際際滷

際際滷Share a Scribd company logo

PKI_in_Depth__TATT__Niza_Ben_Neji__TMGC

Nizar Ben Neji
Nizar Ben Neji

This document outlines an agenda for a training course on Public Key Infrastructure (PKI) that will take place from October 26-30, 2015 in Trinidad and Tobago. The training will cover topics such as the role of cryptography in building digital trust, elements of a PKI like digital certificates and certificate authorities, trust models, hardware security modules, standards, digital signatures, time stamping services, and practical labs involving setting up a PKI and securing communications.

1 of 9
Download to read offline
26th 30th October 2015 Public Key Infrastructure (PKI) In Depth Telecommunications Authority ofTrinidad andTobago (TATT) Dr. Eng. Nizar Ben Neji 26th 30th October 2015 Trinidad andTobago TMG Consultancy Ltd, London www.tmgconsultancy.co.uk / info@tmgconsultancy.co.uk 息TMG Consultancy Ltd
Content 1. Role of Cryptography in BuildingTrust in the Digital World Security objectives (Authentication, Confidentiality, Integrity and non- repudiation Role of the modern cryptography in information security: o Asymmetric cipher algorithms (RSA, DSA, ECDSA, ) o Symmetric cipher algorithms (AES, DES, 3DES, ) 息TMG Consultancy Ltd Deployment, Management and Use of PKI Trinidad and Tobago 26-30 October 2015 1 o Symmetric cipher algorithms (AES, DES, 3DES, ) o Hash algorithms (SHA1, SHA2, ) 2. Elements of Public Key Infrastructure (PKI) Certificate Policy (CP) and Certification Practice Statements (CPS) PKI Architecture (Root CA, Subordinate CAs, Bridge CA, Cross- certification, Mutual recognition between CAs, Certification Path, ) Registration Authorities (RAs) Digital Certificates (Structure, Basic fields, Extensions and Profiles)
Content Certificate Revocation Lists (CRLs) Recommended CryptographicAlgorithms and Key Lengths Publishing Certificates and CRLs Validation Authority (VA) and OCSP Responder PKI Solutions (OpenSSL, EJBCA, Microsoft CA, ) 3. Trust Models in PKI 息TMG Consultancy Ltd Deployment, Management and Use of PKI Trinidad and Tobago 26-30 October 2015 2 3. Trust Models in PKI Rooted HierarchicalTrust Model Network (Cross Certification)Trust Model Bridge CA Model Trust List Based Model 4. Hardware Protection of Cryptographic Secrets Cryptographic Smartcard Card (for end users),
Content Hardware Security Module (HSM) (for servers), LongTerm Storage of Cryptographic Proofs 5. Relevant PKI Standards, Protocols and Standardization Organizations ITUTelecommunication Standardization Sector IETF PKIXWorking Group 息TMG Consultancy Ltd Deployment, Management and Use of PKI Trinidad and Tobago 26-30 October 2015 3 IETF PKIXWorking Group RSA Security Laboratories EuropeanTelecommunications Standards Institute (ETSI) National Institute of Standards andTechnology (NIST) American National Standard Institute (ANSI) CA/Browser Forum Relevant PKI Standards and Protocols
