PKI in Higher Education Dartmouth PKI Lab Update
PKI in Higher Education: Dartmouth PKI Lab Update Internet 2 Virtual Meeting 5 October 2001
Researchers Dartmouth College Computer Science Institute for Security and Technology Studies Dartmouth College Computing Services • David Nicol, Sean Smith: CS/ISTS • Ed Feustel: ISTS • Robert Brentrup, Larry Levine: Computing Services • Yasir Ali, Alex Iliev, John Marchesini, Eileen Ye: CS Students • Shan Jiang, Evan Knop: Alumni Lab Created 4 Q 2000 Internet 2 Fall 2001 Meeting: HEPKI 2
Dartmouth PKI Lab Objectives Exploring how to effectively use public-key cryptography to build trusted information services in the real world. Enable effective trust judgements, in systems that are heterogeneous on every level. • In users, roles, computer hardware and software, organizations, administrative domains, application contexts What are the appropriate pieces of information for trust judgments in different contexts at different times? Internet 2 Fall 2001 Meeting: HEPKI 3
End to End Approach Server • How do we establish foundation for this trust, when computation is vulnerable to insider attack? Client • How can user tools enable effective trust judgments? Infrastructure • How do we deploy and manage the certificates, keys, etc. , that enables this trust communication Applications • How can applications engage in PKI-based trust Internet 2 Fall 2001 Meeting: HEPKI judgments? 4
Status, October 2001 Server • Trusted Third Parties, immune to insider attack – Private Information Retrieval (PIR) – Armored Vault – Web. ALPS Client • Web/SSL/Certificate Spoofing • Requirements for Secure Web Client Internet 2 Fall 2001 Meeting: HEPKI 5
Status, October 2001 Infrastructure • Setup COTS, open-source testbeds. LDAP • Campus PKI planning –PKI/Lite: Web Authn/Authz & S/MIME –S/MIME Private Key Server Applications • Hardened Box Office • Web Application authentication/authorizatio local replacement • Voting (demo of Web. Alps) Internet 2 Fall 2001 Meeting: HEPKI 6
Private Information Retrieval Protecting query privacy from insider attack Server that efficiently provides material to authorized users… …so that the server operator learns nothing, not even statistics! Domains with sensitive data • Health information, expensive research data Internet 2 Fall 2001 Meeting: HEPKI 7
Armored Vault Protecting archived private material from insider attack Prove to stakeholders that policy is followed • Prototype domain: network data • Archive is encrypted and bound to policy • Built with Snort and IBM 4758 -2 Internet 2 Fall 2001 Meeting: HEPKI 8
Web. ALPS Protecting SSL Web Servers from insider attack SSL doesn’t help if armored pipe to cardboard box! Move server end of SSL into securer coprocessor Built from Apache, Open. SSL and IBM 4758 -2 Internet 2 Fall 2001 Meeting: HEPKI 9
Hardened Box Office Protect operator from liability Campus agents want to sell tickets, etc. online Server operator wants to minimize risk of exposing private customer data Uses Web. ALPS hardened server Internal application catches customer data, then signs and encrypts for entity and e-mails it Internet 2 Fall 2001 Meeting: HEPKI 10
S/MIME Private Key Server Protecting user private keys from insider attack and provides mobility Problem: Web based e-mail offers client mobility… … but adding PKI requires trusting the server with the private keys Solution: uses Web. ALPS- hardened server Generates, certifies, stores user keys… … and applies them only when authorized by user Neither bribery nor subpoena reveals the user keys! Internet 2 Fall 2001 Meeting: HEPKI 11
Client: Good Trust Judgements? Web/SSL provides server identity, not attributes • URL? • Location bar information • SSL Icon? • SSL warning window? • Certificate information? • Status bar www. cs. dartmouth. edu/~pkilab/demos/spoofing/ Internet 2 Fall 2001 Meeting: HEPKI 12
Client Research Questions • Should attributes attest to name of server, or content offered? • What are semantics of “independent windows”? • Who is really providing this service? • Which certificate is being used? Why? • What information does the server acquire about the user? • Requirements for “better” browser Internet 2 Fall 2001 Meeting: HEPKI 13
Infrastructure Developing Familiarity with tools for application development Defining strategies to setup and administer institution scale PKI environment Interactions with Central LDAP directory Tools to support Research projects Compatibility testing of PKI vendors and client applications Studies of end-user behavior, eg. Why passwords are shared Research goal: real applications, solving real problems! Internet 2 Fall 2001 Meeting: HEPKI 14
Futures PKI more than X. 509 • SDSI/SPKI. PGP, XML. . . Trust Judgment in Applications Rights Management, expressions of policy Critical Mass, academic community as prototype lab Internet 2 Fall 2001 Meeting: HEPKI 15
For More Information www. cs. dartmouth. edu/~pkilab Sean Smith sws@cs. dartmouth. edu Ed Feustel efeustel@ists. dartmouth. edu Robert Brentrup Robert. J. Brentrup@dartmouth. edu Internet 2 Fall 2001 Meeting: HEPKI 16
- Slides: 16