Secure EmailUW Digital ID

Secure EmailStarring the Angry Birds

IntroductionBackground: Nicholas DavisEmail, the electronic postcardWhy encryption is importantS/MIME, secure emailWhat is a UW Digital IDHow does a UW Digital ID workWhat is inside a digital IDWhere do digital IDs come fromA story of trust, based on massive paymentsDigital IDs for secure emailDigital IDs for digital signingWhat encrypting email looks like in practiceInterception of data in transitHow to get that important public key

Email, the electronic postcard

EasyCheapGets the idea acrossWho can see itWhat assurance do you have of confidentiality?Does confidentiality matter? Yes, no, maybe…

Why Encryption is Important

Keeps private information private HIPAA, FERPA, SOX, GLB compliance Proprietary research Human Resource issues Legal Issues PR Issues Industrial espionage Over-intrusive government You never know who is

listening and watching!

S/MIME Industry Standard

Secure/Multipurpose Internet Mail ExtensionsThe equivalent of a Kevlar envelope for your emailEmail is encrypted (wrapped up) before sending and is secure for its entire trip, and at its destinationEmail is decrypted (unwrapped) only by the intended recipient

What is a UW Digital ID• A UW Digital ID is our branded

digital certificate• A UW Digital ID is the electronic

identification equivalent of a passport

• It has added benefits too• Allows you to digitally sign email

and electronic documents• Allows you to encrypt email for

others• Allows you to decrypt email which

others have encrypted for you

How Does a Digital ID Work

Even some Angry Birdshave difficultyunderstanding this!

What is Inside a Digital ID

Where Do Digital IDs Come From

• A certificate issuer recognized by all computers around the globe

• Root certificates are stored in the computer’s central certificate store

• Requires a stringent audit and a lot of money!

It Is All About Trust

Using Digital IDs to Secure Email

Best use for certificates, in my opinion Public key enables encryption and ensures that

the message can only be read by the intended recipient

Digital ID Also Demonstrates…..

Proof of authorship The contents of the message have not been

altered from their original form This is done through the use of digital signing

What does it actually look like in practice? -Sending-

What does it actually look like in practice (unlocking my private key)

-receiving-

What does it actually look like in practice?-receiving- (decrypted)

Digitally signed and verified; Encrypted

What does it look like in practice?-receiving- (intercepted)

Intercepting the Data in Transit

Send Me a Signed Email, Please, I Need Your Public Key

Who Uses UW Digital IDs Everyone in the Office of the RegistrarEveryone in the Office of Financial AidNumerous other departments around campusOver 1300 users alreadyThose who want to exchange secure email with peopleat other UW-System campusesFor encryption and signing of email and attached filesThe entire email is encrypted, including attachments

How To Get a UW Digital ID1. Go to the DoIT Tech Store2. Tell the friendly people that you would like a UW Digital ID3. Show them your Faculty/Staff ID card and one other form of ID4. Go back to your office5. Within 24 hours, you receive a registration email6. Follow instructions7. Click on link to download your UW Digital ID8. Follow simple import instructions9. Send a digitally singed email to someone, by clicking on the digitally sign button10.Now, that person can encrypt mail to you, by clicking on the encrypt button11. If they send you a digitally signed email, you can now encrypt for them12. If you both send digitally signed emails, you can now encrypt for each other13.Digital signed email must only be sent once

* If your department has multiple interested people, we can send someone to docredentialing at your office

You Never Know Who Is Watching – Movie #1

How Do They Do ItMovie #2

Questions and Discussion

Nicholas DavisMBA, CISA, CISSPndavis1@wisc.edu