GRID-FR French CA Alice de Bignicourt.

Slides:

Advertisements

Similar presentations

DIGITAL CERTIFICATES Prof. Ravi Sandhu. 2 © Ravi Sandhu PUBLIC-KEY CERTIFICATES reliable distribution of public-keys public-key encryption sender needs.

Advertisements

Introduction of Grid Security

Chapter 14 – Authentication Applications

CS5204 – Operating Systems 1 Authentication. CS 5204 – Operating Systems2 Authentication Digital signature validation proves:  message was not altered.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

It’s not about security... it’s about access! Grid Security Pieter van Beek.

1 ISA 562 Information Systems Theory and Practice 10. Digital Certificates.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

Geneva, Switzerland, 2 June 2014 Introduction to public-key infrastructure (PKI) Erik Andersen, Q.11 Rapporteur, ITU-T Study Group 17 ITU Workshop.

 A public-key infrastructure ( PKI ) is a set of hardware, software, people, policies, and procedures needed to create, manage, distribute, use, store,

Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.

Authentication Cristian Solano. Cryptography is the science of using mathematics to encrypt and decrypt data. Public Key Cryptography –Problems with key.

HIT Standards Committee: Digital Certificate Trust – Policy Question for HIT Policy Committee March 29, 2011.

Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.

Security+ Guide to Network Security Fundamentals, Third Edition Chapter 12 Applying Cryptography.

PKI Activities at Virginia January 2004 CSG Meeting Jim Jokl.

An Authorization System for Grid Applications Thesis Presentation 5 th Dec 2006 Author: Wang Xiao Supervisor: Professor Heikki Hämmäinen Instructor: MSc.

Resource Certificate Profile SIDR WG Meeting IETF 66, July 2006 draft-ietf-sidr-res-certs-01 Geoff Huston Rob Loomans George Michaelson.

1 Key Establishment Symmetric key problem: How do two entities establish shared secret key in the first place? Solutions: Deffie-Hellman trusted key distribution.

1 Key Establishment Symmetric key problem: How do two entities establish shared secret key over network? Solution: trusted key distribution center (KDC)

Copyright, 1996 © Dale Carnegie & Associates, Inc. Digital Certificates Presented by Sunit Chauhan.

CS470, A.SelcukPKI1 Public Key Infrastructures CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

Digital Certificates With Chuck Easttom. Digital Signatures  Digital Signature is usually the encryption of a message or message digest with the sender's.

Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,

Cryptography and Network Security Chapter 14 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.

Information Security Fundamentals Major Information Security Problems and Solutions Department of Computer Science Southern Illinois University Edwardsville.

National Institute of Advanced Industrial Science and Technology Self-audit report of AIST GRID CA Yoshio Tanaka Information.

Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.

Public Key Infrastructure (X509 PKI) Presented by : Ali Fanian.

FP6−2004−Infrastructures−6-SSA E-infrastructure shared between Europe and Latin America The Brazilian Grid Certification Authority.

Unit 1: Protection and Security for Grid Computing Part 2

Certificate-Based Operations. Module Objectives By the end of this module participants will be able to: Define how cryptography is used to secure information.

06 APPLYING CRYPTOGRAPHY

March 27, 2006TAGPMA - Rio de Janeiro1 Short Lived Credential Services Profile Tony J. Genovese The Americas Grid PMA DOEGridsATF/ESnet/LBNL.

CERTIFICATES. What is a Digital Certificate? Electronic counterpart to a drive licenses or a passport. Enable individuals and organizations to secure.

Symmetric Encryption Mom’sSecretApplePieRecipe Mom’sSecretApplePieRecipe The same key is used to encrypt and decrypt the data. DES is one example. Pie.

Module 9: Fundamentals of Securing Network Communication.

Public Key Infrastructure (X509 PKI) Presented by : Ali Fanian

KISTI Grid CA Status Report Korea Institute of Science and Technology Information Sangwan Kim Jae-Hyuck Kwan

HEPSYSMAN UCL, 26 Nov 2002Jens G Jensen, CLRC/RAL UK e-Science Certification Authority Status and Deployment.

IST E-infrastructure shared between Europe and Latin America ULAGrid Certification Authority Vanessa Hamar Universidad de Los.

Who’s watching your network The Certificate Authority In a Public Key Infrastructure, the CA component is responsible for issuing certificates. A certificate.

