Presentation is loading. Please wait.

Presentation is loading. Please wait.

Egypt Certification Authority Dr. Ayman Bahaa-Eldin EUN Director 8 May 2012 25th EuGridPMA meeting, Germany.

Published byKatherine Stevens Modified over 8 years ago

Similar presentations

Presentation on theme: "Egypt Certification Authority Dr. Ayman Bahaa-Eldin EUN Director 8 May 2012 25th EuGridPMA meeting, Germany."— Presentation transcript:

1 Egypt Certification Authority Dr. Ayman Bahaa-Eldin EUN Director aymanbahaa@eun.eg 8 May 2012 25th EuGridPMA meeting, Germany

2 Content (1/2)  About Egyptian Universities Network  Introduction  CP/CPS  CA System  Operational Controls  Online Repository  Certificate Types 8 May 2012 25th EuGridPMA meeting, Germany

3 Content (2/2)  Name Forms  Who can submit a certificate application  How to get a certificate  Re-key Requests  Revocation Requests  Other important issues 8 May 2012 25th EuGridPMA meeting, Germany

4 About EUN Established 1987 First Data Network (WAN) in Africa and Middle East First Internet point and ISP in Africa and Middle East Continuously Evolving ever since 8 May 2012 25th EuGridPMA meeting, Germany

5 Higher Education Government Organizations 19 Universities (23 by end of 2012) 8 Technical Colleges 1,400,000+ Students 80,000+ Staff Member During the period from 2005 to 2008, the Ministry of Higher Education has funded the Higher Education Enhancement project (HEEP) which consists of six major projects including Information and Communication technology project (ICTP), during this period ICTP has funded a number of projects within the Supreme Council of Universities and the Universities to mainly enhance the Higher Education Network About EUN

6

7 Quality of learning through providing access to new (non traditional) resources and improved teaching approaches, Quality of research through increased access to different national and international knowledge and computational resources, ICT led Management Information Systems, and Collaboration opportunities between universities. The main objectives of enhancing the Higher Education Network may be grouped into four major directions, namely: Higher Education Network Information and Communication Technology Project (ICTP) HEEP ICTP HEIC UICs 2003 2005 2008 2009 Higher education components Funding projects and monitoring performance Strategic Plans, Regulation and Consultation Execution and dissemination National ICT Strategy ICT Framework for Education and Research e- Government Strategy Connecting Communities Strategy About EUN

8 What is Higher Education Network IT infrastructure supporting educational and research processes across higher education organizations. Data centres in premier universities in addition to EUN. Access to a wide variety of national and international knowledge channels and computational resources. e-Learning and Distance-Learning resources to be integrated within higher education curriculums. Continuous guided e-training on different IT components. Streamlined organizational processes through intelligent Management Information Systems. Single knowledge and services gate via higher education portal. Wide variety of computational resources and electronic services About EUN

9 Introduction (1/2) The EG Grid infrastructure is working since 2006 through the EUMEDGrid project. EUN was nominated as Registration Authority using the INFN CA services since 2006 till now. Through the EUMEDGrid Support project EUN managed to establish EG-Grid CA. 8 May 2012 25th EuGridPMA meeting, Germany

10 Introduction (2/2) CP/CPS is prepared by EUN and revised by TUBITAK, Turkey. New hardware for CA is delivered. Open CA software has been set up and tested. On-line repository is ready (www.grid.eun.eg).www.grid.eun.eg EG-GRID CA constituency will cover the national academic and research community including national and international Grid activities. Wider constituency covering a commercial activities will activated very soon. 8 May 2012 25th EuGridPMA meeting, Germany

11 CP/CPS The document is organized by EUN as defined in the RFC 3647. Document OID : 1.3.6.1.4.1.38589.1.1.0 All versions (current and past) of the document will be available at the online repository. 8 May 2012 25th EuGridPMA meeting, Germany

12 CA System The EG-GRID CA is stand-alone self- signed CA and does not issue certificates to subordinate CA. The CA system is consists of 2 dedicated machines, o One offline CA signing server (CA server) o One online web server (online repository) 8 May 2012 25th EuGridPMA meeting, Germany

