KISTI Grid CA Status Report Korea Institute of Science and Technology Information Sangwan Kim Jae-Hyuck Kwan

Slides:

Advertisements

Similar presentations

Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.

Advertisements

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Academia Sinica Grid Computing Certification Authority (ASGCCA) Jinny Chien.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Donkey Project Introduction and ideas around February 21, 2003 Yuri Demchenko.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

Geneva, Switzerland, 2 June 2014 Introduction to public-key infrastructure (PKI) Erik Andersen, Q.11 Rapporteur, ITU-T Study Group 17 ITU Workshop.

 A public-key infrastructure ( PKI ) is a set of hardware, software, people, policies, and procedures needed to create, manage, distribute, use, store,

HIT Standards Committee: Digital Certificate Trust – Policy Question for HIT Policy Committee March 29, 2011.

National Institute of Advanced Industrial Science and Technology Auditing, auditing template and experiences on being audited Yoshio Tanaka

APNIC Trial of Certification of IP Addresses and ASes RIPE 52 Plenary George Michaelson Geoff Huston.

Resource Certificate Profile SIDR WG Meeting IETF 66, July 2006 draft-ietf-sidr-res-certs-01 Geoff Huston Rob Loomans George Michaelson.

CERTIFICATES “a document containing a certified statement, especially as to the truth of something ”

Copyright, 1996 © Dale Carnegie & Associates, Inc. Digital Certificates Presented by Sunit Chauhan.

CS470, A.SelcukPKI1 Public Key Infrastructures CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

S/MIME and PKI Dartmouth College PKI Lab. What Is S/MIME? RFC 2633 (S/MIME Version 3)RFC 2633 Extensions to MIME Uses PKI certificates, keys, and.

9/20/2000www.cren.net1 Root Key Cutting and Ceremony at MIT 11/17/99.

NECTEC-GOC CA APGrid PMA face-to-face meeting. October, Sornthep Vannarat National Electronics and Computer Technology Center, Thailand.

KISTI Grid CA Status Report KISTI Supercomputing Center Sangwan Kim APGridPMA Meeting Mar 8, 2010 Academia Sinica, Taipei, Taiwan.

HEPKI-TAG UPDATE Jim Jokl University of Virginia

National Institute of Advanced Industrial Science and Technology Self-audit report of AIST GRID CA Yoshio Tanaka Information.

FP6−2004−Infrastructures−6-SSA E-infrastructure shared between Europe and Latin America The Brazilian Grid Certification Authority.

DataGrid WP6 CA meeting, CERN, 12 December 2002 IISAS Certification Authority Jan Astalos Department of Parallel and Distributed Computing Institute of.

March 27, 2006TAGPMA - Rio de Janeiro1 Short Lived Credential Services Profile Tony J. Genovese The Americas Grid PMA DOEGridsATF/ESnet/LBNL.

National Institute of Advanced Industrial Science and Technology Brief status report of AIST GRID CA APGridPMA Singapore September 16 Yoshio.

CERTIFICATES. What is a Digital Certificate? Electronic counterpart to a drive licenses or a passport. Enable individuals and organizations to secure.

Symmetric Encryption Mom’sSecretApplePieRecipe Mom’sSecretApplePieRecipe The same key is used to encrypt and decrypt the data. DES is one example. Pie.

NECTEC-GOC CA Self Audit 7 th APGrid PMA Face-to-Face meeting March 8 th, 2010 Large-Scale Simulation Research Laboratory Sornthep Vannarat Large-Scale.

Attribute Certificate By Ganesh Godavari. Talk About An Internet Attribute Certificate for Authorization -- RFC 3281.

IHEP Grid CA Status Report Gongxing Sun F2F Meeting 20 Apr Computing Centre, IHEP,CAS,China.

IHEP Grid CA Status Report Wei F2F Meeting 8 Mar Computing Centre, IHEP,CAS,China.

Profile for Portal-based Credential Services (POCS) Yoshio Tanaka International Grid Trust Federation APGrid PMA AIST.

KISTI Grid CA Operation KISTI Supercomputing Center Sangwan Kim, Soonwook Hwang CA Operators Contact: Jan. 8, 2007.

IST E-infrastructure shared between Europe and Latin America ULAGrid Certification Authority Vanessa Hamar Universidad de Los.

PKI: News from the Front and views from the Back Ken Klingenstein, Project Director, Internet2 Middleware Initiative Chief Technologist, University of.

NECTEC-GOC CA The 3 rd APGrid PMA face-to-face meeting. June, Suriya U-ruekolan National Electronics and Computer Technology Center, Thailand.

APGrid PMA face-to-face meeting, 9/16/2008 PRAGMA-UCSD CA Team Pacific Rim Application and Grid Middleware Assembly

Comments on draft-ietf-pkix-rfc3280bis-01.txt IETF PKIX Meeting Paris - August 2005 Denis Pinkas

1 Certification Issue : how do we confidently know the public key of a given user? Authentication : a process for confirming or refuting a claim of identity.

0 NAREGI CA Status Report APGrid F2F meeting in Singapore June 4, 2007 Rumiko Masuko.

1 Public Key Infrastructure Dr. Rocky K. C. Chang 25 February, 2002.

TR-GRID CA Self-Auditing Results and Status Update EUGridPMA Meeting September 12-14, 2011 Marrakesh Feyza Eryol, Onur Temizsoylu TUBITAK-ULAKBIM

HKU Computer Centre Grid Certificate Authority Status Update Lilian Chan IT Services, The University of Hong Kong APGrid.

