MD-Grid CA Valentin Pocotilenco RENAM Association

Slides:



Advertisements
Similar presentations
Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.
Advertisements

Academia Sinica Grid Computing Certification Authority (ASGCCA) Yuan, Tein Horng Academia Sinica Computing Centre 13 June 2003.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Identity Standards (Federal Bridge Certification Authority – Certificate Lifecycle) Oct,
PKI Activities at Virginia January 2004 CSG Meeting Jim Jokl.
16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
1 REUNA Certificate Authority Juan Carlos Martínez REUNA Chile Rio de Janeiro,27/03/2006, F2F meeting, TAGPMA.
Copyright, 1996 © Dale Carnegie & Associates, Inc. Digital Certificates Presented by Sunit Chauhan.
Deploying a Certification Authority for Networks Security Prof. Dr. VICTOR-VALERIU PATRICIU Cdor.Prof. Dr. AUREL SERB Computer Engineering Department Military.
NECTEC-GOC CA APGrid PMA face-to-face meeting. October, Sornthep Vannarat National Electronics and Computer Technology Center, Thailand.
National Institute of Advanced Industrial Science and Technology Self-audit report of AIST GRID CA Yoshio Tanaka Information.
DataGrid WP6 CA meeting, CERN, 12 December 2002 IISAS Certification Authority Jan Astalos Department of Parallel and Distributed Computing Institute of.
SECURITY MANAGEMENT Key Management in the case of public-key cryptosystems, we assumed that a sender of a message had the public key of the receiver at.
Certificate-Based Operations. Module Objectives By the end of this module participants will be able to: Define how cryptography is used to secure information.
March 27, 2006TAGPMA - Rio de Janeiro1 Short Lived Credential Services Profile Tony J. Genovese The Americas Grid PMA DOEGridsATF/ESnet/LBNL.
National Institute of Advanced Industrial Science and Technology Brief status report of AIST GRID CA APGridPMA Singapore September 16 Yoshio.
Module 9: Fundamentals of Securing Network Communication.
NECTEC-GOC CA Self Audit 7 th APGrid PMA Face-to-Face meeting March 8 th, 2010 Large-Scale Simulation Research Laboratory Sornthep Vannarat Large-Scale.
RENAM – current state and development program Research and Educational Networking Association of Moldova TERENA Networking Conference 2005 “The World.
IHEP Grid CA Status Report Wei F2F Meeting 8 Mar Computing Centre, IHEP,CAS,China.
User Certificate Application: ASGCCA. Agenda Introduction ASGCCA User Responsibilities Certificate application form RA verify identity of users User generate.
UNAMgrid Alejandro Núñez Sandoval Rio de Janeiro, Brazil, 03/27/06 F2F meeting, TAGPMA.
KISTI Grid CA Status Report Korea Institute of Science and Technology Information Sangwan Kim Jae-Hyuck Kwan
Academia Sinica Grid Computing Certification Authority (ASGCCA)
Academia Sinica Grid Computing Certification Authority (ASGCCA) Academia Sinica Computing Centre.
IST E-infrastructure shared between Europe and Latin America ULAGrid Certification Authority Vanessa Hamar Universidad de Los.
Who’s watching your network The Certificate Authority In a Public Key Infrastructure, the CA component is responsible for issuing certificates. A certificate.
Security fundamentals Topic 5 Using a Public Key Infrastructure.
Academia Sinica Grid Computing Certification Authority (ASGCCA) Academia Sinica Computing Centre.
KEK GRID CA updates Takashi Sasaki Computing Research Center KEK.
NECTEC-GOC CA The 3 rd APGrid PMA face-to-face meeting. June, Suriya U-ruekolan National Electronics and Computer Technology Center, Thailand.
UC2007 National Grid Initiative MD-Grid Starting point and perspectives Acad. Andrei Andrieş General Director of RENAM 1 st RENAM UC – 2007 National Research.
1 Certification Issue : how do we confidently know the public key of a given user? Authentication : a process for confirming or refuting a claim of identity.
8-Mar-01D.P.Kelsey, Certificates, WP6, Amsterdam1 WP6: Certificates for DataGrid Testbeds David Kelsey CLRC/RAL, UK
Egypt Certification Authority Dr. Ayman Bahaa-Eldin EUN Director 8 May th EuGridPMA meeting, Germany.
X509 Web Authentication From the perspective of security or An Introduction to Certificates.
QuoVadis accreditation with EuGridPMA Alessandro Usai
GRID-FR French CA Alice de Bignicourt.
Co-ordination & Harmonisation of Advanced e-Infrastructures for Research and Education Data Sharing Research Infrastructures Grant Agreement n
Academia Sinica Grid Computing Certification Authority F2F interview (Malaysia )
UGRID CA Self-audit report Sergii Stirenko 21 st EUGRIDPMA Meeting Utrecht 24 January 2011.
Armenian e-Science Foundation Certification Authority Ara A. Grigoryan 1,2, Artem Harutyunyan 1,2,3, Arsen Hayrapetyan 1,2,4 1 Armenian e-Science Foundation;
TNGrid CA 24 th EUGridPMA meeting Ljubljana, Slovenia, January, 2012 Heithem ABBES Mohamed JEMNI
H I A S T HIAST GRID CA 21 th EUGridPMA meeting Utrecht, January, 2011 Ghassan SABA Houssam ABED
IRAN-GRID Certificate Authority 13 th EUgridPMA Meeting Copenhagen May 2008 Majid Arabgol Hessamdding Arfaei Shahin Rouhani
Digital Certificates Presented by: Matt Weaver. What is a digital certificate? Trusted ID cards in electronic format that bind to a public key; ex. Drivers.
IRAN-GRID CA Self Audit IRAN-GRID CA Self Audit Report Shahin Rouhani IRAN-GRID Tehran Iran Shahin Rouhani Grid Computation Group IPM, Tehran, Iran May.
Key management issues in PGP
Public Key Infrastructure (PKI)
UGRID CA Sergii Stirenko, Oleg Alienin
Cryptography and Network Security
Information Security message M one-way hash fingerprint f = H(M)
Authentication Applications
Organized by governmental sector (National Institute of information )
THE STEPS TO MANAGE THE GRID
Information Security message M one-way hash fingerprint f = H(M)
Information Security message M one-way hash fingerprint f = H(M)
کاربرد گواهی الکترونیکی در سیستمهای کاربردی (امضای دیجیتال)
Public-Key Certificates
Information Security message M one-way hash fingerprint f = H(M)
Digital Certificates and X.509
The Secure Sockets Layer (SSL) Protocol
MaGrid CA Self audit and update
Fed/ED December 2007 Jim Jokl University of Virginia
NATIONAL CENTRE FOR PHYSICS PK-Grid-CA
WEQ-012 PKI Overview March 19, 2019
PKI (Public Key Infrastructure)
Bill Yau HKU Grid Certificate Authority (HKU Grid CA) Self Audit & Status Report Bill Yau
BG.ACAD CA Self-audit report 2018
National Trust Platform
Presentation transcript:

