Securing Email And Electronic Documents         With Digital Certificates      Nicholas Davis – UW-Madison
IntroductionNicholas DavisPKI Project Lead at UW-MadisonBackground in encryption andauthentication technologiesInternet 1....
Session Overview• What is a PKI?• What are digital certificates?• What can they be used for?• History of PKI and digital c...
What Is In a PKI? •   Credentialing of individuals •   Generating certificates •   Distributing certificates •   Keeping c...
What is a Digital Certificate?
What is in a Certificate?
Digital Certificate UsesDigital Signing – Sign email anddocuments to prove that theycame from you AND have notbeen altered...
Digital Signatures • Provides proof of   the author • Testifies to   message or   document   integrity • Valuable for both...
What Does a Digital Signature Prove?      Provides proof that the      email came from the      purported sender…Is      t...
What if This Happens at the UW?       Could cause harm in       a critical situation       Case Scenario           Multipl...
A Digital Signature Can Be Invalid For            Many Reasons
Is Email Secure?
EncryptionEncrypting data with adigital certificateSecures it end to end.• While in transit• Across the network• While sit...
Email SecurityDo you perceive your email to be asvisible as a postcard?Do you send sensitive information inemail or as an ...
Public and Private Keys The digital certificate has two parts, a PUBLIC key and a PRIVATE key The Public Key is distribute...
Encryption
Getting Someone’s Public Key      The Public Key must be shared to be      Useful      It can be included as part of your ...
Who Could This Public Key  Possibly Belong To?
Secure Email is Called      S/MIME     • S/MIME = Secure       Multipurpose Mail       Extensions     • S/MIME is the     ...
Authentication - One Card -       One Identity
Credentialing• Non technical, but the most  important part of a PKI!• A certificate is only as trustworthy as  the underly...
Certificate Generation and Storage      • How do you know who you are        dealing with in the generation        process...
Distributing Certificates• Can be done  remotely – benefits  and drawbacks• Can be done face  to face – benefits  and draw...
Keeping Copies – Key Escrow    • Benefit –      Available in case      of emergency    • Drawback – Can      be stolen    ...
Certificate Renewal• Just like your passport, digital certificates  expire• This is for the safety of the organization  an...
Trusted Root Authorities• A certificate issuer  recognized by all  computers around  the globe• Root certificates  are sto...
It Is All About Trust
Encrypting An Email
Future of PKI at the University        of Wisconsin    Migrating to a new PKI provider    5 year lifetime on certificates ...
It Really Is Up To You!• Digital certificates / PKI is not hard to  implement• It provides end to end security of  sensiti...
Question and Answer Session    • Nicholas Davis    • ndavis1@wisc.edu    • Please let me know how I can      be of assista...
Upcoming SlideShare
Loading in …5
×

Securing email and electronic documents with digital certificates, by nicholas davis

411 views

Published on

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
411
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
12
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Securing email and electronic documents with digital certificates, by nicholas davis

  1. 1. Securing Email And Electronic Documents With Digital Certificates Nicholas Davis – UW-Madison
  2. 2. IntroductionNicholas DavisPKI Project Lead at UW-MadisonBackground in encryption andauthentication technologiesInternet 1.0 is overCompliance is the word for 2010Digital certificates bring securityand assurance to your electronicprocesses
  3. 3. Session Overview• What is a PKI?• What are digital certificates?• What can they be used for?• History of PKI and digital certificates at UW-Madison• Expansion of PKI to UW System• Question and answer session• Moving forward!
  4. 4. What Is In a PKI? • Credentialing of individuals • Generating certificates • Distributing certificates • Keeping copies of certificates • Reissuing certificates • Revoking Certificates
  5. 5. What is a Digital Certificate?
  6. 6. What is in a Certificate?
  7. 7. Digital Certificate UsesDigital Signing – Sign email anddocuments to prove that theycame from you AND have notbeen altered from their originalform.Encryption – Protects email andattachments from being viewed oraltered while in transit or storageAuthentication – Replacement forusername and password
  8. 8. Digital Signatures • Provides proof of the author • Testifies to message or document integrity • Valuable for both individual or mass email
  9. 9. What Does a Digital Signature Prove? Provides proof that the email came from the purported sender…Is this email really from Britney Spears? Provides proof that the contents of the email have not been altered from the original form
  10. 10. What if This Happens at the UW? Could cause harm in a critical situation Case Scenario Multiple hoax emails sent with Chancellor’s name and email. When real crisis arrives, people might not believe the warning. It is all about trust!
  11. 11. A Digital Signature Can Be Invalid For Many Reasons
  12. 12. Is Email Secure?
  13. 13. EncryptionEncrypting data with adigital certificateSecures it end to end.• While in transit• Across the network• While sitting on email servers• While in storage• On your desktop computer• On your laptop computer• On a server
  14. 14. Email SecurityDo you perceive your email to be asvisible as a postcard?Do you send sensitive information inemail or as an attachment?How can you be sure the email yousend is protected once it reaches itsfinal destination?
  15. 15. Public and Private Keys The digital certificate has two parts, a PUBLIC key and a PRIVATE key The Public Key is distributed to everyone The Private Key is held very closely And NEVER shared Public Key is used for encryption and verification of a digital signature Private Key is used for Digital signing and decryption
  16. 16. Encryption
  17. 17. Getting Someone’s Public Key The Public Key must be shared to be Useful It can be included as part of your Email signature It can be looked up in an LDAP Directory Can you think of the advantages and disadvantages of each method?
  18. 18. Who Could This Public Key Possibly Belong To?
  19. 19. Secure Email is Called S/MIME • S/MIME = Secure Multipurpose Mail Extensions • S/MIME is the industry standard, not a point solution, unique to a specific vendor
  20. 20. Authentication - One Card - One Identity
  21. 21. Credentialing• Non technical, but the most important part of a PKI!• A certificate is only as trustworthy as the underlying credentialing and management system• Certificate Policies and Certificate Practices Statement
  22. 22. Certificate Generation and Storage • How do you know who you are dealing with in the generation process? • Where you keep the certificate is important
  23. 23. Distributing Certificates• Can be done remotely – benefits and drawbacks• Can be done face to face – benefits and drawbacks
  24. 24. Keeping Copies – Key Escrow • Benefit – Available in case of emergency • Drawback – Can be stolen • Compromise is the best! • Use Audit Trails, separation of duties and good accounting controls for key escrow
  25. 25. Certificate Renewal• Just like your passport, digital certificates expire• This is for the safety of the organization and those who do business with it• Short lifetime – more assurance of validity but a pain to renew• Long lifetime – less assurance of validity, but easier to manage• Use a Certificate Revocation List if you are unsure of certificate validity
  26. 26. Trusted Root Authorities• A certificate issuer recognized by all computers around the globe• Root certificates are stored in the computer’s central certificate store• Requires a stringent audit and a lot of money!
  27. 27. It Is All About Trust
  28. 28. Encrypting An Email
  29. 29. Future of PKI at the University of Wisconsin Migrating to a new PKI provider 5 year lifetime on certificates LDAP push and pull connectivity Beyond UW-Madison, to include other UW System campuses Secure business communications via email between campuses Perhaps replacing username and password authentication for sensitive applications.
  30. 30. It Really Is Up To You!• Digital certificates / PKI is not hard to implement• It provides end to end security of sensitive communications• It is comprehensive, not a mix of point solutions• Internet 1.0 is gone, let’s get down to the business of securing our communications.
  31. 31. Question and Answer Session • Nicholas Davis • ndavis1@wisc.edu • Please let me know how I can be of assistance in your PKI, digital signature and secure email efforts

×