QuoVadis accreditation with EuGridPMA Alessandro Usai

1 KISTI Grid CA Status Report Sangwan Kim Korea Institute of Science and Technology Information Technology Development Team 2014.

18 th EUGridPMA, Dublin / SRCE CA Self Audit SRCE CA Self Audit Emir Imamagić SRCE Croatia.

GRID-FR French CA Alice de Bignicourt.

NECTEC-GOC CA A Brief Status Report 13 th APGrid PMA Face-to-Face meeting March 24 th, 2014 Large-Scale Simulation Research Laboratory Information Communications.

Feyza Eryol TÜBİTAK ULAKBİM TR-GRID CA SELF-AUDIT & UPDATES.

UGRID CA Self-audit report Sergii Stirenko 21 st EUGRIDPMA Meeting Utrecht 24 January 2011.

HellasGrid CA self Audit. In general We do operations well Our policy documents need work (mostly to make the text clearer in a few sections) 2.

29 th EUGridPMA meeting, September 2013, Bucharest AEGIS Certification Authority Dušan Radovanović University of Belgrade Computer Centre.

IRAN-GRID Certificate Authority 13 th EUgridPMA Meeting Copenhagen May 2008 Majid Arabgol Hessamdding Arfaei Shahin Rouhani

MD-Grid CA Valentin Pocotilenco RENAM Association

IRAN-GRID CA Self Audit IRAN-GRID CA Self Audit Report Shahin Rouhani IRAN-GRID Tehran Iran Shahin Rouhani Grid Computation Group IPM, Tehran, Iran May.

ASN.1: Cryptographic files

AEGIS Certification Authority

UGRID CA Sergii Stirenko, Oleg Alienin

Cryptography and Network Security

Organized by governmental sector (National Institute　of information )

کاربرد گواهی الکترونیکی در سیستمهای کاربردی (امضای دیجیتال)

APNIC Trial of Certification of IP Addresses and ASes

Public-Key Certificates

جايگاه گواهی ديجيتالی در ايران

MaGrid CA Self audit and update

Resource Certificate Profile SIDR WG Meeting IETF 66, July 2006

PKI (Public Key Infrastructure)

Emir Imamagić University Computing Centre (Srce)

KISTI CA Report Status & Self-Audit

BG.ACAD CA Self-audit report 2018

Presentation transcript:

KISTI Grid CA Status Report Korea Institute of Science and Technology Information Sangwan Kim Jae-Hyuck Kwan 5th APGrid PMA Meeting September Biopolis, Singapore

Contents History of KISTI Grid CA Operation KISTI Grid CA Overview Statistics Future Works

History of KISTI Grid CA Operation K*Grid Project started from 2002 in Korea. Experimental CA System (2002 ~ June 2004) ▶ Statistics # of users (subscribers) : more than 390 users # of issued certificates : more than 3,000 certificates Production Level CA System (June 2004 ~ June 2007) ▶ Statistics # of users (subscribers) : more than 60 users # of issued certificates : more than 400 certificates Production CA v2.0 (June 2007~) ▶ Statistics # of users (subscribers) : 27 # of issued certificates : 66 certificates

KISTI Grid CA Overview Web Site (online certificates repository) ▶ CA cert ▶ ▶ Valid : Jul 12, 2007 – Aug 1, 2017 (10 years) ▶ Key size: 2048 bits Certificate Policy & Practice Statement: ▶ ▶ Based on RFC 3647 ▶ X.509 OID: CRL ▶ ▶ X509 Version 2, CRL life time: 30 days (new CRL 7 days before expiration of the previous one)

KISTI Grid CA Overview Certificate Profile: X509 v3 Extensions ▶ CA certificate Basic Constraints: CA: TRUE Key Usage: critical, Certificate Sign, CRL Sign Certificate Policies: ▶ User certificates Basic Constraints: CA: FALSE Key Usage: critical, Digital Signature, Non Repudiation, Key Encipherment, Data Enciperment Extended Key Usage: TLS Web Client Authentication Issuser Alternative Name, CRL Distribution Point, Policies OID ▶ Host certificates Basic Constraints: CA: FALSE Key Usage: critical, Digital Signature, Key Encipherment, Data Enciperment Extended Key Usage: TLS Web Server/Client Authentication Issuser Alternative Name, CRL Distribution Point, Policies OID Subject Alternative Name: DNS:

KISTI Grid CA Overview Name forms ▶ Issuer: C=KR, O=KISTI, O=GRID, CN=KISTI Grid Certificate Authority ▶ User DN: C=KR, O=KISTI, O=GRID, O=[applicant's organization], CN=[the name of applicant] ▶ Host DN: C=KR, O=KISTI, O=GRID, O=[applicant's organization], CN=[FQDN of the hostname]

Statistics # of Applicants : 78 # of Certificates ▶ User certificates 68 valid, 4 revoked, 3 expired ▶ Host certificates 162 valid, 4 revoked, 3 expired

Future Works Some improvement of web system (user interfaces, design, etc..) Self-auditing of KISTI CA

Thank You For Your Attention