Adding Multimedia Extensions to X.509 Certificates Nicholis Bufmack CS 525 – Spring 2008.

Slides:



Advertisements
Similar presentations
Single Sign-On with GRID Certificates Ernest Artiaga (CERN – IT) GridPP 7 th Collaboration Meeting July 2003 July 2003.
Advertisements

Chapter 20 Oracle Secure Backup.
Secure Sockets Layer eXtended (SSLX) Next Generation Internet Security Overview Presentation April 2011.
1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.
DESIGNING A PUBLIC KEY INFRASTRUCTURE
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.
Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.
1 Configuring Web services (Week 15, Monday 4/17/2006) © Abdou Illia, Spring 2006.
Scaling Service Requests Linux: ipvsadm & iptoip.
IPhone Security: Understanding the KeyChain Nicholis Bufmack and Ryan Thomas CS 691 Summer 2009.
11 SHARING FILE SYSTEM RESOURCES Chapter 9. Chapter 9: SHARING FILE SYSTEM RESOURCES2 CHAPTER OVERVIEW  Create and manage file system shares and work.
How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.
Apache : Installation, Configuration, Basic Security Presented by, Sandeep K Thopucherela, ECE Department.
Customizing X.509 Certificate Fields Charles D. Short CS526 – S2008 University of Colorado, Colorado Springs Dr. C. Edward Chow 5/5/2008CDS - UCCS CS526.
Cambodia-India Entrepreneurship Development Centre - : :.... :-:-
Installing software on personal computer
Installing Windows XP Professional Using Attended Installation Slide 1 of 41Session 2 Ver. 1.0 CompTIA A+ Certification: A Comprehensive Approach for all.
SSL (Secure Socket Layer) and Secure Web Pages Rob Sodders, University of Florida CIS4930 “Advanced Web Design” Spring 2004
Application Layer. Applications A program or group of programs designed for end users. A program or group of programs designed for end users. Software.
APACHE SERVER By Innovationframes.com »
1 of 5 This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT. © 2007 Microsoft Corporation.
Perforce (Version Control Software). Perforce is an enterprise version management system in which users connect to a shared file repository. Perforce.
Working with Applications Lesson 7. Objectives Administer Internet Explorer Secure Internet Explorer Configure Application Compatibility Configure Application.
1 SAMBA. 2 Module - SAMBA ♦ Overview The presence of diverse machines in the network environment is natural. So their interoperability is critical. This.
Operating Systems Operating System
Your Interactive Guide to the Digital World Discovering Computers 2012.
Module 10: Designing an AD RMS Infrastructure in Windows Server 2008.
Web Servers Web server software is a product that works with the operating system The server computer can run more than one software product such as .
CSCI 6962: Server-side Design and Programming Course Introduction and Overview.
Abdullah Alshalan Garrett Drown Team 3 CSE591: Virtualization and Cloud Computing.
Hands-On Microsoft Windows Server 2008 Chapter 1 Introduction to Windows Server 2008.
1 Guide to Novell NetWare 6.0 Network Administration Chapter 11.
1Copyright © 2011 Pearson Education, Inc. Publishing as Prentice Hall. Exploring Microsoft Office Access 2010 by Robert Grauer, Keith Mast, and Mary Anne.
1 Guide to Novell NetWare 6.0 Network Administration Chapter 13.
1 Web Developer Foundations: Using XHTML Chapter 10 Helper Applications and Plug-in Concepts.
Copyright ®xSpring Pte Ltd, All rights reserved Versions DateVersionDescriptionAuthor May First version. Modified from Enterprise edition.NBL.
© 2011 Delmar, Cengage Learning Chapter 7 Managing a Web Server and Files.
Implementing ISA Server Publishing. Introduction What Are Web Publishing Rules? ISA Server uses Web publishing rules to make Web sites on protected networks.
CN1260 Client Operating System Kemtis Kunanuraksapong MSIS with Distinction MCT, MCITP, MCTS, MCDST, MCP, A+
Lecture 23 Internet Authentication Applications modified from slides of Lawrie Brown.
11 MANAGING AND DISTRIBUTING SOFTWARE BY USING GROUP POLICY Chapter 5.
SUSE Linux Enterprise Desktop Administration Chapter 12 Administer Printing.
1 Apache. 2 Module - Apache ♦ Overview This module focuses on configuring and customizing Apache web server. Apache is a commonly used Hypertext Transfer.
1 Apache and Virtual Sites and SSL Dorcas Muthoni.
Security Protocols and E-commerce University of Palestine Eng. Wisam Zaqoot April 2010 ITSS 4201 Internet Insurance and Information Hiding.
MCTS Guide to Microsoft Windows Server 2008 Applications Infrastructure Configuration (Exam # ) Chapter Four Windows Server 2008 Remote Desktop Services,
12 Developing a Web Site Section 12.1 Discuss the functions of a Web site Compare and contrast style sheets Apply cascading style sheets (CSS) to a Web.
Chapter Six Maintaining a Computer Part II: Installing, Repairing, and Removing Applications.
Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®
Slide 1 August CSF NEbraskaCERT Certificate Authority Matthew G. Marsh 08/20/03.
Security, NATs and Firewalls Ingate Systems. Basics of SIP Security.
 Load balancing is the process of distributing a workload evenly throughout a group or cluster of computers to maximize throughput.  This means that.
Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®
The 2007 Microsoft Office System Servers Enterprise Content Management, Workflow and Forms Martin Parry Developer and Platform Group, Microsoft Ltd
Active Directory Domain Services (AD DS). Identity and Access (IDA) – An IDA infrastructure should: Store information about users, groups, computers and.
Virtual Private Network Access for Remote Networks
Web and Proxy Server.
Data Virtualization Tutorial… SSL with CIS Web Data Sources
Fundamentals Sunny Sharma Microsoft
E-commerce | WWW World Wide Web - Concepts
E-commerce | WWW World Wide Web - Concepts
Microsoft Dumps - Microsoft Question Answer - Realexamdumps.com
PREPARED BY: RUMMY MIRANDA
INSTALLING AND SETTING UP APACHE2 IN A LINUX ENVIRONMENT
System And Application Software
Configuring Internet-related services
Managing a Web Server and Files
Chapter 7 Network Applications
Presentation transcript:

