
Pki and OpenSSLPki and OpenSSL
Pki and OpenSSLTony Fabeen
 
Enhancing System Security Using PKI
Enhancing System Security Using PKIEnhancing System Security Using PKI
Enhancing System Security Using PKIChin Wan Lim
 
PKI and Applications
PKI and ApplicationsPKI and Applications
PKI and ApplicationsSvetlin Nakov
 
Implementing Public-Key-Infrastructures
Implementing Public-Key-InfrastructuresImplementing Public-Key-Infrastructures
Implementing Public-Key-InfrastructuresOliver Pfaff
 
PKI in Korea
PKI in KoreaPKI in Korea
PKI in KoreaThe World Bank
 
Marco Casassa Mont: Pki overview
Marco Casassa Mont: Pki overviewMarco Casassa Mont: Pki overview
Marco Casassa Mont: Pki overviewInformation Security Awareness Group
 
PKI Industry growth in Bangladesh
PKI Industry growth in BangladeshPKI Industry growth in Bangladesh
PKI Industry growth in BangladeshBangladesh Network Operators Group
 
Public key Infrastructure (PKI)
Public key Infrastructure (PKI)Public key Infrastructure (PKI)
Public key Infrastructure (PKI)Venkatesh Jambulingam
 
Public key infrastructure
Public key infrastructurePublic key infrastructure
Public key infrastructureAditya Nama
 
Digital certificates and information security
Digital certificates and information securityDigital certificates and information security
Digital certificates and information securityDevam Shah
 
Globally Scalable Mobile Digital ID using IEEE P1451.99
Globally Scalable Mobile Digital ID using IEEE P1451.99Globally Scalable Mobile Digital ID using IEEE P1451.99
Globally Scalable Mobile Digital ID using IEEE P1451.99Peter Waher
 
Introduction To PKI Technology
Introduction To PKI TechnologyIntroduction To PKI Technology
Introduction To PKI TechnologySylvain Maret
 
Introduction to Public Key Infrastructure
Introduction to Public Key InfrastructureIntroduction to Public Key Infrastructure
Introduction to Public Key InfrastructureTheo Gravity
 
PKI by Tim Polk
PKI by Tim PolkPKI by Tim Polk
PKI by Tim PolkInformation Security Awareness Group
 
Pki for dummies
Pki for dummiesPki for dummies
Pki for dummiesAlex de Jong
 
Ch12 Cryptographic Protocols and Public Key Infrastructure
Ch12 Cryptographic Protocols and Public Key InfrastructureCh12 Cryptographic Protocols and Public Key Infrastructure
Ch12 Cryptographic Protocols and Public Key InfrastructureInformation Technology
 
Understanding Digital Certificates & Secure Sockets Layer
Understanding Digital Certificates & Secure Sockets LayerUnderstanding Digital Certificates & Secure Sockets Layer
Understanding Digital Certificates & Secure Sockets LayerCheapSSLUSA
 
The future of data security and blockchain
The future of data security and blockchainThe future of data security and blockchain
The future of data security and blockchainUlf Mattsson
 
Final ppt ecommerce
Final ppt ecommerceFinal ppt ecommerce
Final ppt ecommercepriyanka Garg
 
Public Digital Identity as a Service
Public Digital Identity as a ServicePublic Digital Identity as a Service
Public Digital Identity as a ServicePT Datacomm Diangraha
 
Digital Certificates and Secure Web Access
Digital Certificates and Secure Web AccessDigital Certificates and Secure Web Access
Digital Certificates and Secure Web Accessbluntm64
 
Digital signature and certificate authority
Digital signature and certificate authorityDigital signature and certificate authority
Digital signature and certificate authorityKrutiShah114
 
Blockchain for AI: Review and Open. Research Challenges K. SALAH, M. H. REHMA...
Blockchain for AI: Review and Open. Research Challenges K. SALAH, M. H. REHMA...Blockchain for AI: Review and Open. Research Challenges K. SALAH, M. H. REHMA...
Blockchain for AI: Review and Open. Research Challenges K. SALAH, M. H. REHMA...eraser Juan José Calderón
 
Impact of digital certificate in network security
Impact of digital certificate in network securityImpact of digital certificate in network security
Impact of digital certificate in network securityrhassan84
 