Certificate Requests to HIP Jani Pellikka 80 th IETF Mar 27 th – Apr 1 st 2011 Prague, Czech Republic.

X.509 Topics PGP S/MIME Kerberos. Directory Authentication Framework X.509 is part of the ISO X.500 directory standard. used by S/MIME, SSL, IPSec, and.

Security CNS 4650 Fall 2004 Rev. 2 SSL, SASL, PKI.

NECTEC-GOC CA The 3 rd APGrid PMA face-to-face meeting. June, Suriya U-ruekolan National Electronics and Computer Technology Center, Thailand.

Security Mechanisms The European DataGrid Project Team

Installing a SSL Server. Creating a key Before you can create a digital signature/certificate. You need first to create a private key. To do this process.

1 Certification Issue : how do we confidently know the public key of a given user? Authentication : a process for confirming or refuting a claim of identity.

1 Public Key Infrastructure Dr. Rocky K. C. Chang 25 February, 2002.

8-Mar-01D.P.Kelsey, Certificates, WP6, Amsterdam1 WP6: Certificates for DataGrid Testbeds David Kelsey CLRC/RAL, UK

EGI-InSPIRE RI Grid Training for Power Users EGI-InSPIRE N G I A E G I S Grid Training for Power Users Institute of Physics Belgrade.

Security, Authentication and Authorization on Grid Computing 1st Chinese-French workshop on LHC Physics and Associated Grid Computing Beijing, December.

QuoVadis accreditation with EuGridPMA Alessandro Usai

NECTEC-GOC CA A Brief Status Report 13 th APGrid PMA Face-to-Face meeting March 24 th, 2014 Large-Scale Simulation Research Laboratory Information Communications.

UGRID CA Self-audit report Sergii Stirenko 21 st EUGRIDPMA Meeting Utrecht 24 January 2011.

TNGrid CA 24 th EUGridPMA meeting Ljubljana, Slovenia, January, 2012 Heithem ABBES Mohamed JEMNI

IRAN-GRID Certificate Authority 13 th EUgridPMA Meeting Copenhagen May 2008 Majid Arabgol Hessamdding Arfaei Shahin Rouhani

Digital Certificates Presented by: Matt Weaver. What is a digital certificate? Trusted ID cards in electronic format that bind to a public key; ex. Drivers.

Cryptography and Network Security

Security, Authorisation and Authentication

کاربرد گواهی الکترونیکی در سیستمهای کاربردی (امضای دیجیتال)

Security in ebXML Messaging

زير ساخت كليد عمومي و گواهي هويت

Public-Key Certificates

Grid Security M. Jouvin / C. Loomis (LAL-Orsay)

PKI (Public Key Infrastructure)

National Trust Platform

Presentation transcript:

GRID-FR French CA Alice de Bignicourt

2June 28th 2007 Outline  Requirement to access to the GRID  GRID-FR CA  Certificate  Statistics

3June 28th 2007 Requirement to access to GRID 1.User certificate (authentication) 2.Access to VO or VOMS (authorization) 3.User interface or web service access

4June 28th 2007 Outline  Requirement to access to the GRID  About GRID-FR CA  Certificate  Statistics

5June 28th 2007 About GRID-FR CA  CA=Certification Authority  CA GRID-FR Issue certificates for institutes participating in GRID projects in which CNRS is involved: –EGEE, LCG, DEISA, Grid 5000, ILDG, E-Sciences, Integrative Biology, …  Issue user, server and service certificates to: French public institutes & private institutes Foreign public & private institutes, no HEP, and who do not have CA (catch-all).

6June 28th 2007 About GRID-FR CA Composition of a CA  CA : Certification Authority  RA : Registration Authority  EE : End Entity (person, host, service)  Certificate repository Certificates (EE, CAs) CRLs  Validation Service  Encipherment Private Key Recovery Service

7June 28th 2007 About GRID-FR CA  GRID-FR sign algorithm SHA1  CRL=Certification Revocation List Generated each night Lifetime : 1 month Download dedicated server: –crls.services.cnrs.fr  EUGridPMA requirements European Policy Management Authority for Grid Authentication ( Activity : –To verify the minimum requirements –To accredit new CAs

8June 28th 2007 GRID-FR in the CNRS PKI CNRS-Standard CNRS-Plus CNRS-Projets CNRS GRID - FR SSI Partenaires-CNRS

9June 28th 2007 Outline  Requirement to access to the GRID  GRID-FR CA  Certificate  Statistics