MD-Grid CA Valentin Pocotilenco RENAM Association

About RENAM RENAM (Research and Educational Networking Association of Moldova) Was founded and registered by the Ministry of Justice of the Republic of Moldova in June 1999 under registration no Is a republican association with unlimited term of existence and develops its activities on the whole territory of Republic of Moldova, with the right to establish its branches both in the Republic and abroad. The aim of the Association is to establish and develop computer network and information services on a modern level mostly in higher and secondary education, research institutions, libraries and public collections. Web site:

RENAM organization The RENAM Council consists of well-known scientists of Moldova, scientific administrators, information systems and networking specialists, which represents the Academy of Sciences of Moldova, Universities of Moldova, and other scientific and educational institutions. Administrative and technical support of the network operation is organized within RENAM by RENAM Executive managers and Network Operating Center (NOC). The functions of NOC are deal with RENAM network associated projects elaboration and realization, network infrastructure maintenance, technical assistance and users support. Web site:

RENAM network structure RENAM Association has built and permanently develops its own networking infrastructure that allowed creating 12 communication nodes in two main cities – Chisinau and Balti. 23 Institutes of Academy of Sciences, 10 leading Universities of Moldova, more than 10 colleges, 3 hospitals and some governmental establishments are connected now to RENAM infrastructure ( RENAM network provides connectivity to about 5000 scientists and professors (75% of all researchers), 1000 Ph.D. students and more than university and colleges students (85% of all students). RENAM infrastructure provides services to the universities and organizations placed in other localities of Moldova. The network node was realized in Balti State University, which joins also four technical colleges from Balti City.

RENAM goals The main goal of RENAM network consists in continuous development of a modern electronic communication infrastructure capable to connect all research, educational, medical and cultural institutions from Moldova, and to provide them with Internet access services. Another aim of RENAM consists in continuous and active participation in the work of international computer network organizations. Organize seminar and training events to help develop and use NREN infrastructure Create a National Grid Initiative of Moldova (NGI)

RENAM NGI MD-Grid - National Grid Initiative of Moldova was officially inaugurated on the plenary session “National Grid Initiative MD-Grid: presentation and inauguration” of RENAM Users Conference – 2007 on May, after receiving approval letters from Ministry of Information Development of Moldova and the Academy of Sciences of Moldova. The MD-Grid NGI Consortium governed by RENAM as its Coordinating NREN joins 6 research, education and industry institutions that expressed their intent to participate in the processes of National Grid Infrastructure building and using: Research and Educational Networking Association of Moldova Institute of Mathematics and Computer Science of the Academy of Sciences of Moldova Faculty of Radioelectronics and Telecommunications of the Technical University of Moldova Institute of Geology and Seismology of the Academy of Sciences of Moldova State Hydrometeorological Service School of Public Health, State Medical and Pharmaceutical University “N.Testemitanu”.

