Presentation is loading. Please wait.

Presentation is loading. Please wait.

9/23/2004SIS/chow1 Research Project Techniques and Tools for Supporting Secure Information Sharing and Collaborative Work C. Edward Chow, PI Ganesh Godavari,

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "9/23/2004SIS/chow1 Research Project Techniques and Tools for Supporting Secure Information Sharing and Collaborative Work C. Edward Chow, PI Ganesh Godavari,"— Presentation transcript:

1 9/23/2004SIS/chow1 Research Project Techniques and Tools for Supporting Secure Information Sharing and Collaborative Work C. Edward Chow, PI Ganesh Godavari, GRA Department of Computer Science University of Colorado at Colorado Springs Sponsored by NISSC - AFSOR

2 9/23/2004SIS/chow2 USNORTHCOM Research Question Addressed

3 9/23/2004SIS/chow3 Research Focus and Purpose Research Focus: Investigate Critical Techniques and Tools for Supporting Secure Information Sharing (SIS) and Collaborative Work Tasks: Investigate efficient key and attributed certificate management for large-scale information sharing and collaborative work  easier/faster to share. Study Infrastructure support for secure web-based collaborative applications  fast to setup, reliable, secure Research ubiquitous computing for sharing sensor and web information  access/distribute info anywhere, anytime, anyway

4 9/23/2004SIS/chow4 Schedule Update Follow the same schedule.

5 9/23/2004SIS/chow5 Current Project Status: Task 1 Investigate efficient key and attributed certificate management for large-scale information sharing and collaborative work Studied issues in large scale web-based secure access control using Public Key Infrastructure (PKI) and Privilege Management Infrastructure (PMI). Developed a concept prototype that demonstrate secure web access control with enhanced LDAP and Apache web servers. Working on distributed directory server systems for supporting information sharing among multiple agencies

6 9/23/2004SIS/chow6 Current Project Status: Task 2 Study Infrastructure support for secure web-based collaborative applications Explored the use of Content Delivery Network (CDN) Infrastructure to support secure web-based collaborative applications. Idea  Utilize existing CDN such as Akamai; extend existing web document caching functions to soft real-time collaborative applications (IM). Investigating the solutions for resolving security issues between Java applets and cache servers.

7 9/23/2004SIS/chow7 Current Project Status: Task 3 Research ubiquitous computing for sharing sensor and web information Keeping track of current sensor network and ubiquitous computing literature. Investigated new MicaZ sensor based on new 802.15.4 standard. Plan to focus on this task Spring 2005.

8 9/23/2004SIS/chow8 Current Funding Status Paid for one faculty summer month salary. Paid for two GRA summer month salary. Paid for a Sony VGN-A170B notebook.

9 9/23/2004SIS/chow9 Anticipated Results Identify issues and present solutions for creating and managing a large scale secure web-based information sharing system among multiple independent agencies  Sharing results through publications. Design prototypes for demonstrating the key concepts from the above research  Sharing software developed in this project by posting on CS and NISSC web sites.

10 9/23/2004SIS/chow10 Preliminary Findings Attribute certificate (RFC 328) based Privilege Management Infrastructure (PMI) make it easy to implement the secure role based access control in large scale SIS. Web Servers can be enhanced with LDAP module to allow role-based access control. LDAP can be extended to include attributed certificates. LDAP can function as a central place for creating and managing the roles of users.