Digital signatures and e-Commerce
Digital signatures and e-CommerceDigital signatures and e-Commerce
Digital signatures and e-CommerceNaveen Jakhar, I.T.S
 
Cryptography
CryptographyCryptography
CryptographyTanviGogri
 
Cryptography Simplified - Symmetric Key, Public Key, PKI, Digital Signature, ...
Cryptography Simplified - Symmetric Key, Public Key, PKI, Digital Signature, ...Cryptography Simplified - Symmetric Key, Public Key, PKI, Digital Signature, ...
Cryptography Simplified - Symmetric Key, Public Key, PKI, Digital Signature, ...Muhammad Faisal Naqvi, CISSP, CISA, AMBCI, ITIL, ISMS LA n Master
 
ION Malta - DANE: The Future of TLS
ION Malta - DANE: The Future of TLSION Malta - DANE: The Future of TLS
ION Malta - DANE: The Future of TLSDeploy360 Programme (Internet Society)
 
Jun 15 privacy in the cloud at financial institutions at the object managemen...
Jun 15 privacy in the cloud at financial institutions at the object managemen...Jun 15 privacy in the cloud at financial institutions at the object managemen...
Jun 15 privacy in the cloud at financial institutions at the object managemen...Ulf Mattsson
 

More Related Content

What's hot

Public key infrastructure
Public key infrastructurePublic key infrastructure
Public key infrastructureAditya Nama
 
Digital certificates and information security
Digital certificates and information securityDigital certificates and information security
Digital certificates and information securityDevam Shah
 
Globally Scalable Mobile Digital ID using IEEE P1451.99
Globally Scalable Mobile Digital ID using IEEE P1451.99Globally Scalable Mobile Digital ID using IEEE P1451.99
Globally Scalable Mobile Digital ID using IEEE P1451.99Peter Waher
 
Introduction To PKI Technology
Introduction To PKI TechnologyIntroduction To PKI Technology
Introduction To PKI TechnologySylvain Maret
 
Introduction to Public Key Infrastructure
Introduction to Public Key InfrastructureIntroduction to Public Key Infrastructure
Introduction to Public Key InfrastructureTheo Gravity
 
Ch12 Cryptographic Protocols and Public Key Infrastructure
Ch12 Cryptographic Protocols and Public Key InfrastructureCh12 Cryptographic Protocols and Public Key Infrastructure
Ch12 Cryptographic Protocols and Public Key InfrastructureInformation Technology
 
Understanding Digital Certificates & Secure Sockets Layer
Understanding Digital Certificates & Secure Sockets LayerUnderstanding Digital Certificates & Secure Sockets Layer
Understanding Digital Certificates & Secure Sockets LayerCheapSSLUSA
 
The future of data security and blockchain
The future of data security and blockchainThe future of data security and blockchain
The future of data security and blockchainUlf Mattsson
 
Public Digital Identity as a Service
Public Digital Identity as a ServicePublic Digital Identity as a Service
Public Digital Identity as a ServicePT Datacomm Diangraha
 
Digital Certificates and Secure Web Access
Digital Certificates and Secure Web AccessDigital Certificates and Secure Web Access
Digital Certificates and Secure Web Accessbluntm64
 
Digital signature and certificate authority
Digital signature and certificate authorityDigital signature and certificate authority
Digital signature and certificate authorityKrutiShah114
 
Blockchain for AI: Review and Open. Research Challenges K. SALAH, M. H. REHMA...
Blockchain for AI: Review and Open. Research Challenges K. SALAH, M. H. REHMA...Blockchain for AI: Review and Open. Research Challenges K. SALAH, M. H. REHMA...
Blockchain for AI: Review and Open. Research Challenges K. SALAH, M. H. REHMA...eraser Juan José Calderón
 
Impact of digital certificate in network security
Impact of digital certificate in network securityImpact of digital certificate in network security
Impact of digital certificate in network securityrhassan84
 

What's hot (20)

Public key Infrastructure (PKI)
Public key Infrastructure (PKI)Public key Infrastructure (PKI)
Public key Infrastructure (PKI)
 
Public key infrastructure
Public key infrastructurePublic key infrastructure
Public key infrastructure
 
