1. Public Key Infrastructure Definition: A public key infrastructure
advertisement
1. Public Key Infrastructure Definition: A public key infrastructure (PKI) is an arrangement that provides for • trusted third party vetting of, • and vouching for, • user identities. Note: Broadly, vetting is a process of examination and evaluation. 1.1. Purpose and Function • PKI arrangements enable computer users to be authenticated • To use each other’s public key • Which allows to decrypt and encrypt messages send between receiver and sender -2- 1.2. Certificate History Stolen from: http://www.cs.auckland.ac.nz/˜pgut001/pubs/pkitutorial.pdf • Why is X.509 PKI so complicated? • Original paper on publick-key encryption proposed the Public File • — Public-key white pages — Key present -> valid — Communications where protected by a signature Straight forward in 1976 - not today 1.3. X.500 • X.500 proposed various access control mechanisms • series of cmputer networking standards — DAP (Directory Access Protocol) — DSP (Directory System Protocol) — DISP (Directory Information Shadowing Protocol) — DOP (Directory Operational Bindings Management Protocol)o • presentation layer given to users was that the DNS site name "www.foobar.com" was verified in a browser • user has reached the correct web site via HTTPS. • CA Certs are loaded into the browser statically • the browser can verify the SSL cert of the website. 1.4. Use Case Skip :) 1.5. Ten Risks of PKI Computer security has been victim of the "year of the..." syndrome. First it was firewalls, then intrusion detection systems, then VPNs, and now certification authorities (CAs) and public-key infrastructure (PKI). "If you only buy X," the sales pitch goes, "then you will be secure." But reality is never that simple, and that is especially true with PKI. 1.6. 1 Who do we trust, and for what?" There’s a risk from an imprecise use of the word "trust." A CA is often defined as trusted. 1.7. 2 Who is using my key? 1.8. 3 How secure is the verifying computer? 1.9. 4 Which John Robinson is he? 1.10. 5 Is the CA an authority? -3- 1.11. 6 Is the user part of the security design? 1.12. 7 Was it one CA or a CA plus a Registration Authority? 1.13. 8 How did the CA identify the certificate holder? 1.14. 9 How secure are the certificate practices? 1.15. 10 Why are we using the CA process, anyway? -4- 1.16. Call for Paper ** Apologies for multiple copies ** F i n a l C a l l F o r P a p e r s Fourth European PKI Workshop: Theory and Practice (EuroPKI’07) 28-30 June 2007 Palma de Mallorca, Balearic Islands, Spain http://dmi.uib.es/europki07 The 4th European PKI Workshop: Theory and Practice is focusing on all research aspects of Public Key Applications, Services and Infrastructures. Submitted papers may present theory, applications or practical experiences on topics including, but not limited to: - Architecture and Modeling Authentication Authorization and Delegation Bridge CA Case Studies Certificates Status Certification Policy Certification Practices Cross Certification Directories eCommerce/eGovernment Evaluation Fault-Tolerance Federations ID-based schemes Identity Management Implementations Interoperability Key Management Legal issues Long-time archiving Mobile PKI Policies & Regulations Privacy Privilege Management Protocols Reliability in PKI Repositories Risk/attacks Standards Timestamping Trust Ubiquitous scenarios Verification *Instructions for paper submission -5- The Workshop welcomes original papers from academic, government, and industry contributors dealing with the above or related issues. Papers which describe ongoing research or provide an excellent surveying work are welcome too. All submissions will be subjected to a thorough blind review by at least three reviewers. Papers should be up to 6000 words in English, including references and well-marked appendices. Like in all previous EuroPKI events, it is planned that accepted papers are published by Springer in the Lecture Notes in Computer Science (LNCS) series. To submit a paper, please follow instructions on the Workshop webpage. Note that the submitted paper (PDF or PostScript format), must follow the template indicated at (http://www.springer.de/comp/lncs/authors.html) by Springer, starting with a title, a short abstract, and a list of keywords, with no author names, affiliations, acknowledgements, nor obvious references. * Special Issue A Special Issue of EuroPKI 2007 with extended versions of the best papers of the workshop will be published in the "Journal of Computer Security" (http://www.iospress.nl/loadtop/load.php?isbn=0926227x), IOS Press. Note also that those selected papers will need to undergo another round of review. * Important dates Submission of papers: February 28, 2007 Notification to authors: March 30, 2007 Camera-ready copies: April 16, 2007 * Programme Committee co-Chairs Javier Lopez, University of Malaga, Spain Pierangela Samarati, University of Milan, Italy *General Chair Jose L. Ferrer, University of Balearic Islands, Spain *Programme Committee: Carlisle Adams, University of Ottawa, Canada Oscar Canovas, University of Murcia, Spain Sabrina De Capitani di Vimercati, University of Milan, Italy David Chadwick, University of Kent, UK Marco Cremonini, University Of Milan, Italy Jorge Davila, UPM, Spain Ed Dawson, QUT, Australia Stephen Farrell, Trinity College Dublin, Ireland Jordi Forne, Polytechnic University of Catalonia, Spain Dieter Gollmann, Hamburg University of Technology, Germany Stefanos Gritzalis, University of Aegean, Greece Dimitris Gritzalis, AUEB, Greece Socrates Katsikas, University of Aegean, Greece Stephen Kent, BBN Technologies, USA Kwangjo Kim, ICU, Korea Chi-Sung Laih, National Cheng Kung University, Taiwan Antonio Lioy, Politecnico di Torino, Italy Fabio Martinelli, IIT-CNR, Italy Apol.lonia Martinez, University of Balearic Islands, Spain -6- Fabio Massacci, University of Trento, Italy Stig F. MjC8lsnes, NTNU, Norway Jose A. Montenegro, University of Malaga, Spain Yi Mu, University of Wollongong, Australia Rolf Oppliger, eSecurity, Switzerland Eiji Okamoto, University of Tsukuba, Japan Guenther Pernul, University of Regensburg, Germany Bart Preneel, Katholieke Univ. Leuven, Belgium Chunming Rong, University of Bergen, Norway Kouichi Sakurai, Kyushu University, Japan Ravi Sandhu, George Mason University, USA Damien Sauveron, University of Limoges, France Sean Smith, Dartmouth College, USA Julien Stern, Cryptolog, France Jianying Zhou, I2R, Singapore Sencun Zhu, Penn State University, USA * Links to EuroPKI’06 EuroPKI’05 EuroPKI’04 previous EuroPKI events - http://security.polito.it/europki2006/ - http://sec.isi.salford.ac.uk/europki2005/index.shtml - http://www.aegean.gr/EuroPKI2004/ --------------------------------------------------------------------To unsubscribe, e-mail: computational.science-unsubscribe@lists.optimanumerics.com For additional commands, e-mail: computational.science-help@lists.optimanumerics.com Computational Science mailing list hosting is provided by OptimaNumerics (http://www.OptimaNumerics.com) ---------------------------------------------------------------------
