IGTF Risk Assessment Team

Slides:

Advertisements

Similar presentations

EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks MyProxy and EGEE Ludek Matyska and Daniel.

Advertisements

MyProxy Jim Basney Senior Research Scientist NCSA

Chapter 14 – Authentication Applications

CS5204 – Operating Systems 1 Authentication. CS 5204 – Operating Systems2 Authentication Digital signature validation proves:  message was not altered.

Haga clic para cambiar el estilo de título Haga clic para modificar el estilo de subtítulo del patrón DIRAC Framework A.Casajus and R.Graciani (Universitat.

Public Key Infrastructure Ben Sangster February 23, 2006.

National Center for Supercomputing Applications MyProxy and GSISSH Update Von Welch National Center for Supercomputing Applications University of Illinois.

CVE , lessons learned and actions David Groep, Nov 7 nd, 2008.

Ing. Ondřej Ševeček MCSM:Directory | MVP:Enterprise Security | Certified Ethical Hacker | MCSE:SharePoint | Smart card.

OSG Security Review Mine Altunay June 19, June 19, Security Overview Current Initiatives  Incident response procedure – top priority (WBS.

02/22/2005 Joint Seminer Satoshi Koga Information Technology & Security Lab. Kyushu Univ. A Distributed Online Certificate Status Protocol with Low Communication.

Blueprint Meeting Notes Feb 20, Feb 17, 2009 Authentication Infrastrusture Federation = {Institutes} U {CA} where both entities can be empty TODO1:

OSG Area Coordinators Meeting Security Team Report Mine Altunay 04/3/2013.

Evolution of the Open Science Grid Authentication Model Kevin Hill Fermilab OSG Security Team.

OSG Security Review Mine Altunay December 4, 2008.

Rob Quick OSG Operations Area Coordinator Manager High Throughput Computing Indiana University Integrating OSG Operational Services Rob Quick OSG Operations.

Profile for Portal-based Credential Services (POCS) Yoshio Tanaka International Grid Trust Federation APGrid PMA AIST.

Chapter 7: Cryptographic Systems

National Computational Science National Center for Supercomputing Applications National Computational Science GSI Online Credential Retrieval Requirements.

Lessons Learned from disaster recovery Jinny Chien April 20, th APGridPMA in Taipei.

BG.ACAD CA HTTP :// CA. ACAD. BG S ELF - AUDIT REPORT 2014 Vladimir Dimitrov IICT-BAS ( 32 nd EUGridPMA Meeting Poznan, 8-10.

EGI-InSPIRE RI EGI (IGTF Liaison Function) EGI-InSPIRE RI IGTF & EUGridPMA status update SHA-2 – and more (David Groep,

IGTF Risk Assessment Team 5/11/091.

IGTF Risk Assessment Team 9/14/091.

Security Mechanisms The European DataGrid Project Team

(Exchange Programme to advance e-Infrastructure Know-How) The EPIKH Project Hailong Yang

Apache HTTP Server SSL End-to-End

Key management issues in PGP

ASN.1: Cryptographic files

Web Applications Security Cryptography 1

Operations Management Board 19th Dec. 2013

Welcome to SESA Leader in Asbestos and Hazardous Materials Consulting

Soapbox of Random Stuff

Giuseppe LA ROCCA INFN - Catania, Italy

AEGIS Certification Authority

Be sincere. Say it like you would want to be said to you

Cryptography and Network Security

NETWORK SECURITY Cryptography By: Abdulmalik Kohaji.

Information Security message M one-way hash fingerprint f = H(M)

NAREGI-CA Development of NAREGI-CA NAREGI-CA Software CP/CPS Audit

SSL Implementation Guide

7 Important Benefits of Hiring a Party Bus Service

Viet Tran Institute of Informatics Slovakia

IBM Certified WAS 8.5 Administrator

Update on EDG Security (VOMS)

Information Security message M one-way hash fingerprint f = H(M)

Alaska Airlines Customer Service Number

TERRA Authored by: Garfinkel, Pfaff, Chow, Rosenblum, and Boneh

کاربرد گواهی الکترونیکی در سیستمهای کاربردی (امضای دیجیتال)

APNIC Trial of Certification of IP Addresses and ASes

Message Digest Cryptographic checksum One-way function Relevance

KMIP Entity Object and Client Registration

Welcome to 7th Grade Science with Mrs. Koch

Grid Security M. Jouvin / C. Loomis (LAL-Orsay)

Secure Electronic Transaction (SET) University of Windsor

Information Security message M one-way hash fingerprint f = H(M)

Resource Certificate Profile

SHA-2 Migration status David Groep Nikhef Nikhef, Amsterdam

How we’ll prepare for the General Data Protection Regulation (GDPR)

MaGrid CA Self audit and update

Be sincere. Say it like you would want to be said to you

Expanded Clearinghouse Initiative

and the SHA-1 depreciation time line and status

The GENIUS Security Services

Emir Imamagić University Computing Centre (Srce)

Cryptography Lecture 26.

KISTI CA Report Status & Self-Audit

BG.ACAD CA Self-audit report 2018

National Trust Platform

Presentation transcript:

IGTF Risk Assessment Team http://tagpma.es.net/wiki/bin/view/IGTF-RAT

Cable Severance Severance of three (out of four) undersea cables in the Mediterranean basin on December 19th, 2008. Affected retrieval of CRLs. http://www.eugridpma.org/newsletter/eugridpma-newsletter-20081220.txt

MD5 MD5 hash collisions in X.509 certificates Risk for new certificates issued using MD5 IGTF should not have any of these… http://www.eugridpma.org/newsletter/eugridpma-newsletter-20090102.txt Also concern about MD5 weakness in general: CA certificates (and subordinates) CNRS subordinate using MD5 will change to SHA1 shortly CRLs Proxy certificates (Globus, VOMS, MyProxy) Globus discussed proxy certificate issue

(EC)DSA EE Keys OpenSSL client vulnerability Unlikely that IGTF CAs have certified (EC)DSA keys http://www.eugridpma.org/newsletter/eugridpma-newsletter-20090108.txt RAT will request CAs to audit

Querying CAs Email Online repositories of issued certificates Privacy issues? Certificates are public? Ex. Public phone number versus publish in phone book Restrict access to RAT members? Decided: Will not require this for now Goal: Gather information to assess the risk Must always tell CAs to modify practice in the future based on new risk/threat

Sanity Checking Requests RSA Exponent < 65537 Hardware tokens (pkcs11-tool) tend to generate exponents 3 & 5 by default Known-weak (Debian OpenSSL) keys MD5 (EC)DSA Transient issue? OpenSSL will be patched. Relying parties should patch in any case!

IGTF RAT Risk assessment is difficult Additional members welcome! Contact: igtf-rat@eugridpma.org