Securing email and electronic documents with digital certificates, by nicholas davis
-
Upload
nicholas-davis -
Category
Technology
-
view
224 -
download
2
description
Transcript of Securing email and electronic documents with digital certificates, by nicholas davis
![Page 1: Securing email and electronic documents with digital certificates, by nicholas davis](https://reader035.fdocuments.us/reader035/viewer/2022081518/54b8de684a79592d6a8b4664/html5/thumbnails/1.jpg)
Securing Email And Electronic Documents With Digital Certificates
Nicholas Davis – UW-Madison
![Page 2: Securing email and electronic documents with digital certificates, by nicholas davis](https://reader035.fdocuments.us/reader035/viewer/2022081518/54b8de684a79592d6a8b4664/html5/thumbnails/2.jpg)
Introduction
Nicholas Davis
PKI Project Lead at UW-Madison
Background in encryption and authentication technologies
Internet 1.0 is over
Compliance is the word for 2010
Digital certificates bring security and assurance to your electronic processes
![Page 3: Securing email and electronic documents with digital certificates, by nicholas davis](https://reader035.fdocuments.us/reader035/viewer/2022081518/54b8de684a79592d6a8b4664/html5/thumbnails/3.jpg)
Session Overview
• What is a PKI?
• What are digital certificates?
• What can they be used for?
• History of PKI and digital certificates at UW-Madison
• Expansion of PKI to UW System
• Question and answer session
• Moving forward!
![Page 4: Securing email and electronic documents with digital certificates, by nicholas davis](https://reader035.fdocuments.us/reader035/viewer/2022081518/54b8de684a79592d6a8b4664/html5/thumbnails/4.jpg)
What Is In a PKI?
• Credentialing of individuals
• Generating certificates
• Distributing certificates
• Keeping copies of certificates
• Reissuing certificates
• Revoking Certificates
![Page 5: Securing email and electronic documents with digital certificates, by nicholas davis](https://reader035.fdocuments.us/reader035/viewer/2022081518/54b8de684a79592d6a8b4664/html5/thumbnails/5.jpg)
What is a Digital Certificate?
![Page 6: Securing email and electronic documents with digital certificates, by nicholas davis](https://reader035.fdocuments.us/reader035/viewer/2022081518/54b8de684a79592d6a8b4664/html5/thumbnails/6.jpg)
What is in a Certificate?
![Page 7: Securing email and electronic documents with digital certificates, by nicholas davis](https://reader035.fdocuments.us/reader035/viewer/2022081518/54b8de684a79592d6a8b4664/html5/thumbnails/7.jpg)
Digital Certificate Uses
Digital Signing – Sign email and documents to prove that they came from you AND have not been altered from their original form.
Encryption – Protects email and attachments from being viewed or altered while in transit or storage
Authentication – Replacement for username and password
![Page 8: Securing email and electronic documents with digital certificates, by nicholas davis](https://reader035.fdocuments.us/reader035/viewer/2022081518/54b8de684a79592d6a8b4664/html5/thumbnails/8.jpg)
Digital Signatures
• Provides proof of the author
• Testifies to message or document integrity
• Valuable for both individual or mass email
![Page 9: Securing email and electronic documents with digital certificates, by nicholas davis](https://reader035.fdocuments.us/reader035/viewer/2022081518/54b8de684a79592d6a8b4664/html5/thumbnails/9.jpg)
What Does a Digital Signature Prove?
Provides proof that the
email came from the
purported sender…Is
this email really from
Britney Spears?
Provides proof that the
contents of the email
have not been altered
from the original form
![Page 10: Securing email and electronic documents with digital certificates, by nicholas davis](https://reader035.fdocuments.us/reader035/viewer/2022081518/54b8de684a79592d6a8b4664/html5/thumbnails/10.jpg)
What if This Happens at the UW?
Could cause harm in
a critical situation
Case Scenario
Multiple hoax emails sent with Chancellor’s name and email.
When real crisis arrives, people might not believe the warning.
It is all about trust!
![Page 11: Securing email and electronic documents with digital certificates, by nicholas davis](https://reader035.fdocuments.us/reader035/viewer/2022081518/54b8de684a79592d6a8b4664/html5/thumbnails/11.jpg)
A Digital Signature Can Be Invalid For Many Reasons
![Page 12: Securing email and electronic documents with digital certificates, by nicholas davis](https://reader035.fdocuments.us/reader035/viewer/2022081518/54b8de684a79592d6a8b4664/html5/thumbnails/12.jpg)
Is Email Secure?
![Page 13: Securing email and electronic documents with digital certificates, by nicholas davis](https://reader035.fdocuments.us/reader035/viewer/2022081518/54b8de684a79592d6a8b4664/html5/thumbnails/13.jpg)
Encryption
Encrypting data with a digital certificateSecures it end to end.• While in transit• Across the network• While sitting on email
servers• While in storage• On your desktop
computer• On your laptop
computer• On a server
![Page 14: Securing email and electronic documents with digital certificates, by nicholas davis](https://reader035.fdocuments.us/reader035/viewer/2022081518/54b8de684a79592d6a8b4664/html5/thumbnails/14.jpg)
Email SecurityDo you perceive your email to be as visible as a postcard?
Do you send sensitive information in email or as an attachment?
How can you be sure the email you send is protected once it reaches its final destination?