11 9/23/2004SIS/chow11 Privilege Management Infrastructure (PMI) Privilege Management Infrastructure –Similar to Public Key Infrastructure –Function is to specify the policy for the attribute certificate issuance and management ConceptPKI entityPMI entity CertificatePublic Key Certificate (PKC) Attribute Certificate (AC) Certificate issuer Certification Authority (CA) Attribute Authority (AA) Certificate userSubjectHolder Certificate binding Subject’s Name to Public Key Holder’s Name to Privilege Attribute(s) RevocationCertificate Revocation List (CRL) Attribute Certificate Revocation List (ACRL) Root of trustRoot CA or Trust Anchor Source of Authority (SOA) Subordinate Authority Subordinate Certification Authority Attribute Authority (AA) Comparison of PKIs and PMIs [2]

12 9/23/2004SIS/chow12 PKC vs. AC PKC binds a subject (DN) to a public key AC's binds permission (attributes) to an entity

13 9/23/2004SIS/chow13 Unanticipated Results Single LDAP is easy to configure. Ganesh had a tough time to extend LDAP to include attribute certificates to work with the current stable version of openldap 2.2-15. We use an older version 2.0.27-8 instead. Octetstringmatch does not work in new version and the suggestions of Dr. Chadwick of Permis Group for adding new object ID type was not accepted by openldap group (wait for standard?). But it is really a pain to configure a set of LDAP server for cooperation (delegation/trust).

14 9/23/2004SIS/chow14 Unanticipated Results Performance Results on a single agency scenario Total time taken for LDAP access (ms) Total Time taken for Attribute certificate retrieval and validation (ms) 113.87143.850001 213.77843.734001 313.91243.720021 Avg.13.85366743.76800767

15 9/23/2004SIS/chow15 Issues and Challenges Automated tools for setting up SIS infrastructure with LDAP/Web servers/clients from multiple agencies. Further Investigation on Federated Identity, RBAC policy and Security Assertion Markup Language (SAML) Study policy-based systems and policy enforcing mechanisms, e.g., Michigan’s Antigone. It is difficult to set up secure information sharing prototype without a real CA. Need tools to speed up the creation of certificates and the installation of fake CA certificates on every client/server.

16 9/23/2004SIS/chow16 Needed Assistance Large scale multiple agencies field trials to obtain real benchmarking results. Help obtain samples of policies used in agencies, in terms of –Data sent over non-secure channels (such as Internet, wireless access) –Account creation –Certificate issuing

17 9/23/2004SIS/chow17 Expectations Moving Forward Explore issues in supporting large scale notification systems. Potential new funding…(DHS,DoD,NSF) Submit results to conferences IDCS/USENIX.

18 9/23/2004SIS/chow18 SIS Testbed

19 9/23/2004SIS/chow19 Directory Information Tree for sis-canada ou=coordinationExcercise dc=sis-canada, dc=edu ou=Research alpha-sis-canada epsilon-sis-canada Similar DIT is for all the servers

20 9/23/2004SIS/chow20 Demo alpha-sis-nissc access information from sis- connecticut.csnet.uccs.edu (level1 directory requires level1 manager role, which alpha is) –https://sis-connecticut.csnet.uccs.edu/level1/review.txthttps://sis-connecticut.csnet.uccs.edu/level1/review.txt –https://sis-connecticut.csnet.uccs.edu/level1/upload.htmlhttps://sis-connecticut.csnet.uccs.edu/level1/upload.html beta-sis-connecticut access information from sis- nissc.csnet.uccs.edu and sis-canada.csnet.uccs.edu (level2 directory requires level2 asstmanager role, which beta is) –https://sis-nissc.csnet.uccs.edu/level2/review.txthttps://sis-nissc.csnet.uccs.edu/level2/review.txt –https://sis-canada.csnet.uccs.edu/level2/review.txthttps://sis-canada.csnet.uccs.edu/level2/review.txt epsilon-sis-newjersey access information from sis- newjersey.csnet.uccs.edu (level3 directory requires level3 submanager role, which epsilon is) –https://sis-newjersey.csnet.uccs.edu/level3/review.txthttps://sis-newjersey.csnet.uccs.edu/level3/review.txt

Download ppt "9/23/2004SIS/chow1 Research Project Techniques and Tools for Supporting Secure Information Sharing and Collaborative Work C. Edward Chow, PI Ganesh Godavari,"

Similar presentations

Campus Based Authentication & The Project Presented By: Tim Cameron National Council of Higher Education Loan Programs.

