EGEE is a project funded by the European Union CA overview and requirements Ognjen Prnjat, Nikos Vogiatzis GRNET EGEE-SEE regional kick-off, April 7-8.

Slides:

Advertisements

Similar presentations

Introduction of Grid Security

Advertisements

Wei Lu 1, Kate Keahey 2, Tim Freeman 2, Frank Siebenlist 2 1 Indiana University, 2 Argonne National Lab

Internet Protocol Security (IP Sec)

Policy Based Dynamic Negotiation for Grid Services Authorization Infolunch, L3S Research Center Hannover, 29 th Jun Ionut Constandache Daniel Olmedilla.

Security Protocols Sathish Vadhiyar Sources / Credits: Kerberos web pages and documents contained / pointed.

Grid Computing, B. Wilkinson, 20045a.1 Security Continued.

Grid Security Infrastructure Tutorial Von Welch Distributed Systems Laboratory U. Of Chicago and Argonne National Laboratory.

Lecture 2: Security Rachana Ananthakrishnan Argonne National Lab.

Lecture 23 Internet Authentication Applications

Presentation Two: Grid Security Part Two: Grid Security A: Grid Security Infrastructure (GSI) B: PKI and X.509 certificates C: Proxy certificates D:

Military Technical Academy Bucharest, 2006 GRID SECURITY INFRASTRUCTURE (GSI) - Globus Toolkit - ADINA RIPOSAN Department of Applied Informatics.

Grid Security. Typical Grid Scenario Users Resources.

Generic AAA model in Grids IRTF - AAAARCH meeting IETF 52 – Dec 14 th Salt Lake City Leon Gommans Advanced Internet Research Group.

Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.

DGC Paris Community Authorization Service (CAS) and EDG Presentation by the Globus CAS team & Peter Kunszt, WP2.

Security NeSC Training Team International Summer School for Grid Computing, Vico Equense,

INFSO-RI Enabling Grids for E-sciencE Security, Authorisation and Authentication Mike Mineter Training, Outreach and Education National.

Open Science Grid Use of PKI: Wishing it was easy A brief and incomplete introduction. Doug Olson, LBNL PKI Workshop, NIST 5 April 2006.

Military Technical Academy Bucharest, 2006 SECURITY FOR GRID INFRASTRUCTURES - Grid Trust Model - ADINA RIPOSAN Department of Applied Informatics.

Grid Security Overview The Globus Project™ Copyright (c) 2002 University of Chicago and The University of Southern California. All.

Authentication Policy David Kelsey CCLRC/RAL 15 April 2004, Dublin

Web Services Security Multimedia Information Engineering Lab. Yoon-Sik Yoo.

The EU Grid PMA David Kelsey CCLRC/RAL 16 April 2004, Dublin

Chapter 8 Web Security.

Security Management.

1 CS 194: Distributed Systems Security Scott Shenker and Ion Stoica Computer Science Division Department of Electrical Engineering and Computer Sciences.

Digital Certificates Public Key Deception Digital Certificates Certificate Authorities Public Key Infrastructures (PKIs)

INFSO-RI Enabling Grids for E-sciencE EGEE Security Basics for the User Guy Warner NeSC Training Team An Induction to EGEE for GOSC.

12-May-03D.P.Kelsey, SCG Online Authentication1 Online Authentication SCG Meeting EDG Barcelona, 12 May 2003 David Kelsey CCLRC/RAL, UK

Grid Security Issues Shelestov Andrii Space Research Institute NASU-NSAU, Ukraine.

Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 22 – Internet Authentication.

Unit 1: Protection and Security for Grid Computing Part 2

INFSO-RI Enabling Grids for E-sciencE Getting Started Guy Warner NeSC Training Team Induction to Grid Computing and the National.

Grid Security 1. Grid security is a crucial component Need for secure communication between grid elements  Authenticated ( verify entities are who they.

Chapter 23 Internet Authentication Applications Kerberos Overview Initially developed at MIT Software utility available in both the public domain and.

Web Security : Secure Socket Layer Secure Electronic Transaction.

INFSO-RI Enabling Grids for E-sciencE Sofia, 22 March 2007 Security, Authentication and Authorisation Mike Mineter Training, Outreach.

Module 9: Fundamentals of Securing Network Communication.

Digital Envelopes, Secure Socket Layer and Digital Certificates By: Anthony and James.

TERENA TF-EMC2 Workshop David Groep,

Security, Authorisation and Authentication.

CSE 543 Computer Security: Risks of PKI - Josh Schiffman & Archana Viswanath Ten Risks of PKI: What You're not Being Told about Public Key Infrastructure.

Security in ebXML Messaging CPP/CPA Elements. Elements of Security P rivacy –Protect against information being disclosed or revealed to any entity not.

Who’s watching your network The Certificate Authority In a Public Key Infrastructure, the CA component is responsible for issuing certificates. A certificate.

Manish Mehta, CS 590L Authentication Services in Open Grid Services by Manish Mehta April 27, 2004.

Washington System Center © 2005 IBM Corporation August 25, 2005 RDS Training Secure Socket Layer (SSL) Overview z/Series Security (Mary Sweat, Greg Boyd)

Security fundamentals Topic 5 Using a Public Key Infrastructure.

