Presentation is loading. Please wait.

Presentation is loading. Please wait.

National Center for Supercomputing Applications PKI and CKM ® Scaling Study NCASSR Kick-off Meeting June 11-12, 2003 Jim Basney

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "National Center for Supercomputing Applications PKI and CKM ® Scaling Study NCASSR Kick-off Meeting June 11-12, 2003 Jim Basney"— Presentation transcript:

1 National Center for Supercomputing Applications PKI and CKM ® Scaling Study NCASSR Kick-off Meeting June 11-12, 2003 Jim Basney jbasney@ncsa.uiuc.edu http://www.ncsa.uiuc.edu/~jbasney/

2 National Center for Supercomputing Applications Project Summary Collaboration with InfoAssure, Inc. to assess scalability of PKI and CKM ® InfoAssure will provide DoD and Intelligence community requirements NCSA will perform an analytical and performance modeling study –Evaluate PKI and CKM ® management overhead Credential generation, distribution, revocation Trust management and risk mitigation –Evaluate system performance Using NCSA supercomputers to generate loads

3 National Center for Supercomputing Applications Research Relevance High costs of deploying and managing PKIs discourages adoption Poor usability results in high support costs and decreased productivity –Difficulty obtaining and renewing credentials –Lost or compromised credentials –Forgotten passphrases –Confusing authentication errors Scalable PKI requires scalable processes and procedures –Automate processes whenever possible –Eliminate common usability issues with better system design

4 National Center for Supercomputing Applications Research Relevance Establishing inter-organizational trust is hard –Conflicting requirements and trust models Identity verification Key management Authentication methods –Technology conflicts Incompatible certificates, protocols, algorithms Traditional solutions –Audits –Insurance –Contracts with penalties Support for alternative trust models can help

5 National Center for Supercomputing Applications PKI Trust Models CA based –Hierarchical (shared root CA) –Cross-certification (may be asymmetric) Relying party based –Local list of trusted CAs –Web browser model Fully distributed (PGP “web of trust”) –Individuals sign keys rather than CAs –Good fit for ad-hoc communities Federated trust –User establishes binding between credentials Third-party authorization services –X.509 Attribute Authorities –SAML/XACML/XrML Authorities Credential wallets –Universal acceptance of a single credential is unlikely –Issue different credentials for different purposes, stored in user’s “wallet” –Negotiation protocols choose credential

6 National Center for Supercomputing Applications Project Milestones 1 st Quarter –Complete initial CKM ® training –Establish PKI and CKM ® evaluation infrastructure 2 nd Quarter –Review requirements provided by InfoAssure –Begin PKI modeling and evaluation 3 rd Quarter –Complete PKI modeling and evaluation –Begin CKM ® modeling and evaluation 4 th Quarter –Complete CKM ® modeling and evaluation –Deliver final report

7 National Center for Supercomputing Applications Project Team NCSA Grid and Security Technologies staff –Jim Basney, Project Lead –Senior Security Engineer (to be hired) –Rafael Bonilla, Security Engineer –Adam Slagell, Security Engineer Related Activities –MyProxy Online Credential Repository project –Global Grid Forum working groups Authorization Frameworks and Mechanisms CA Operations OGSA Security –NCSA Grid PKI Activities (TeraGrid) –Other NCASSR projects

Download ppt "National Center for Supercomputing Applications PKI and CKM ® Scaling Study NCASSR Kick-off Meeting June 11-12, 2003 Jim Basney"

Similar presentations

MyProxy Jim Basney Senior Research Scientist NCSA

MyProxy Jim Basney Senior Research Scientist NCSA
Experiences with Massive PKI Deployment and Usage Daniel Kouřil, Michal Procházka Masaryk University & CESNET Security and Protection of Information 2009.

Experiences with Massive PKI Deployment and Usage Daniel Kouřil, Michal Procházka Masaryk University & CESNET Security and Protection of Information 2009.
Policy Based Dynamic Negotiation for Grid Services Authorization Infolunch, L3S Research Center Hannover, 29 th Jun. 2005 Ionut Constandache Daniel Olmedilla.