![Page 15: Securing email and electronic documents with digital certificates, by nicholas davis](https://reader035.fdocuments.us/reader035/viewer/2022081518/54b8de684a79592d6a8b4664/html5/thumbnails/15.jpg)
Public and Private Keys
The digital certificate has two parts, aPUBLIC key and a PRIVATE keyThe Public Key is distributed toeveryoneThe Private Key is held very closelyAnd NEVER sharedPublic Key is used for encryption andverification of a digital signaturePrivate Key is used for Digital signing anddecryption
![Page 16: Securing email and electronic documents with digital certificates, by nicholas davis](https://reader035.fdocuments.us/reader035/viewer/2022081518/54b8de684a79592d6a8b4664/html5/thumbnails/16.jpg)
Encryption
![Page 17: Securing email and electronic documents with digital certificates, by nicholas davis](https://reader035.fdocuments.us/reader035/viewer/2022081518/54b8de684a79592d6a8b4664/html5/thumbnails/17.jpg)
Getting Someone’s Public Key
The Public Key must be shared to beUsefulIt can be included as part of yourEmail signatureIt can be looked up in an LDAPDirectoryCan you think of the advantages anddisadvantages of each method?
![Page 18: Securing email and electronic documents with digital certificates, by nicholas davis](https://reader035.fdocuments.us/reader035/viewer/2022081518/54b8de684a79592d6a8b4664/html5/thumbnails/18.jpg)
Who Could This Public Key Possibly Belong To?
![Page 19: Securing email and electronic documents with digital certificates, by nicholas davis](https://reader035.fdocuments.us/reader035/viewer/2022081518/54b8de684a79592d6a8b4664/html5/thumbnails/19.jpg)
Secure Email is Called S/MIME
• S/MIME = Secure Multipurpose Mail Extensions
• S/MIME is the industry standard, not a point solution, unique to a specific vendor
![Page 20: Securing email and electronic documents with digital certificates, by nicholas davis](https://reader035.fdocuments.us/reader035/viewer/2022081518/54b8de684a79592d6a8b4664/html5/thumbnails/20.jpg)
Authentication - One Card - One Identity
![Page 21: Securing email and electronic documents with digital certificates, by nicholas davis](https://reader035.fdocuments.us/reader035/viewer/2022081518/54b8de684a79592d6a8b4664/html5/thumbnails/21.jpg)
Credentialing
• Non technical, but the most important part of a PKI!
• A certificate is only as trustworthy as the underlying credentialing and management system
• Certificate Policies and Certificate Practices Statement
![Page 22: Securing email and electronic documents with digital certificates, by nicholas davis](https://reader035.fdocuments.us/reader035/viewer/2022081518/54b8de684a79592d6a8b4664/html5/thumbnails/22.jpg)
Certificate Generation and Storage
• How do you know who you are dealing with in the generation process?
• Where you keep the certificate is important
![Page 23: Securing email and electronic documents with digital certificates, by nicholas davis](https://reader035.fdocuments.us/reader035/viewer/2022081518/54b8de684a79592d6a8b4664/html5/thumbnails/23.jpg)
Distributing Certificates
• Can be done remotely – benefits and drawbacks
• Can be done face to face – benefits and drawbacks
![Page 24: Securing email and electronic documents with digital certificates, by nicholas davis](https://reader035.fdocuments.us/reader035/viewer/2022081518/54b8de684a79592d6a8b4664/html5/thumbnails/24.jpg)
Keeping Copies – Key Escrow• Benefit –
Available in case of emergency
• Drawback – Can be stolen
• Compromise is the best!
• Use Audit Trails, separation of duties and good accounting controls for key escrow
![Page 25: Securing email and electronic documents with digital certificates, by nicholas davis](https://reader035.fdocuments.us/reader035/viewer/2022081518/54b8de684a79592d6a8b4664/html5/thumbnails/25.jpg)
Certificate Renewal
• Just like your passport, digital certificates expire
• This is for the safety of the organization and those who do business with it
• Short lifetime – more assurance of validity but a pain to renew
• Long lifetime – less assurance of validity, but easier to manage
• Use a Certificate Revocation List if you are unsure of certificate validity
![Page 26: Securing email and electronic documents with digital certificates, by nicholas davis](https://reader035.fdocuments.us/reader035/viewer/2022081518/54b8de684a79592d6a8b4664/html5/thumbnails/26.jpg)
Trusted Root Authorities
• A certificate issuer recognized by all computers around the globe
• Root certificates are stored in the computer’s central certificate store
• Requires a stringent audit and a lot of money!
![Page 28: Securing email and electronic documents with digital certificates, by nicholas davis](https://reader035.fdocuments.us/reader035/viewer/2022081518/54b8de684a79592d6a8b4664/html5/thumbnails/28.jpg)
Encrypting An Email
![Page 29: Securing email and electronic documents with digital certificates, by nicholas davis](https://reader035.fdocuments.us/reader035/viewer/2022081518/54b8de684a79592d6a8b4664/html5/thumbnails/29.jpg)
Future of PKI at the University of Wisconsin
Migrating to a new PKI provider
5 year lifetime on certificates
LDAP push and pull connectivity
Beyond UW-Madison, to include other UW System campuses
Secure business communications via email between campuses
Perhaps replacing username and password authentication for sensitive applications.
![Page 30: Securing email and electronic documents with digital certificates, by nicholas davis](https://reader035.fdocuments.us/reader035/viewer/2022081518/54b8de684a79592d6a8b4664/html5/thumbnails/30.jpg)
It Really Is Up To You!
• Digital certificates / PKI is not hard to implement
• It provides end to end security of sensitive communications
• It is comprehensive, not a mix of point solutions
• Internet 1.0 is gone, let’s get down to the business of securing our communications.
![Page 31: Securing email and electronic documents with digital certificates, by nicholas davis](https://reader035.fdocuments.us/reader035/viewer/2022081518/54b8de684a79592d6a8b4664/html5/thumbnails/31.jpg)
Question and Answer Session
• Nicholas Davis
• Please let me know how I can be of assistance in your PKI, digital signature and secure email efforts