Content 6. Digital Signature Standards and Mechanisms Purpose, Forms and Groups Main Properties of Digital Signature Advanced Electronic Signature Necessity of a Legal Framework Electronic Signature Policy 息TMG Consultancy Ltd Deployment, Management and Use of PKI Trinidad and Tobago 26-30 October 2015 4 Electronic Signature Policy Creation of a digital signature Digital Signature Formats CMS/PKCS#7 format (Cryptographic Message Syntax) CAdES (CMS Advanced Electronic Signature) S/MIME signature XMLDSig (XML Digital Signature) XAdES (XML Advanced Electronic Signature) PDF [ISO 32000-1] PAdES (PDF Advanced Electronic Signature)
Content 7. Time Stamping Service Importance ofTime Stamping (TS) Documents TS Standards Accurate Source ofTime and NTP Architecture of aTS Solution Time StampingAuthority 息TMG Consultancy Ltd Deployment, Management and Use of PKI Trinidad and Tobago 26-30 October 2015 5 Time StampingAuthority Time Stamping Client'sTool TS Request TSToken 8. Transition to the ElectronicTransactions E-Terms Basic Electronic Services
Content Security requirements in E-Government Legal, Institutional andTechnical Preparation Security requirements in E-Procurement Security requirements in E-Banking Security requirements in E-Commerce Security Over the Internet 息TMG Consultancy Ltd Deployment, Management and Use of PKI Trinidad and Tobago 26-30 October 2015 6 Security Over the Internet SSL/TLS VPN SSL Cryptographic Programming Libraries MS CAPI JAVA IAIK JAVA Bouncycastle Oracle JCE/JCA
Practical Labs 1. Setting up an Enterprise PKI: 1. CertificationAuthority 2. Registration Authority 3. LDAP Repository to publish certificates and CRLs 4. OCSP Responder Installing digital certificates in: 息TMG Consultancy Ltd Deployment, Management and Use of PKI Trinidad and Tobago 26-30 October 2015 7 2. Installing digital certificates in: 1. MS Keystore 2. Mozilla Keystore 3. JAVA Keystore 4. Cryptographic Smartcard 3. Securing MS Office Documents 4. Securing Acrobat PDF Documents
Practical Labs 5. Setting up SSL on Apache Web Server 1. Simple SSL Authentication 2. Mutual SSL Authentication 6. Digitally sign source code (Secure JAVAWeb Applet) 7. Securing Messaging Systems (S/MIME, POPS, SMTPS and 息TMG Consultancy Ltd Deployment, Management and Use of PKI Trinidad and Tobago 26-30 October 2015 8 7. Securing Messaging Systems (S/MIME, POPS, SMTPS and IMAPS) 6. Digitally sign messages 7. Encrypt messages 8. Setting up an End to End VPN SSL Connection using digital certificates for authentication

