PROVIDING SECURITY TO UNIVERSITY ENVIRONMENT COMMUNICATIONS Gregorio Martínez

PROVIDING SECURITY TO UNIVERSITY ENVIRONMENT COMMUNICATIONS Gregorio Martínez Pérez gremar@dif. um. es University of Murcia

MOTIVATION (I) * Distributed applications on TCP/IP: impressive growth ë Services improvement ë Decreasing costs * Very important security problems when applications deal with confidential information University of Murcia

MOTIVATION (II) * University of Murcia: infrastructure to provide secure communications ë Must warrant: • Confidentiality • Authentication • Integrity ë Complex task: • Broad community of users • Heterogeneous systems University of Murcia

PUBLIC KEY INFRASTRUCTURE (I) * Certification Authority (CA) ë Trust foundation of the overall system ë We are using Netscape Certificate Server • Problem: certification request is a public operation • Solution: intermediate elements – RQServer (Requests Server) – RQClient (Certification Requests Client) University of Murcia

PUBLIC KEY INFRASTRUCTURE (II) * Registration Authority (RA) ë Constituted by • Administrative staff • Software applications ë Performs the following tasks • • • To verify people identities To generate the user private and public keys To store the private key in the smart card To create the certification requests To create the revocation requests University of Murcia

PUBLIC KEY INFRASTRUCTURE (III) * Directory Server ë Main use: • To get the information needed to make certification requests • To store the final certificates ë To get data stored in this server: LDAP protocol University of Murcia

PUBLIC KEY INFRASTRUCTURE (IV) * Smart Cards ë Security device to store private keys ë Two kinds of smart cards: • 4 Kbytes smart cards 1 KByte Security Field University of Murcia RSA Private Key

PUBLIC KEY INFRASTRUCTURE (V) * Smart Cards ëTwo kinds of smart cards: • 2 Kbytes smart cards 16 Bytes Security Field IDEA Key RSA Private Key Ciphered CIPHER Private Key University of Murcia Ciphered Private Keys DB

MAIN OPERATIONS * Certificate Request * Certificate Recovery * Certificate Revocation University of Murcia

CERTIFICATE REQUEST Registration Authority Client Authent. Ciphered Private Keys DB Client SSL Authent. SSL Client Authent. RQServer CRON RQClient SSL RSA ID PRIVATE Number OR IDEA KEY USER PERSONAL DATA Directory Server University of Murcia SSL Certification Authority LDAP

CERTIFICATE RECOVERY SSL Netscape Communicator PIN PKCS#11 Module SSL Directory Server RSA PRIVATE OR IDEA KEY Ciphered Private Keys DB University of Murcia Secure Server

CERTIFICATE REVOCATION Registration Authority Client Authent. Client SSL Authent. SSL Client Authent. RQServer CRON RVKClient SSL Client Authent. Certification Authority Ciphered Private Keys DB Directory Server University of Murcia LDAP

CONCLUSIONS * Complete security infrastructure ë Certification Authority ë Registration Authorities ë Smart cards ë Custom PKCS#11 Module ë Main security protocols: SSL and S/MIME * Framework to develop custom security applications University of Murcia

FUTURE WORK * Custom CA developed in Java * Solutions for other applications: Microsoft products (PC/SC) * New smart cards approaches: OCF, Java. Cards, VOP * Parallel infrastructure that manages credentials: SPKI University of Murcia

PROVIDING SECURITY TO UNIVERSITY ENVIRONMENT COMMUNICATIONS Gregorio Martínez Pérez gremar@dif. um. es University of Murcia