Digital certificates and information security
Digital certificates and information securityDigital certificates and information security
Digital certificates and information security
 
Globally Scalable Mobile Digital ID using IEEE P1451.99
Globally Scalable Mobile Digital ID using IEEE P1451.99Globally Scalable Mobile Digital ID using IEEE P1451.99
Globally Scalable Mobile Digital ID using IEEE P1451.99
 
Introduction To PKI Technology
Introduction To PKI TechnologyIntroduction To PKI Technology
Introduction To PKI Technology
 
Introduction to Public Key Infrastructure
Introduction to Public Key InfrastructureIntroduction to Public Key Infrastructure
Introduction to Public Key Infrastructure
 
PKI by Tim Polk
PKI by Tim PolkPKI by Tim Polk
PKI by Tim Polk
 
Pki for dummies
Pki for dummiesPki for dummies
Pki for dummies
 
Ch12 Cryptographic Protocols and Public Key Infrastructure
Ch12 Cryptographic Protocols and Public Key InfrastructureCh12 Cryptographic Protocols and Public Key Infrastructure
Ch12 Cryptographic Protocols and Public Key Infrastructure
 
Understanding Digital Certificates & Secure Sockets Layer
Understanding Digital Certificates & Secure Sockets LayerUnderstanding Digital Certificates & Secure Sockets Layer
Understanding Digital Certificates & Secure Sockets Layer
 
The future of data security and blockchain
The future of data security and blockchainThe future of data security and blockchain
The future of data security and blockchain
 
Final ppt ecommerce
Final ppt ecommerceFinal ppt ecommerce
Final ppt ecommerce
 
Public Digital Identity as a Service
Public Digital Identity as a ServicePublic Digital Identity as a Service
Public Digital Identity as a Service
 
Digital Certificates and Secure Web Access
Digital Certificates and Secure Web AccessDigital Certificates and Secure Web Access
Digital Certificates and Secure Web Access
 
Digital signature and certificate authority
Digital signature and certificate authorityDigital signature and certificate authority
Digital signature and certificate authority
 
Blockchain for AI: Review and Open. Research Challenges K. SALAH, M. H. REHMA...
Blockchain for AI: Review and Open. Research Challenges K. SALAH, M. H. REHMA...Blockchain for AI: Review and Open. Research Challenges K. SALAH, M. H. REHMA...
Blockchain for AI: Review and Open. Research Challenges K. SALAH, M. H. REHMA...
 
Impact of digital certificate in network security
Impact of digital certificate in network securityImpact of digital certificate in network security
Impact of digital certificate in network security
 
Digital signatures and e-Commerce
Digital signatures and e-CommerceDigital signatures and e-Commerce
Digital signatures and e-Commerce
 
Cryptography
CryptographyCryptography
Cryptography
 
Cryptography Simplified - Symmetric Key, Public Key, PKI, Digital Signature, ...
Cryptography Simplified - Symmetric Key, Public Key, PKI, Digital Signature, ...Cryptography Simplified - Symmetric Key, Public Key, PKI, Digital Signature, ...
Cryptography Simplified - Symmetric Key, Public Key, PKI, Digital Signature, ...
 

Similar to PKI_in_Depth__TATT__Niza_Ben_Neji__TMGC

Jun 15 privacy in the cloud at financial institutions at the object managemen...
Jun 15 privacy in the cloud at financial institutions at the object managemen...Jun 15 privacy in the cloud at financial institutions at the object managemen...
Jun 15 privacy in the cloud at financial institutions at the object managemen...Ulf Mattsson
 
DEVELOPMENT OF SECURE CLOUD TRANSMISSION PROTOCOL (SCTP) ENGINEERING PHASES :...
DEVELOPMENT OF SECURE CLOUD TRANSMISSION PROTOCOL (SCTP) ENGINEERING PHASES :...DEVELOPMENT OF SECURE CLOUD TRANSMISSION PROTOCOL (SCTP) ENGINEERING PHASES :...
DEVELOPMENT OF SECURE CLOUD TRANSMISSION PROTOCOL (SCTP) ENGINEERING PHASES :...ijcisjournal
 
PTC Cloud Services Datasheet: Security Primer
PTC Cloud Services Datasheet: Security PrimerPTC Cloud Services Datasheet: Security Primer
PTC Cloud Services Datasheet: Security PrimerPTC
 