Adding Multimedia Extensions to X.509 Certificates Nicholis Bufmack CS 525 – Spring 2008

The Problem Diverse media types have various configuration parameters for different platforms. Additionally, digital rights management issues require consumers to only be able to access media that they have the proper license for. Given the personalized nature of the X.509 certificate, adding multimedia extensions may be a viable solution.

Project Goal Modify the X.509 certificate to include multimedia and DRM information.

Background X.509 Certificates use fields to contain information about the certificate holder, the certifying organization, etc. New fields can be added as extensions. Extensions (and fields) are identified using Object Identifiers (OIDs). Creating a new extension for multimedia entails defining and inserting new OIDs.

Object Identifiers (OID)‏ Consist of a sequence of integers defining a data type and object. An example is the RSA encryption algorithm OID: They must be registered and unique to be widely accepted within browsers and PKI enabled applications. A repository is kept by IANA for private enterprise arc OID; the federal government has another repository. Big problem: no real mechanism for dissemination of new OIDs to applications.

X.509 Extensions Extensions may be added to an X.509 certificate. The extensions may be thought of as attaching a “sub certificate” to the original certificate. Problem with this approach: practically no documentation on how to do this. What documentation exists is unclear and often contradicts other sources of information. Decided instead to create a new field within a single certificate.

Environment Apple Mac OS X client Ubuntu Linux server running Apache2 Ubuntu server running as a virtual machine inside of VirtualBox on the same machine as the client Creation of the certificates and installation on client and server used the same software: openssl.

OpenSSL Openssl is an open source toolkit used to create, manage, and install X.509 certificates. Used across multiple platforms. Well documented on using it for common tasks; not so well documented when it comes to doing something new or unusual (like adding a new field).

The Process Create fields to contain multimedia information and add to the configuration files on the server and the client. Use the openssl command with the correct switches and parameters to create the certificate. Install the certificate on both the server and the client. Test the new new multimedia extension.

Multimedia Field The new field will be called video_file. The new OID will be The content within the field is a link to a video file. The idea is the have the client application automatically grab the video file when presented with a valid certificate after having been authenticated by the server. However, this last step never worked because it would entail modifying the browser and time did not permit this.

OpenSSL Configuration Files The openSSl configuration file is used to specify default values and to specify new fields and extensions. Various sections correspond to the different steps undertaken during the creation of the certification. Created a different file for each step of the process.

servreq [ req ] prompt = no distinguished_name = server_distinguished_name [ server_distinguished_name ] commonName = MultimediaServer stateOrProvinceName = CO countryName = US Address = organizationName = Web Server organizationalUnitName = Multimedia

clientreq oid_section= new_oids [ new_oids ] video_file = [ policy_match ] video_file = optional [ client_distinguished_name ] video_file = The video file location video_file_default = The default video location

careq oid_section= new_oids [ new_oids ] video_file = [ policy_match ] video_file = optional [ req_distinguished_name ] video_file = The video file location video_file_default = The default video location

Outcome Succeeded in creating a successful certificate and installing it on the server and the client. Unable to get the client to work properly when connecting to the secure site; the problem turned out to be related to the way openSSL was implemented on the Mac. Not able to implement server or client code for automatic redirection to a multimedia file.

Future Work Create an entire new multimedia extension to the certificate instead of adding new fields. Create modifications to the server and the client to handle processing of the new fields and/or extension. Develop an algorithm for distribution of the certificates. Determine what information should be included within the multimedia extension.

References Apple Developer Connection, OpenSSL.org, Ubuntu Help Forum, Housley, Russ, 2001, Planning for PKI, New York: Wiley Computer Publishing Kaufman, Charlie, 2002, Network Security, New Jersey: Prentis Hall Press

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.