10June 28th 2007 X509v3 Certificate  asymmetric encryption algorithm  Accredited by the trusted CA  Certificate for : User Host Service  Couple of 2 keys : Private key –NOT communicated –Encoded and protected by password Public key (also called certificate) –Signed by CA –Published

11June 28th 2007 Structure of an X509 certificate  Certificate Version Serial Number Algorithm ID Issuer Validity –Not Before –Not After Subject Subject Public Key Info –Public Key Algorithm –Subject Public Key Issuer Unique Identifier (Optional) Subject Unique Identifier (Optional) Extensions (Optional) –...  Certificate Signature Algorithm  Certificate Signature (Issuer and subject unique identifiers were introduced in Version 2, Extensions in Version 3)

12June 28th 2007 Example 1/2 Certificate: Data: Version: 3 (0x2) Serial Number: 1323 (0x52b) Signature Algorithm: md5WithRSAEncryption Issuer: C=FR, O=CNRS, CN=GRID-FR Validity Not Before: Oct 3 13:13: GMT Not After : Oct 3 13:13: GMT Subject: O=GRID-FR, C=FR, O=CNRS, OU=UREC, CN=Alice De Bignicourt Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (1024 bit) Modulus (1024 bit): 00:f6:48:51:86:3f:c3:0e:5a:1d:69:9e:c9:a7:4c: 25:d8:a1:e7:5a:9c:6f:50:d4:d6:34:ab:3f:57:a7: 60:d9:f1:3d:58:43:3a:ca:90:fb:51:9d:2f:4a:3e: 10:d4:14:4e:48:ca:6b:9f:d0:ac:f0:b5:94:bb:15: d6:43:49:91:37:72:75:0e:1b:89:d2:7c:76:db:25: 60:d1:fd:fc:b5:20:78:18:cb:11:a3:73:9a:e3:2b: ab:a3:cd:7c:0c:6c:9a:3a:19:5e:cb:10:e6:66:f4: 8e:02:aa:8f:1b:12:e0:f8:42:5e:68:a8:53:1b:f6: c6:00:92:f0:76:77:6b:f9:cd Exponent: (0x10001) Serial Number CA Issuer Validity Subject Public Key

13June 28th 2007 Example 2/2 X509v3 extensions: X509v3 Basic Constraints: critical CA:FALSE Netscape Cert Type: SSL Client, S/MIME, Object Signing X509v3 Key Usage: critical Digital Signature, Non Repudiation, Key Encipherment, Data Encipherment, Key Agreement Netscape Comment: Certificat GRID-FR. Pour toute information se reporter à X509v3 Subject Key Identifier: C6:89:EF:A4:82:41:0A:3A:CB:EB:BE:36:69:35:AA:CB:27:E6:15:CC X509v3 Authority Key Identifier: keyid:77:49:79:C1:F6:BB:92:F0:EC:08:C3:EE:D1:9C:B0:77:10:8C:93:2F DirName:/C=FR/O=CNRS/CN=CNRS-Projets serial:0C X509v3 Certificate Policies: Policy: X509v3 Subject Alternative Name: X509v3 CRL Distribution Points: URI: : unicoreClient Signature Algorithm: md5WithRSAEncryption a6:35:3a:d8:50:2c:ab:d8:8e:67:fd:54:cf:9c:65:76:1d:31../.. Use of the certificate Version of the CA’s CP/CPS address CRL

14June 28th 2007 Information in the X509 certificate  Information Subject = Distinguish Name (DN) –Identifier in the Grid Lifetime –Date not bedore –Date not after Extensions  the use of the certificate  Common filename extensions for X.509-certificates are :.PEM –2 files : public key, private key protected.P7C - PKCS#7 –Certificates or CRLs.P12 - PKCS#12 –1 file : 2keys, protected Also : CER DER P7B

15June 28th 2007 How to obtain a GRID-FR certificate ?  Requestor Generates : –private key –public key Sends public key  RA (Registration Authority = GRID-FR manager) to verify & valid  Public key is signed and certificate issued  Requestor get back the certificate

16June 28th 2007 Outline  Requirement to access to the GRID  GRID-FR CA  Certificate  Statistics

17June 28th 2007 GRID-FR Statistics  Valide certificates (On June 7 th 2007)

18June 28th 2007 GRID-FR Statistics

19June 28th 2007 GRID-FR Statistics

20June 28th 2007 GRID-FR Statistics - Countries

Question ?