13 Operational Controls The EG-GRID CA operates in controlled Data Center at EUN premises. Physical access to hardware is restricted to authorized personnel. Fire alarm and fire fighting systems are in place. The CA/RA operations are maintained at high level of security EUN is monitored by the EG-CSERT Dedicated Network Security and Management team of 6 Engineers 8 May 2012 25th EuGridPMA meeting, Germany

14 EUN Data Center Logical View 8 May 2012 25th EuGridPMA meeting, Germany

15

16 PKI in Egypt Legalized by Law:15/2004 Root CA of Egypt in ITIDA, MCIT – Licenses Sub-CAs – Cross Certifies between CAs GOV-CA, MSAD for G2G 4 Commercial CAs – EgyptTrust, VeriSign technology, focusing on Governmental and public projects – MCSD, Thales technology focusing on Stock and banking – SNS, Microsoft Technology, private sector market, – ACT, Entrust technology, did not go to business yet EUN is the RA for GOV-CA for the ministry of higher education and public universities 8 May 2012 25th EuGridPMA meeting, Germany

17 PKI in Egypt Softlock, PKI technology provider Egypt Smart Token fully developed as a granted research project – Funded by ITIDA, the root CA – PI, Dr. Ayman Bahaa – ENTRUST, VeriSign, CSP, PKCS#11, FIPS 140-2 compliance 8 May 2012 25th EuGridPMA meeting, Germany

18 Online Repository EG-GRID CA will maintain a secure online repository that includes : o The EG-GRID CA root certificate in CRT, PEM, DER, CER and text format o User and host certificates issued by the CA o A periodically updated DER, PEM and text Certificate Revocation List (CRL) o All versions (current and past) of its verified CP/CPS document o An official contact e-mail address o A physical contact address o Other information that can be regarded as relevant to EG-GRID CA The on-line repository runs on best-effort basis with an availability of 24x7, liable to reasonable scheduled maintenance. 8 May 2012 25th EuGridPMA meeting, Germany

19 Certificate Types User Certificate (people) Host Certificate (computers) Service Certificate 8 May 2012 25th EuGridPMA meeting, Germany

20 Who can submit a certificate application users affiliated to eligible organization for which they take full responsibility, hosts administered by the requesting eligible organization, and services provided on a host that is administered by an eligible organization. 8 May 2012 25th EuGridPMA meeting, Germany

21 Name Forms The subject names for the certificate applicants shall follow the X.500 standard: o in case of user certificate the subject name must include the person’s name in the CN field; o in case of host certificate the subject name must include the FQDN (Fully Qualified Domain Name) as registered to DNS in the CN field; o in case of service certificate the subject name must include the FQDN separated by a “/” in the CN field. 8 May 2012 25th EuGridPMA meeting, Germany

22 How to get a certificate (1/3) Requests are submitted via SSL protected HTTP transport, either in PKCS10 or SPKAC format. Procedures are different if the subject is a user or a host/service. In every case the subject has to generate his own key pair. Minimum key length is 2048 bits. 8 May 2012 25th EuGridPMA meeting, Germany

23 How to get a certificate (2/3) User Certificate : The user has to get EG-GRID CA Certificate (from the online repository). The user has to request a certificate (from the online repository). The user has to go to the Registration Authority (RA) for face to face meeting, as the RA has to verify o your identity and check your organization. o check the PIN that you have entered during requesting the certificate. The RA will approve the user request based on the face to face meeting. The EG-GRID CA operator will review the RA approval and sign it. The user will receive an email from (ca@grid.eun.eg) contains the serial number and the instruction to get your certificate. 8 May 2012 25th EuGridPMA meeting, Germany

24 How to get a certificate (3/3) Host Certificate: The host certificate can only be requested by the administrator who must already have a valid personal EG-GRID certificate and responsible for the particular host by one of two different methods: o sending a signed e-mail to the RA, then the RA verifies the right of the requestor to obtain the certificate and forwards the request to the EG-GRID CA by a signed e-mail. o authenticating to the EG-GRID CA secure website directly and request the host certificate 8 May 2012 25th EuGridPMA meeting, Germany

25 Re-key Requests Expiration warnings will be sent to subscribers before it is re-key time. Re-key before expiration can be executed by sending a re-key e-mail request signed with the current personal certificate of the subscriber. Re-key after expiration uses completely the same authentication procedure as new certificate. 8 May 2012 25th EuGridPMA meeting, Germany