Integrating Anonymous Credentials with eIDs for Privacy-respecting Online Au...
Integrating Anonymous Credentials with eIDs for Privacy-respecting Online Au...Integrating Anonymous Credentials with eIDs for Privacy-respecting Online Au...
Integrating Anonymous Credentials with eIDs for Privacy-respecting Online Au...Ioannis Krontiris
 
Authentication and Privacy in Cloud
Authentication and Privacy in CloudAuthentication and Privacy in Cloud
Authentication and Privacy in CloudMphasis
 
Symmetric Key Encryption Decryption Technique Using Image Based Key Generation
Symmetric Key Encryption Decryption Technique Using Image Based Key GenerationSymmetric Key Encryption Decryption Technique Using Image Based Key Generation
Symmetric Key Encryption Decryption Technique Using Image Based Key GenerationIRJET Journal
 
EU H2020 PRISMACLOUD Project Overview
EU H2020 PRISMACLOUD Project OverviewEU H2020 PRISMACLOUD Project Overview
EU H2020 PRISMACLOUD Project OverviewPRISMACLOUD Project
 
International Refereed Journal of Engineering and Science (IRJES)
International Refereed Journal of Engineering and Science (IRJES)International Refereed Journal of Engineering and Science (IRJES)
International Refereed Journal of Engineering and Science (IRJES)irjes
 
Blockchain and IOT and the GxP Lab Slides
Blockchain and IOT and the GxP Lab SlidesBlockchain and IOT and the GxP Lab Slides
Blockchain and IOT and the GxP Lab SlidesPistoia Alliance
 
Security in Cyber-Physical Systems
Security in Cyber-Physical SystemsSecurity in Cyber-Physical Systems
Security in Cyber-Physical SystemsBob Marcus
 
SecureCloud - Concertation Meeting EUBrasilCloudFORUM
SecureCloud - Concertation Meeting EUBrasilCloudFORUMSecureCloud - Concertation Meeting EUBrasilCloudFORUM
SecureCloud - Concertation Meeting EUBrasilCloudFORUMEUBrasilCloudFORUM .
 
What is a secure enterprise architecture roadmap?
What is a secure enterprise architecture roadmap?What is a secure enterprise architecture roadmap?
What is a secure enterprise architecture roadmap?Ulf Mattsson
 
March cybersecurity powerpoint
March cybersecurity powerpointMarch cybersecurity powerpoint
March cybersecurity powerpointCourtney King
 
PCI DSS Conference in London UK 2011
PCI DSS Conference in London UK 2011PCI DSS Conference in London UK 2011
PCI DSS Conference in London UK 2011Ulf Mattsson
 

Similar to PKI_in_Depth__TATT__Niza_Ben_Neji__TMGC (20)

ION Malta - DANE: The Future of TLS
ION Malta - DANE: The Future of TLSION Malta - DANE: The Future of TLS
ION Malta - DANE: The Future of TLS
 
Jun 15 privacy in the cloud at financial institutions at the object managemen...
Jun 15 privacy in the cloud at financial institutions at the object managemen...Jun 15 privacy in the cloud at financial institutions at the object managemen...
Jun 15 privacy in the cloud at financial institutions at the object managemen...
 
DEVELOPMENT OF SECURE CLOUD TRANSMISSION PROTOCOL (SCTP) ENGINEERING PHASES :...
DEVELOPMENT OF SECURE CLOUD TRANSMISSION PROTOCOL (SCTP) ENGINEERING PHASES :...DEVELOPMENT OF SECURE CLOUD TRANSMISSION PROTOCOL (SCTP) ENGINEERING PHASES :...
DEVELOPMENT OF SECURE CLOUD TRANSMISSION PROTOCOL (SCTP) ENGINEERING PHASES :...
 
PTC Cloud Services Datasheet: Security Primer
PTC Cloud Services Datasheet: Security PrimerPTC Cloud Services Datasheet: Security Primer
PTC Cloud Services Datasheet: Security Primer
 
Quantum computing
Quantum computingQuantum computing
Quantum computing
 
Integrating Anonymous Credentials with eIDs for Privacy-respecting Online Au...
Integrating Anonymous Credentials with eIDs for Privacy-respecting Online Au...Integrating Anonymous Credentials with eIDs for Privacy-respecting Online Au...
Integrating Anonymous Credentials with eIDs for Privacy-respecting Online Au...
 
