Presentation is loading. Please wait.

Presentation is loading. Please wait.

PKIX BASED CERTIFICATION INFRASTRUCTURE IMPLEMENTATION ADAPTED TO NON PERSONAL END ENTITIES Jacob E., Liberal F., Unzilla J. {jtpjatae, jtplimaf,

Published byJonathan Rodgers Modified over 10 years ago

Similar presentations

Presentation on theme: "PKIX BASED CERTIFICATION INFRASTRUCTURE IMPLEMENTATION ADAPTED TO NON PERSONAL END ENTITIES Jacob E., Liberal F., Unzilla J. {jtpjatae, jtplimaf,"— Presentation transcript:

1

2 PKIX BASED CERTIFICATION INFRASTRUCTURE IMPLEMENTATION ADAPTED TO NON PERSONAL END ENTITIES Jacob E., Liberal F., Unzilla J. {jtpjatae, jtplimaf, jtpungaj}@bi.ehu.es Department of Electronics and Telecommunications Faculty of Engineering University of the Basque Country Bilbao (Spain) http://det.bi.ehu.es/git

3 2 SUMMARY INTRODUCTION MAIN GOALS IMPLEMENTATION STATUS OF THE PROJECT SYSTEM ARCHITECTURE WAY OF OPERATION FUTURE WORK

4 3 Introduction Need to set trust agents => PKI: certification services Background: Oriented to end users => www Inflexibility, interface-processing dependence Lack of interoperability Results => PKIs have been replaced by other systems: ssh, PGP, home made SSL Proposed system PKIX Automate standard interfaces Specific application scope

5 4 Main Goals Speed up procedures Guarantee scalability/interoperability Make services more flexible Ease users access Provide mechanisms for new services Develop a fully-functional PKI system

6 5 General Architecture RA RA CA CRLs & CERTIFICATES REPOSITORY END ENTITY (EE) REGISTER EEs AUTHENTICATE FORWARD REQUESTS REGISTER RAs OPERATIONS WITH CERTs

7 6 COMMANDS ANSWERS ACKs Administrative Data Way of operation: Registration I RA OPERATOR RA CERT. TYPES Password ID NEW USER

8 7 Way of operation: Registration I.a

9 8 Way of Operation: Registration II End User OPERATIONS WITH CERTIFICATES CHECK CERTIFICATES SECURE CONNECTIONS MANAGEMENT DOWNLOAD CERTIFICATES OPERATIONS WITH CERTIFICATES GENERAL FUNCTIONS (CERTIFICATES MANAGEMENT) ID CMP PASS Registration Authority

10 9 Entidad Registro ID CMP PASS ID PASS ADMINISTRATIVE DATA ADMINISTRATIVE DATA Way of Operation: Registration II.a

11 10 Registration Authority ID CMP PASS ID CMP PRE- REQUESTS PRE- REQUESTS ID CMP P SEND TO CAS ID CMP RA CA Way of Operation: Registration II.b

12 11 Certification Authority ID CMP AUTHORIZED RAs CERTIFICATES CMP SEND BACK TO RA STORE IN REPOSITORY RA CA REPOSITORY Way of Operation: Registration III

13 12 Implementation Linux O.S. Daemon servers in C language Pthreads (Posix threads) MySQL DBMS cryptlib © cryptographic library OpenLDAP

14 13 SERVING THREADS REQUESTS Implementation: RA

15 14 DEBUG LOG #DEBUG1: Debug thread created #DEBUG1: Creating CMPSpareServer 0, line 166 #DEBUG3: Adding node to general list #DEBUG3: Adding node to idle list #DEBUG3: Number of CMP threads created: 1 #DEBUG3: Number of CMP threads idle: 1 #DEBUG3: Adding node to general list #DEBUG3: Adding node to idle list #DEBUG3: Number of CMP threads created: 2 #DEBUG3: Number of CMP threads idle: 2 #DEBUG1: Creating CMPSpareServer 1, line 166 #DEBUG1: Creating OCSPSpareServer 0 #DEBUG3: Adding node to general list #DEBUG3: Adding node to idle list #DEBUG3: Number of OCSP threads created: 1 #DEBUG3: Number of OCSP threads idle: 1 #DEBUG1: Creating OCSPSpareServer 1 #DEBUG3: Adding node to general list #DEBUG3: Adding node to idle list #DEBUG3: Number of OCSP threads created: 2 Implementation: RA II

16 15 Implementation: CA AUTOMATED OPERATION!!