Policy Based Dynamic Negotiation for Grid Services Authorization Infolunch, L3S Research Center Hannover, 29 th Jun Ionut Constandache Daniel Olmedilla.
MyProxy: A Multi-Purpose Grid Authentication Service

MyProxy: A Multi-Purpose Grid Authentication Service
Certificates Last Updated: Aug 29, 2013. A certificate was originally created to bind a subject to the subject’s public key Intended to solve the key.

Certificates Last Updated: Aug 29, A certificate was originally created to bind a subject to the subject’s public key Intended to solve the key.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Geneva, Switzerland, 2 June 2014 Introduction to public-key infrastructure (PKI) Erik Andersen, Q.11 Rapporteur, ITU-T Study Group 17 ITU Workshop.

Geneva, Switzerland, 2 June 2014 Introduction to public-key infrastructure (PKI) Erik Andersen, Q.11 Rapporteur, ITU-T Study Group 17 ITU Workshop.
Lecture 23 Internet Authentication Applications

Lecture 23 Internet Authentication Applications
Jim Basney GSI Credential Management with MyProxy GGF8 Production Grid Management RG Workshop June.

Jim Basney GSI Credential Management with MyProxy GGF8 Production Grid Management RG Workshop June.
Grid Security. Typical Grid Scenario Users Resources.

Grid Security. Typical Grid Scenario Users Resources.
Authentication Cristian Solano. Cryptography is the science of using mathematics to encrypt and decrypt data. Public Key Cryptography –Problems with key.

Authentication Cristian Solano. Cryptography is the science of using mathematics to encrypt and decrypt data. Public Key Cryptography –Problems with key.
1/13/05NCASSR PNNL Visit1 Security Tools Area Overview, Credential Management Services, and the PKI Testbed Jim Basney Senior Research Scientist

1/13/05NCASSR PNNL Visit1 Security Tools Area Overview, Credential Management Services, and the PKI Testbed Jim Basney Senior Research Scientist
6/1/20151 Digital Signature and Public Key Infrastructure Course:COSC513-01 Instructor:Professor Anvari Student ID:106845 Name:Xin Wen Date:11/25/00.

6/1/20151 Digital Signature and Public Key Infrastructure Course:COSC Instructor:Professor Anvari Student ID: Name:Xin Wen Date:11/25/00.
EuroCAMP Ljubljana, 3-5 March 2006 TERENA Server Certificate Service Towards the large-scale use of affordable popup-free server certificates for the European.

EuroCAMP Ljubljana, 3-5 March 2006 TERENA Server Certificate Service Towards the large-scale use of affordable popup-free server certificates for the European.
Assuring e-Trust always www.certiver.com 1 Guaranteeing Electronic Trust at all times.

Assuring e-Trust always 1 Guaranteeing Electronic Trust at all times.
National Center for Supercomputing Applications Integrating MyProxy with Site Authentication Jim Basney Senior Research Scientist National Center for Supercomputing.

National Center for Supercomputing Applications Integrating MyProxy with Site Authentication Jim Basney Senior Research Scientist National Center for Supercomputing.
Kerberos and PKI Cooperation Daniel Kouřil, Luděk Matyska, Michal Procházka Masaryk University AFS & Kerberos Best Practices Workshop 2006.

Kerberos and PKI Cooperation Daniel Kouřil, Luděk Matyska, Michal Procházka Masaryk University AFS & Kerberos Best Practices Workshop 2006.
National Center for Supercomputing Applications MyProxy and GSISSH Update Von Welch National Center for Supercomputing Applications University of Illinois.

National Center for Supercomputing Applications MyProxy and GSISSH Update Von Welch National Center for Supercomputing Applications University of Illinois.
Deploying the TeraGrid PKI Grid Forum Korea Winter Workshop December 1, 2003 Jim Basney Senior Research Scientist National Center for Supercomputing Applications.

Deploying the TeraGrid PKI Grid Forum Korea Winter Workshop December 1, 2003 Jim Basney Senior Research Scientist National Center for Supercomputing Applications.
Figure 1: SDR / MExE Download Framework SDR Framework Network Server Gateway MExE Download + Verification Using MExE Repository (Java sandbox) MExE Applet.

Figure 1: SDR / MExE Download Framework SDR Framework Network Server Gateway MExE Download + Verification Using MExE Repository (Java sandbox) MExE Applet.

Similar presentations

Ads by Google