Authentication and Privacy in Cloud
Authentication and Privacy in CloudAuthentication and Privacy in Cloud
Authentication and Privacy in Cloud
 
Cryptography
Cryptography Cryptography
Cryptography
 
Symmetric Key Encryption Decryption Technique Using Image Based Key Generation
Symmetric Key Encryption Decryption Technique Using Image Based Key GenerationSymmetric Key Encryption Decryption Technique Using Image Based Key Generation
Symmetric Key Encryption Decryption Technique Using Image Based Key Generation
 
EU H2020 PRISMACLOUD Project Overview
EU H2020 PRISMACLOUD Project OverviewEU H2020 PRISMACLOUD Project Overview
EU H2020 PRISMACLOUD Project Overview
 
International Refereed Journal of Engineering and Science (IRJES)
International Refereed Journal of Engineering and Science (IRJES)International Refereed Journal of Engineering and Science (IRJES)
International Refereed Journal of Engineering and Science (IRJES)
 
Blockchain and IOT and the GxP Lab Slides
Blockchain and IOT and the GxP Lab SlidesBlockchain and IOT and the GxP Lab Slides
Blockchain and IOT and the GxP Lab Slides
 
Security in Cyber-Physical Systems
Security in Cyber-Physical SystemsSecurity in Cyber-Physical Systems
Security in Cyber-Physical Systems
 
SecureCloud - Concertation Meeting EUBrasilCloudFORUM
SecureCloud - Concertation Meeting EUBrasilCloudFORUMSecureCloud - Concertation Meeting EUBrasilCloudFORUM
SecureCloud - Concertation Meeting EUBrasilCloudFORUM
 
What is a secure enterprise architecture roadmap?
What is a secure enterprise architecture roadmap?What is a secure enterprise architecture roadmap?
What is a secure enterprise architecture roadmap?
 
March cybersecurity powerpoint
March cybersecurity powerpointMarch cybersecurity powerpoint
March cybersecurity powerpoint
 
Ccc brochure
Ccc brochureCcc brochure
Ccc brochure
 
PCI DSS Conference in London UK 2011
PCI DSS Conference in London UK 2011PCI DSS Conference in London UK 2011
PCI DSS Conference in London UK 2011
 
eMCA Suite
eMCA SuiteeMCA Suite
eMCA Suite
 
Secure Your Encryption with HSM
Secure Your Encryption with HSMSecure Your Encryption with HSM
Secure Your Encryption with HSM
 

