1. Identity Management and DNS Services Tianyi XING

2. Project Goal Establish a DNSSEC service for letting each VM to be identified in the cloud system in a dynamic way.

3. Project Description (cont.) So far, VMs in mobicloud System has ip addresses and specific port number for remote access. But it is hard user to remember all the port number of VMs, and impossible for users to communicate with other Users via VMs in cloud with only knowing user ID.

4. Project Description (cont.) Tasks – Master the mechanism of DNSSEC – Assign a domain name based on user’s ID. – Automatically generate the ip(can be multiple) and domain name(should be unique) pair – Update any changes from the user to make sure users are still able to access from outside Task allocation – Tianyi Xing 100%

5. Project Description (cont.) The project solves the following problems: – How public users to locate and access to the VM in our cloud private network with a secure and easier way. – Assign each VM a domain name based on user’s ID. Like for user terry, its VM domain name is probably terry.mobicloud.asu.edu, which provides a easier way for users to access to their VMs.

6. Technical Details Software – OpenDNSSEC – Linux OS (Debian 5.0, Mac Osx 10.5, OpenBSD 4.4, Red Hat Enterprise Linux 5, Solaris 10 and Ubuntu 10.04) – XenServer – XenCenter Hardware – Server for OpenDNSSEC – Dell Cloud Server (Several VMs) – Dell Switch

7. OpenDNSSEC features Scalable – Sing zones contains anything from a few records up to millions of records. – Signed zone can be migrated from one OpenDNSSEC to another. Flexible – Works with all different version of the Unix OS Secure – Stores sensitive cryptographic data in an HSM – Includes an auditing function that compares the incoming unsigned zone with the outgoing signed zone – Supports RSA/SHA1 and SHA2 signatures

8. Technical Details Network topology and requirements

9. Logical Design

10. Roadmap By mid-term – Establish a DNSSEC server within the mobicloud system – Configure the network to make sure DNSSEC server serve the right purpose in the mobicloud system By Final – Perfect its function Dynamically cooperate with the user ID and IP address Dynamically update the ip(ID) and domain pair – Documentation

11. Risk and Benefit Novel aspects of this project: – Dynamic DNSSEC for VM of mobile device – Secure DNS service in mobicloud framework Risks/challenges: – Let the DNSSEC server dynamically update the id ip and domain pair. Potential applications & benefits: – Dynamic DNSSEC management application

12. Thanks, Question ?