RENAM involvement SEE-GRID II - SEE-GRID SCI -

MD-Grid CA Used documents: –RomanianGRID CP/CPS –TR-Grid CP/CPS –BG.ACAD CP/CPS –MREN CA CP/CPS Our request to IANA is pending and I suppose we will obtain the OID in a few weeks. Date: March 3-rd 2008

MD-Grid CA Naming Issuer: C=MD, O=RENAM, CN=MD-Grid-CA Subject: C=MD, O=RENAM, OU=XXX, CN=Subject-name [C] Country = MD [O] Organization = RENAM [OU] Organization Unit = Name of the institution [CN] Common Name = Name and surname of the person for the personal certificate, DNS name for host or service certificate (In the last case the DNS FQDN may be prefixed by the value 'host' or the service name separated with a '/' from the DNS FQDN).

MD-Grid CA The values of extensions in case of CA certificate are following: –X509v3 Basic Constraints: critical CA:TRUE –X509v3 Key Usage: critical Certificate Sign, CRL Sign –X509v3 Subject Key Identifier: –X509v3 Authority Key Identifier: keyid: DirName:/C=MD/O=RENAM/CN=MD-Grid-CA serial: –X509v3 Issuer Alternative Name: –X509v3 Subject Alternative Name: –X509v3 CRL Distribution Points –Netscape Cert Type: SSL CA, S/MIME CA, Object Signing CA

MD-Grid CA The values of extensions in case of user certificates are following: –X509v3 Basic Constraints: critical CA:FALSE –X509v3 Key Usage: critical Digital Signature, Key Encipherment, Data Encipherment, Key Agreement, Non-Repuditation. –X509v3 Extended Key Usage: TLS Web Client Authentication, E- mail Protection –X509v3 Subject Key Identifier: –X509v3 Authority Key Identifier: keyid: DirName:/C=MD/O=RENAM/CN=MD-Grid-CA serial: –X509v3 Subject Alternative Name: –X509v3 Issuer Alternative Name: –X509v3 Certificates Policies: Policy: –X509v3 CRL Distribution Points –Netscape Cert Type: SSL Client, S/MIME, Object Signing

MD-Grid CA The values of extensions in case of host and service certificates are following: –X509v3 Basic Constraints: critical CA:FALSE –X509v3 Key Usage: critical Digital Signature, Key Encipherment, Data Encipherment, Key Agreement –X509v3 Extended Key Usage: TLS Web Server Authentication –X509v3 Subject Key Identifier: –X509v3 Authority Key Identifier: keyid: DirName:/C=MD/O=RENAM/CN=MD-Grid-CA serial: –X509v3 Issuer Alternative Name: –X509v3 Subject Alternative Name: DNS:FDQN –X509v3 Certificates Policies: Policy: –X509v3 CRL Distribution Points –Netscape Cert Type: SSL Server

MD-Grid CA –Certificate 1024 bit or 2048 bit encryption; 1 year. –Personal certificate personal contact; id-card, passport or driving license; –Server/Service certificate the host must have a valid DNS name; the administrator must already possess a valid personal MD Grid-CA Certificate; the administrator must provide a proof of his or her relation to the host itself.

MD-Grid CA –Certificate revocation list (CRL): max lifetime of the CRL: 30; issued at least 7 days before expiration; new CRL will be publish as soon as they are updated; –Circumstances for revocation: the CA is informed that the Subscriber has ceased to be a member of or associated with a MREN program or activity; the subscriber’s private key is lost or suspected to be compromised; the information in the Subscriber’s certificate is wrong or inaccurate, or suspected to be wrong or inaccurate; the subscriber violates his/her obligations; the subscriber does not need the certificate any more.

MD-Grid CA – Types of events recorded: certification requests; issued certificates; requests for revocation; issued CRLs; login/logout/reboot of the signing machine. –Each RA must keep log of the following: for each approved request, how it was approved; for each rejected request, why it was rejected; for each approved revocation request, the reason for revocation; for each rejected revocation request, the reason for revocation and the reason the request was rejected.

MD-Grid CA Types of records archived –The following data and files are recorded and archived by the CA: certification requests; issued certificates; requests for revocation; issued CRLs; all messages of correspondence between RA and CA. –Each RA must keep log of the following: for each approved request, how it was approved; for each rejected request, why it was rejected; for each approved revocation request, the reason for revocation; for each rejected revocation request, the reason for revocation and the reason the request was rejected.

MD-Grid CA Physical controls The MD-Grid CA will operate in a controlled and protected room located in Technical University of Moldova. At least one person employed by RENAM Association will always be present on premises 24 hours per day, 7 days per week. Physical access to the MD-Grid CA is restricted to authorized personnel only. Technical University of Moldova premises have a fire alarm system installed, secured access, provided by a particular organization and equipment is maintained in cooled rack’s.

Certification Authority Contact details Research and Educational Networking Association of Moldova 5, Academiei str. room 331. Chishinau, Moldova, Republic of. Phone: Phone: Fax: Fax: Valentin Pocotilenco

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.