17 16 Status of the project 10.000 C code lines Functional system integrating RA and CA in one RA server, operator and administrator clients and Java© front-ends cryptlib © library Advantages: Ease of use due to standarized interfaces (cryptSetAttribute(), CRYPT_CERTIFICATE, CRYPT_SESSION...) Development period short Disadvantages: Very high-level interface : Development period longer for specific projects Lack of low-level documentation=> ~reverse engineering, bootstrapping. Network support MySQL support

18 17 Future work Adapt PSE access modules to hardware devices, such as smartcards, crypto-tokens… Integration with other certifications systems like PGP. Inclusion of attribute certificates. Development of Windows© family client libraries. Integration of certificate services. A real application?

Download ppt "PKIX BASED CERTIFICATION INFRASTRUCTURE IMPLEMENTATION ADAPTED TO NON PERSONAL END ENTITIES Jacob E., Liberal F., Unzilla J. {jtpjatae, jtplimaf,"

Similar presentations

1 MiRo: A Virtual Private Network For Telehealth Services ROBERTO DI ROSA, MIRCO STURARI, ALDO FRANCO DRAGONI*, GIUSEPPE GIAMPIERI** *DEIT, Dipartimento.

1 MiRo: A Virtual Private Network For Telehealth Services ROBERTO DI ROSA, MIRCO STURARI, ALDO FRANCO DRAGONI*, GIUSEPPE GIAMPIERI** *DEIT, Dipartimento.
What’s New in Fireware XTM

What’s New in Fireware XTM
Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.
Using PHINMS and Web-Services for Interoperability The findings and conclusions in this presentation are those of the author and do not necessarily represent.

Using PHINMS and Web-Services for Interoperability The findings and conclusions in this presentation are those of the author and do not necessarily represent.
Chapter 1: The Database Environment

Chapter 1: The Database Environment
Lousy Introduction into SWITCHaai

Lousy Introduction into SWITCHaai
© UNCTAD 2000 1 End. © UNCTAD 2000 2 End Direct Trader Input A short description of how Direct Trader Input ( DTI) is implemented using the ASYCUDA ++

© UNCTAD End. © UNCTAD End Direct Trader Input A short description of how Direct Trader Input ( DTI) is implemented using the ASYCUDA ++
New Security Services Based on PKI

New Security Services Based on PKI
MyProxy Jim Basney Senior Research Scientist NCSA

MyProxy Jim Basney Senior Research Scientist NCSA
What's a Proxy Printer Provider? PWG WIMS-CIM Working Group Rick Landau Dell, CTO Office 2008/07/15 v0.1.

What's a Proxy Printer Provider? PWG WIMS-CIM Working Group Rick Landau Dell, CTO Office 2008/07/15 v0.1.
© Copyright 1998-2001 International Telecommunication Union (ITU). All Rights Reserved page - 1 Alexander NTOKO Project Manager, ITU Electronic Commerce.

© Copyright International Telecommunication Union (ITU). All Rights Reserved page - 1 Alexander NTOKO Project Manager, ITU Electronic Commerce.
1 Copyright © 2005, Oracle. All rights reserved. Introduction.

1 Copyright © 2005, Oracle. All rights reserved. Introduction.
17 March 2010 Workshop on Efficient and Effective eGovernment FASTeTEN : a Flexible Technology in Different European Administrative Contexts

17 March 2010 Workshop on Efficient and Effective eGovernment FASTeTEN : a Flexible Technology in Different European Administrative Contexts
1 ABCs of PKI TAG Presentation 18 th May 2004 Paul Butler.

1 ABCs of PKI TAG Presentation 18 th May 2004 Paul Butler.
0 - 0.

0 - 0.
Experiences with Massive PKI Deployment and Usage Daniel Kouřil, Michal Procházka Masaryk University & CESNET Security and Protection of Information 2009.

Experiences with Massive PKI Deployment and Usage Daniel Kouřil, Michal Procházka Masaryk University & CESNET Security and Protection of Information 2009.
INTRODUCTION TO SIMULATION WITH OMNET++ José Daniel García Sánchez ARCOS Group – University Carlos III of Madrid.

INTRODUCTION TO SIMULATION WITH OMNET++ José Daniel García Sánchez ARCOS Group – University Carlos III of Madrid.
ICS 434 Advanced Database Systems

ICS 434 Advanced Database Systems
Addition 1’s to 20.

Addition 1’s to 20.
Test B, 100 Subtraction Facts

Test B, 100 Subtraction Facts

Similar presentations

Ads by Google