Campus Based Authentication & The Project Presented By: Tim Cameron National Council of Higher Education Loan Programs.
Donkey Project Introduction and ideas around February 21, 2003 Yuri Demchenko.

Donkey Project Introduction and ideas around February 21, 2003 Yuri Demchenko.
Geneva, Switzerland, 2 June 2014 Introduction to public-key infrastructure (PKI) Erik Andersen, Q.11 Rapporteur, ITU-T Study Group 17 ITU Workshop.

Geneva, Switzerland, 2 June 2014 Introduction to public-key infrastructure (PKI) Erik Andersen, Q.11 Rapporteur, ITU-T Study Group 17 ITU Workshop.
Secure Information Sharing Using Attribute Certificates and Role Based Access Control Ganesh Godavari, C. Edward Chow 06/22/2005 University of Colorado.

Secure Information Sharing Using Attribute Certificates and Role Based Access Control Ganesh Godavari, C. Edward Chow 06/22/2005 University of Colorado.
Report on Attribute Certificates By Ganesh Godavari.

Report on Attribute Certificates By Ganesh Godavari.
Chapter 9 Deploying IIS and Active Directory Certificate Services

Chapter 9 Deploying IIS and Active Directory Certificate Services
TechSec WG: Related activities overview Information and discussion TechSec WG, RIPE-45 May 14, 2003 Yuri Demchenko.

TechSec WG: Related activities overview Information and discussion TechSec WG, RIPE-45 May 14, 2003 Yuri Demchenko.
DESIGNING A PUBLIC KEY INFRASTRUCTURE

DESIGNING A PUBLIC KEY INFRASTRUCTURE
David L. Wasley Information Resources & Communications Office of the President University of California Directories and PKI Basic Components of Middleware.

David L. Wasley Information Resources & Communications Office of the President University of California Directories and PKI Basic Components of Middleware.
Make Secure Information Sharing (SIS) Easy and an Reality C. Edward Chow, PI Osama Khaleel Bill Kretschmer C. Edward Chow, PI Osama Khaleel Bill Kretschmer.

Make Secure Information Sharing (SIS) Easy and an Reality C. Edward Chow, PI Osama Khaleel Bill Kretschmer C. Edward Chow, PI Osama Khaleel Bill Kretschmer.
Resource PKI: Certificate Policy & Certification Practice Statement Dr. Stephen Kent Chief Scientist - Information Security.

Resource PKI: Certificate Policy & Certification Practice Statement Dr. Stephen Kent Chief Scientist - Information Security.
Wednesday, June 03, 2015 © 2001 TrueTrust Ltd1 PERMIS PMI David Chadwick.

Wednesday, June 03, 2015 © 2001 TrueTrust Ltd1 PERMIS PMI David Chadwick.
The EC PERMIS Project David Chadwick

The EC PERMIS Project David Chadwick
Understanding Active Directory

Understanding Active Directory
SIS: Secure Information Sharing for Windows Systems Osama Khaleel CS526 Semester Project.

SIS: Secure Information Sharing for Windows Systems Osama Khaleel CS526 Semester Project.
1 Secure Information Sharing Manager (SIS-M) Thesis 2007 Stephen D. Wise

1 Secure Information Sharing Manager (SIS-M) Thesis 2007 Stephen D. Wise
Design of Web Interface for Advanced Content Switch Thesis proposal by Jayant Patil Department of Computer Science Univ. of Colorado at Colorado Springs.

Design of Web Interface for Advanced Content Switch Thesis proposal by Jayant Patil Department of Computer Science Univ. of Colorado at Colorado Springs.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.
CS526 – Advanced Internet And Web Systems Semester Project Public Key Infrastructure (PKI) By Samatha Sudarshanam.

CS526 – Advanced Internet And Web Systems Semester Project Public Key Infrastructure (PKI) By Samatha Sudarshanam.
CMSC 414 Computer and Network Security Lecture 20 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 20 Jonathan Katz.

Similar presentations

Ads by Google