PKI_in_Depth__TATT__Niza_Ben_Neji__TMGC

  • 1. 26th – 30th October 2015 Public Key Infrastructure (PKI) – In Depth Telecommunications Authority ofTrinidad andTobago (TATT) Dr. Eng. Nizar Ben Neji 26th – 30th October 2015 Trinidad andTobago TMG Consultancy Ltd, London www.tmgconsultancy.co.uk / info@tmgconsultancy.co.uk ©TMG Consultancy Ltd
  • 2. Content 1. Role of Cryptography in BuildingTrust in the Digital World Security objectives (Authentication, Confidentiality, Integrity and non- repudiation Role of the modern cryptography in information security: o Asymmetric cipher algorithms (RSA, DSA, ECDSA, …) o Symmetric cipher algorithms (AES, DES, 3DES, …) ©TMG Consultancy Ltd Deployment, Management and Use of PKI – Trinidad and Tobago – 26-30 October 2015 1 o Symmetric cipher algorithms (AES, DES, 3DES, …) o Hash algorithms (SHA1, SHA2, …) 2. Elements of Public Key Infrastructure (PKI) Certificate Policy (CP) and Certification Practice Statements (CPS) PKI Architecture (Root CA, Subordinate CAs, Bridge CA, Cross- certification, Mutual recognition between CAs, Certification Path, …) Registration Authorities (RAs) Digital Certificates (Structure, Basic fields, Extensions and Profiles)
  • 3. Content Certificate Revocation Lists (CRLs) Recommended CryptographicAlgorithms and Key Lengths Publishing Certificates and CRLs Validation Authority (VA) and OCSP Responder PKI Solutions (OpenSSL, EJBCA, Microsoft CA, …) 3. Trust Models in PKI ©TMG Consultancy Ltd Deployment, Management and Use of PKI – Trinidad and Tobago – 26-30 October 2015 2 3. Trust Models in PKI Rooted HierarchicalTrust Model Network (Cross Certification)Trust Model Bridge CA Model Trust List Based Model 4. Hardware Protection of Cryptographic Secrets Cryptographic Smartcard Card (for end users),
  • 4. Content Hardware Security Module (HSM) (for servers), LongTerm Storage of Cryptographic Proofs 5. Relevant PKI Standards, Protocols and Standardization Organizations • ITUTelecommunication Standardization Sector IETF PKIXWorking Group ©TMG Consultancy Ltd Deployment, Management and Use of PKI – Trinidad and Tobago – 26-30 October 2015 3 • IETF PKIXWorking Group • RSA Security Laboratories • EuropeanTelecommunications Standards Institute (ETSI) • National Institute of Standards andTechnology (NIST) • American National Standard Institute (ANSI) • CA/Browser Forum • Relevant PKI Standards and Protocols
  • 5. Content 6. Digital Signature Standards and Mechanisms • Purpose, Forms and Groups • Main Properties of Digital Signature • Advanced Electronic Signature • Necessity of a Legal Framework Electronic Signature Policy ©TMG Consultancy Ltd Deployment, Management and Use of PKI – Trinidad and Tobago – 26-30 October 2015 4 • Electronic Signature Policy • Creation of a digital signature • Digital Signature Formats • CMS/PKCS#7 format (Cryptographic Message Syntax) • CAdES (CMS Advanced Electronic Signature) • S/MIME signature • XMLDSig (XML Digital Signature) • XAdES (XML Advanced Electronic Signature) • PDF [ISO 32000-1] • PAdES (PDF Advanced Electronic Signature)
  • 6. Content 7. Time Stamping Service • Importance ofTime Stamping (TS) Documents • TS Standards • Accurate Source ofTime and NTP • Architecture of aTS Solution Time StampingAuthority ©TMG Consultancy Ltd Deployment, Management and Use of PKI – Trinidad and Tobago – 26-30 October 2015 5 • Time StampingAuthority • Time Stamping Client'sTool • TS Request • TSToken 8. Transition to the ElectronicTransactions E-Terms Basic Electronic Services
  • 7. Content Security requirements in E-Government Legal, Institutional andTechnical Preparation Security requirements in E-Procurement Security requirements in E-Banking Security requirements in E-Commerce Security Over the Internet ©TMG Consultancy Ltd Deployment, Management and Use of PKI – Trinidad and Tobago – 26-30 October 2015 6 Security Over the Internet SSL/TLS VPN SSL Cryptographic Programming Libraries MS CAPI JAVA IAIK JAVA Bouncycastle Oracle JCE/JCA
  • 8. Practical Labs 1. Setting up an Enterprise PKI: 1. CertificationAuthority 2. Registration Authority 3. LDAP Repository to publish certificates and CRLs 4. OCSP Responder Installing digital certificates in: ©TMG Consultancy Ltd Deployment, Management and Use of PKI – Trinidad and Tobago – 26-30 October 2015 7 2. Installing digital certificates in: 1. MS Keystore 2. Mozilla Keystore 3. JAVA Keystore 4. Cryptographic Smartcard 3. Securing MS Office Documents 4. Securing Acrobat PDF Documents
  • 9. Practical Labs 5. Setting up SSL on Apache Web Server 1. Simple SSL Authentication 2. Mutual SSL Authentication 6. Digitally sign source code (Secure JAVAWeb Applet) 7. Securing Messaging Systems (S/MIME, POPS, SMTPS and ©TMG Consultancy Ltd Deployment, Management and Use of PKI – Trinidad and Tobago – 26-30 October 2015 8 7. Securing Messaging Systems (S/MIME, POPS, SMTPS and IMAPS) 6. Digitally sign messages 7. Encrypt messages 8. Setting up an End to End VPN SSL Connection using digital certificates for authentication