More Related Content

PKI_in_Depth__TATT__Niza_Ben_Neji__TMGC

  • 1. 26th 30th October 2015 Public Key Infrastructure (PKI) In Depth Telecommunications Authority ofTrinidad andTobago (TATT) Dr. Eng. Nizar Ben Neji 26th 30th October 2015 Trinidad andTobago TMG Consultancy Ltd, London www.tmgconsultancy.co.uk / info@tmgconsultancy.co.uk 息TMG Consultancy Ltd
  • 2. Content 1. Role of Cryptography in BuildingTrust in the Digital World Security objectives (Authentication, Confidentiality, Integrity and non- repudiation Role of the modern cryptography in information security: o Asymmetric cipher algorithms (RSA, DSA, ECDSA, ) o Symmetric cipher algorithms (AES, DES, 3DES, ) 息TMG Consultancy Ltd Deployment, Management and Use of PKI Trinidad and Tobago 26-30 October 2015 1 o Symmetric cipher algorithms (AES, DES, 3DES, ) o Hash algorithms (SHA1, SHA2, ) 2. Elements of Public Key Infrastructure (PKI) Certificate Policy (CP) and Certification Practice Statements (CPS) PKI Architecture (Root CA, Subordinate CAs, Bridge CA, Cross- certification, Mutual recognition between CAs, Certification Path, ) Registration Authorities (RAs) Digital Certificates (Structure, Basic fields, Extensions and Profiles)
  • 3. Content Certificate Revocation Lists (CRLs) Recommended CryptographicAlgorithms and Key Lengths Publishing Certificates and CRLs Validation Authority (VA) and OCSP Responder PKI Solutions (OpenSSL, EJBCA, Microsoft CA, ) 3. Trust Models in PKI 息TMG Consultancy Ltd Deployment, Management and Use of PKI Trinidad and Tobago 26-30 October 2015 2 3. Trust Models in PKI Rooted HierarchicalTrust Model Network (Cross Certification)Trust Model Bridge CA Model Trust List Based Model 4. Hardware Protection of Cryptographic Secrets Cryptographic Smartcard Card (for end users),
  • 4. Content Hardware Security Module (HSM) (for servers), LongTerm Storage of Cryptographic Proofs 5. Relevant PKI Standards, Protocols and Standardization Organizations ITUTelecommunication Standardization Sector IETF PKIXWorking Group 息TMG Consultancy Ltd Deployment, Management and Use of PKI Trinidad and Tobago 26-30 October 2015 3 IETF PKIXWorking Group RSA Security Laboratories EuropeanTelecommunications Standards Institute (ETSI) National Institute of Standards andTechnology (NIST) American National Standard Institute (ANSI) CA/Browser Forum Relevant PKI Standards and Protocols
  • 5. Content 6. Digital Signature Standards and Mechanisms Purpose, Forms and Groups Main Properties of Digital Signature Advanced Electronic Signature Necessity of a Legal Framework Electronic Signature Policy 息TMG Consultancy Ltd Deployment, Management and Use of PKI Trinidad and Tobago 26-30 October 2015 4 Electronic Signature Policy Creation of a digital signature Digital Signature Formats CMS/PKCS#7 format (Cryptographic Message Syntax) CAdES (CMS Advanced Electronic Signature) S/MIME signature XMLDSig (XML Digital Signature) XAdES (XML Advanced Electronic Signature) PDF [ISO 32000-1] PAdES (PDF Advanced Electronic Signature)
  • 6. Content 7. Time Stamping Service Importance ofTime Stamping (TS) Documents TS Standards Accurate Source ofTime and NTP Architecture of aTS Solution Time StampingAuthority 息TMG Consultancy Ltd Deployment, Management and Use of PKI Trinidad and Tobago 26-30 October 2015 5 Time StampingAuthority Time Stamping Client'sTool TS Request TSToken 8. Transition to the ElectronicTransactions E-Terms Basic Electronic Services
  • 7. Content Security requirements in E-Government Legal, Institutional andTechnical Preparation Security requirements in E-Procurement Security requirements in E-Banking Security requirements in E-Commerce Security Over the Internet 息TMG Consultancy Ltd Deployment, Management and Use of PKI Trinidad and Tobago 26-30 October 2015 6 Security Over the Internet SSL/TLS VPN SSL Cryptographic Programming Libraries MS CAPI JAVA IAIK JAVA Bouncycastle Oracle JCE/JCA
  • 8. Practical Labs 1. Setting up an Enterprise PKI: 1. CertificationAuthority 2. Registration Authority 3. LDAP Repository to publish certificates and CRLs 4. OCSP Responder Installing digital certificates in: 息TMG Consultancy Ltd Deployment, Management and Use of PKI Trinidad and Tobago 26-30 October 2015 7 2. Installing digital certificates in: 1. MS Keystore 2. Mozilla Keystore 3. JAVA Keystore 4. Cryptographic Smartcard 3. Securing MS Office Documents 4. Securing Acrobat PDF Documents
  • 9. Practical Labs 5. Setting up SSL on Apache Web Server 1. Simple SSL Authentication 2. Mutual SSL Authentication 6. Digitally sign source code (Secure JAVAWeb Applet) 7. Securing Messaging Systems (S/MIME, POPS, SMTPS and 息TMG Consultancy Ltd Deployment, Management and Use of PKI Trinidad and Tobago 26-30 October 2015 8 7. Securing Messaging Systems (S/MIME, POPS, SMTPS and IMAPS) 6. Digitally sign messages 7. Encrypt messages 8. Setting up an End to End VPN SSL Connection using digital certificates for authentication