Download presentation
Presentation is loading. Please wait.
1
Comb-e-Chem PKI Mike Surridge, Steve Taylor IT Innovation
2
Public Key Infrastructure (PKI) Requirements:Requirements: –be able to authenticate remote users –be easy to operate by Chemists (e.g. NCS) –be secure enough for academic users Analysis of existing NCS authentication:Analysis of existing NCS authentication: –uses personal knowledge of user community –uses contextual information (e.g. EPSRC project codes) –lightweight for both NCS and their customers Public key infrastructure developments:Public key infrastructure developments: –Comb-e-Chem certification policy agreed –procedures developed for NCS to certify remote users –operational responsibility transferred to Chemistry
3
PKI Roles Grid communityGrid community –defines security policy and certificate policy (CP) –approves certification authorities Certification Authority (CA)Certification Authority (CA) –defines certification practise statement (CPS) –engages registration authorities –issues certificates in accordance with policy Registration Authority (RA)Registration Authority (RA) –checks credentials of certificate applicants –enforces security and certificate policy
4
PKI Trust Network
5
Comb-e-Chem CP CP is Certification PolicyCP is Certification Policy –a set of rules by which a PKI must operate –follows a format described in RFC2527 –areas such as user registration, physical security, certificate life cycle, etc… Comb-e-Chem CP pays particular attention toComb-e-Chem CP pays particular attention to –user registration –certificate life cycle
6
NCS CPS CPS is Certificate Practice StatementCPS is Certificate Practice Statement A description of how the NCS CA (Sam) abides by and implements the rules in the CPA description of how the NCS CA (Sam) abides by and implements the rules in the CP –describes operational procedures for implementing the CP’s requirements –contains a number of agreement forms to be signed by the parties involved
7
PKI - Lessons Learned The PKI must have well-defined procedures and strict adherence to themThe PKI must have well-defined procedures and strict adherence to them –CP & CPS The CA must exercise rigour in operational proceduresThe CA must exercise rigour in operational procedures –checking of credentials –following procedures to the letter –physical security –audit trails –backups –revocation
8
PKI - Lessons Learned 2 User education must be addressedUser education must be addressed –the concepts of PKI are complex –the overhead of education can be a barrier to take-up –ill-informed users can worsen security –do users understand what is meant by (for example) a private key and a certificate? –do they understand their security obligations? –in the NCS case, users are guided by the RA
9
Comb-e-Chem Security Mike Surridge, Steve Taylor IT Innovation
10
Overview of Activities Security risk managementSecurity risk management –applied to the NCS service Security implementationSecurity implementation –operating policies and public key infrastructure –deployment of security features at NCS
11
Risk Management Risk Analysis Asset-Based Security Identify and value assets Identify threats and risks Identify and cost defences Define risk managementapproach Implementdefences
12
Risk Analysis Value assets based on impact of compromiseValue assets based on impact of compromise –high: likely to cause total business failure –med: significant but not fatal impact –low: irritating but no significant impact Threats based on likelihood of attackThreats based on likelihood of attack –high: attacks will definitely take place –med: attacks may occur from time to time –low: attacks are unlikely Risks based on likelihood of successRisks based on likelihood of success –taking account of existing defences
13
Risk Management Determine appropriate response to threatsDetermine appropriate response to threats –acceptance: live with the potential consequences –reduction: introduce defences –avoidance: don’t use the system Leads to cost-effective securityLeads to cost-effective security –as much security as you need –not more than you can afford
14
Risk Analysis Facilitation
15
Application to NCS Service Assets:Assets: –campus system and network integrity (med/high) –sample tracking data (med) –experimental result data (low/med) –grid service integrity (low/med) Risks:Risks: –system attacks from outside campus (high likelihood) –systems attacks from inside campus (med likelihood) –compromise of remote user credentials (high likelihood) –internal user error (med likelihood)
16
Security Threats
17
Conclusions Progress with core technology developmentsProgress with core technology developments –authorisation and WS-Security –relevant for service integration NCS security risks analysedNCS security risks analysed –appropriate defences identified Security procedures and infrastructure implementedSecurity procedures and infrastructure implemented –public key infrastructure (CA, RAs, policies) –firewalls and protocols for NCS deployment
18
Comb-e-Chem Security Mike Surridge, Steve Taylor IT Innovation
19
Conclusions Progress with core technology developmentsProgress with core technology developments –authorisation and WS-Security –relevant for service integration NCS security risks analysedNCS security risks analysed –appropriate defences identified Security procedures and infrastructure implementedSecurity procedures and infrastructure implemented –public key infrastructure (CA, RAs, policies) –firewalls and protocols for NCS deployment
20
PKI can have Multiple CAs UserUser ResourceResource CA1 CAn
21
Registration Procedure
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.