Building Secure Infrastructures

Building a secure infrastructure, either with or without cryptographic techniques, is a difficult and demanding task. Being a knowledge-intensive operation, OpenFortress has encountered the difficulties involved, and has expertise to share from that.

This workshop is not suitable just for technicians, but also for their direct managers. It includes a lot architectural and overviewing perspectives, and that is of interested to both groups of people. The workshop initially takes one day, but later expansion on topics is possible. The material from the course What is crypto? is assumed as a basis. The workshop can be adapted and it can be highly interactive when a concrete problem can be addressed in the workshop.

Establishing trust

Trust is not an automatic result of using cryptography. However, cryptography can aid in remote validation, for instance over the Internet. Several means of building trust are possible.

  • Falling back on paper contracts
  • Digitally signed statements
  • Are certificate authorities useful?
  • Trust model: the Public Key Infrastructre
  • Trust model: the Web Of Trust
  • Putting it together: Separation of concerns
  • Destroying keys

Key management

Keys are easy to make and manage if they are intended for personal use. When used in an organisation, this becomes more complicated, for a variety of reasons.

  • The size of keys
  • The importance of good random material
  • The "disgruntled employee" scenario
  • The "dead fred" scenario
  • Splitting keys
  • Joint signatures
  • Lawyers as intelligent backup devices

Physical security

To build a secure infrastructure, physical security of the systems concerned must be addressed.

  • Vaults: bluffpoker or checkmate?
  • Cryptographic tokens, smart cards
  • Displays as loud mouths
  • Choice of operating system and environment
  • Generation of random numbers
  • Validation of software and disk partitions

 
   ------ 8< ---------- 8< ----------- 8< ------ | OpenFortress*