Authorisation, Authentication and Security Guy Warner NeSC Training Team Induction to Grid Computing and the EGEE Project, Vilnius,

EGEE is a project funded by the European Union under contract IST Grid computing Assaf Gottlieb Tel-Aviv University assafgot tau.ac.il

Module 2: Introducing Windows 2000 Security. Overview Introducing Security Features in Active Directory Authenticating User Accounts Securing Access to.

Computer and Network Security - Message Digests, Kerberos, PKI –

Need for Security Control access to servicesControl access to services Ensure confidentialityEnsure confidentiality Guard against attacksGuard against.

Bridge Certification Architecture A Brief Overview by Tim Sigmon May, 2000.

Key Management. Authentication Using Public-Key Cryptography  K A +, K B + : public keys Alice Bob K B + (A, R A ) 1 2 K A + (R A, R B,K A,B ) 3 K A,B.

DTI Mission – 29 June LCG Security Ian Neilson LCG Security Officer Grid Deployment Group CERN.

1 Grid School Module 4: Grid Security. 2 Typical Grid Scenario Users Resources.

EGI-InSPIRE RI EGI EGI-InSPIRE RI Establishing Identity in EGI the authentication trust fabric of the IGTF and EUGridPMA.

EMI is partially funded by the European Commission under Grant Agreement RI Common Authentication Library Daniel Kouril, for the CaNL PT EGI CF.

20-21 January 2005 Athens, January 2005 HellasGrid CA & euGridPMA EGEE 3rd Parties Advanced Induction Course January, NTUA, Athens Kanellopoulos.

1 US Higher Education Root CA (USHER) Update Fed/Ed Meeting December 14, 2005 Jim Jokl University of Virginia.

GRID-FR French CA Alice de Bignicourt.

EGEE-II INFSO-RI Enabling Grids for E-sciencE Authentication, Authorisation and Security Emidio Giorgio INFN Catania.

INFSO-RI Enabling Grids for E-sciencE Sofia, 17 March 2009 Security, Authentication and Authorisation Mike Mineter Training, Outreach.

EGEE is a project funded by the European Union

HellasGrid CA & euGridPMA

Grid Security Infrastructure

Presentation transcript:

EGEE is a project funded by the European Union CA overview and requirements Ognjen Prnjat, Nikos Vogiatzis GRNET EGEE-SEE regional kick-off, April 7-8 th, 2004

Athens, 7-8 th April - 2 Objectives of this session Establish understanding of the CA operation Agree on strategy in EGEE-SEE

Athens, 7-8 th April - 3 Outline Basic PKI/CA overview EGEE security

Athens, 7-8 th April - 4 Grid security requirements Secure communication (authenticated and perhaps confidential) between Grid elements. Security support across organizational boundaries, thus prohibiting a centrally-managed security system. “Single sign-on" for users of the Grid, including delegation of credentials for computations that involve multiple resources and/or sites.

Athens, 7-8 th April - 5 Globus security Globus / Globus Security Infrastructure use PKI and certificates PKI (CAs and Certificates) SSL/ TLS Proxies and Delegation PKI for credentials Proxies and delegation (GSI extensions) for secure single sign-on PKI: Public Key Infrastructure, SSL: Secure Socket Layer TLS: Transport Level Security SSL for authentication and message protection

Athens, 7-8 th April - 6 Certificates A X.509 certificate binds a public key to a name It includes a name and a public key signed by a trusted party (I\issuer) By checking the signature, one can determine that a public key belongs to a given user Name Issuer Public Key Signature Koumantaros Kostas 56, Mesogion Av. Athens, GR BD Male 175cm, 65Kg Brown Eyes Hellenic State Seal

Athens, 7-8 th April - 7 Certification Authorities (CAs) A small set of trusted entities known as Certificate Authorities (CAs) are established to sign certificates CA is an entity that exists only to sign user certificates The CA signs it’s own certificate which is distributed in a trusted manner The public key from the CA certificate can then be used to verify other certificates CA certificate itself must be trusted!! Name: CA Issuer: CA CA’s Public Key CA’s Signature

Athens, 7-8 th April - 8 CA verification Different approaches: Root certification Cross certification Bridge/hub cross-certification EGEE approach: PMA “club” of CA managers

Athens, 7-8 th April - 9 GRID CAs - PMA The European Grid Authentication Policy Management Authority for e-Science Authentication for distributed resource access through the Grid Security Infrastructure (GSI) Goal: establish a common authentication infrastructure trusted by all EU DataGrid parties Later joined by more partners (LCG project, others around the world) GridPMA.org initiative was started in

Athens, 7-8 th April - 10 EGEE security PMA checks if candidate CA conforms to a set of Minimum Requirements before it can join the club Cyprus, HellasGrid and Israel CA part of PMA Up to other EGEE-SEE CAs join the PMA club and run CA services for local Grid users Details on the site: Catch-all CA (for SEE-GRID): HellasGrid

Athens, 7-8 th April - 11 Action points Identify existing CAs and future CA plans