26 Revocation Requests For user certificate: Revocation request should be authenticated in one of the following ways: o by issuing a revocation request from the public interface. o by personal authentication. For a host or service certificate: By sending an e-mail which must be signed by the certificate of the administrator responsible for the particular host or service. 8 May 2012 25th EuGridPMA meeting, Germany

27 Other important issues All archived records are stored on off line medium. Archive maintained for 3 years. The operational audit will be performed once a year. Audit logs maintained for 3 years. The life time of the certificate is one year. 8 May 2012 25th EuGridPMA meeting, Germany

28 Thank You aymanbahaa@eun.eg 8 May 2012 25th EuGridPMA meeting, Germany

Download ppt "Egypt Certification Authority Dr. Ayman Bahaa-Eldin EUN Director 8 May 2012 25th EuGridPMA meeting, Germany."

Similar presentations

Experiences with Massive PKI Deployment and Usage Daniel Kouřil, Michal Procházka Masaryk University & CESNET Security and Protection of Information 2009.

Experiences with Massive PKI Deployment and Usage Daniel Kouřil, Michal Procházka Masaryk University & CESNET Security and Protection of Information 2009.
Digital Certificate Installation & User Guide For Class-2 Certificates.

Digital Certificate Installation & User Guide For Class-2 Certificates.
Launching Egyptian Root CA and Inaugurating E-Signature Dr. Sherif Hazem Nour El-Din Information Security Systems Consultant Root CA Manager, ITIDA.

Launching Egyptian Root CA and Inaugurating E-Signature Dr. Sherif Hazem Nour El-Din Information Security Systems Consultant Root CA Manager, ITIDA.
Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.
Digital Certificate Installation & User Guide For Class-2 Certificates.

Digital Certificate Installation & User Guide For Class-2 Certificates.
Digital Certificate Installation & User Guide For Class-2 Certificates.

Digital Certificate Installation & User Guide For Class-2 Certificates.
Grid Computing, B. Wilkinson, 20045a.1 Security Continued.

Grid Computing, B. Wilkinson, 20045a.1 Security Continued.
Academia Sinica Grid Computing Certification Authority (ASGCCA) Yuan, Tein Horng Academia Sinica Computing Centre 13 June 2003.

Academia Sinica Grid Computing Certification Authority (ASGCCA) Yuan, Tein Horng Academia Sinica Computing Centre 13 June 2003.
CNIC Grid CA/SDG CA Self Audit Kejun (Kevin) Dong Computer Network Information Center (CNIC) Chinese Academy of Sciences APGridPMA F2F.

CNIC Grid CA/SDG CA Self Audit Kejun (Kevin) Dong Computer Network Information Center (CNIC) Chinese Academy of Sciences APGridPMA F2F.
FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.

FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.
Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.

Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.
Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.

Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.
DESIGNING A PUBLIC KEY INFRASTRUCTURE

DESIGNING A PUBLIC KEY INFRASTRUCTURE
16.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.

16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
1 REUNA Certificate Authority Juan Carlos Martínez REUNA Chile Rio de Janeiro,27/03/2006, F2F meeting, TAGPMA.

1 REUNA Certificate Authority Juan Carlos Martínez REUNA Chile Rio de Janeiro,27/03/2006, F2F meeting, TAGPMA.
National Institute of Advanced Industrial Science and Technology Auditing, auditing template and experiences on being audited Yoshio Tanaka

National Institute of Advanced Industrial Science and Technology Auditing, auditing template and experiences on being audited Yoshio Tanaka
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.
Information and Communication Technologies in the field of general education in Armenia 2011 2011 NATIONAL CENTER OF EDUCATIONAL TECHNOLOGIES.

Information and Communication Technologies in the field of general education in Armenia NATIONAL CENTER OF EDUCATIONAL TECHNOLOGIES.
Deploying a Certification Authority for Networks Security Prof. Dr. VICTOR-VALERIU PATRICIU Cdor.Prof. Dr. AUREL SERB Computer Engineering Department Military.

Deploying a Certification Authority for Networks Security Prof. Dr. VICTOR-VALERIU PATRICIU Cdor.Prof. Dr. AUREL SERB Computer Engineering Department Military.
Introduction to Secure Messaging The Open Group Messaging Forum April 30, 2003.

Introduction to Secure Messaging The Open Group Messaging Forum April 30, 2003.

Similar presentations

Ads by Google