Presentation is loading. Please wait.

Presentation is loading. Please wait.

VNF Package Integrity and Authenticity – Public key based

Published byAdam Hancock Modified over 6 years ago

Similar presentations

Presentation on theme: "VNF Package Integrity and Authenticity – Public key based"— Presentation transcript:

1 VNF Package Integrity and Authenticity – Public key based
Manifest file Option 1: Manifest file - based if there are both local and external artifacts A Digest hash per each artifact Manifest file is signed with VNF provider private key VNF provider’s certificate includes a VNF provider public key The certificate may be a separate artifact or included in the signature container, e.g. CMS Option 2: CSAR-based if all artifacts are located inside a CSAR CSAR file is digitally signed with the VNF provider private key VNF provider delivers one zip file containing a CSAR file, a signature file and a certificate file that includes a VNF provider public key Note: Both options rely on existence in the NFVO of a root certificate of a trusted certificate authority, delivered via a trusted channel separately from a VNF package VNF Package metadata Artifact 1 Path/URI Hash Artifact N Path/URI Hash Manifest file Signature Signing Certificate Signing Certificate VNF Package.zip VNFPackage.csar VNFPackage.csar VNFPackage.csar Signature or VNFPackage.csar Signature Signing Certificate Signing Certificate

2 VNF Package Manifest File with security support
metadata: vnf_product_name: vMRF-1-0-0 vnf_provider_id: Acme vnf_package_version: 1.0 vnf_release_data_time: T10:00+03:00 Source: MRF.yaml Algorithm: SHA-256 Hash: 09e5a788acb180162c51679ae4c998039fa db2415e35107d1ee213943 Source: scripts/install.sh Hash: d0e a07c2dccaaa765c80b507e60e c950dc2e6b0da0dbd8b Source: Hash: 36f aca2701b114b068c71bd8c95ceb c -----BEGIN CMS----- MIGDBgsqhkiG9w0BCRABCaB0MHICAQAwDQYLKoZIhvcNAQkQAwgwXgYJKoZIhvcN AQcBoFEET3icc87PK0nNK9ENqSxItVIoSa0o0S/ISczMs1ZIzkgsKk4tsQ0N1nUM dvb05OXi5XLPLEtViMwvLVLwSE0sKlFIVHAqSk3MBkkBAJv0Fx0= -----END CMS----- A list of blocks each is related to one file in the VNF package, including Source: artifact URI Algorithm: name of an algorithm used to generate the hash Hash: text string corresponding to the hexadecimal representation of the hash Manifest file itself is protected by a Manifest file Signature

3 Individual Artifacts Authenticity and Integrity
VNF provider sign individual artifacts adding a signature file in standard format (e.g. CMS, PKCS#7) A certificate file with extension .cert accompany the signed artifact The signature and certificate files have the same name and location as the signed artifact If the signature format allows it, the certificate may be included in the signature file ! Artifacts !----- install.sh !----- images !----- MRF.img !----- MRF.cert !----- MRF.cms

4 Encrypting Security Sensitive Artifacts
A public key is provided by the party who is responsible to either on-board the package or use the artifact User Asymmetric encryption: VNF provider uses the user public key to encrypt the security sensitive artifact A consumer of the artifact then decrypts the artifact with its own private key Symmetric encryption - hybrid: The artifact is encrypted with the VNF provider key shared with the consumer in encrypted form (a user key is used for encryption) A consumer of the artifact decrypts the shared key with its own private key and then uses the obtained shared key to decrypt the artifact The encrypted artifact is delivered in a CMS file, with all info needed to decrypt it: algorithm used for artifact encryption, encrypted key used for artifact encryption and algorithm used to encrypt the key. VNF Provider Artifact Encrypted Artifact User VNF Provider Artifact Key Encrypted Artifact CMS file

Download ppt "VNF Package Integrity and Authenticity – Public key based"

Similar presentations

Public Key Infrastructure and Applications

Public Key Infrastructure and Applications
Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.
Public Key Infrastructure Alex Bardas. What is Cryptography ? Cryptography is a mathematical method of protecting information –Cryptography is part of,

Public Key Infrastructure Alex Bardas. What is Cryptography ? Cryptography is a mathematical method of protecting information –Cryptography is part of,
LAB#2 JAVA SECURITY OVERVIEW Prepared by: I.Raniah Alghamdi.

LAB#2 JAVA SECURITY OVERVIEW Prepared by: I.Raniah Alghamdi.
BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.

BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.
Chapter Extension 23 SSL/TLS and //https © 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke.

Chapter Extension 23 SSL/TLS and //https © 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke.
Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.

Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.
Introduction to Public Key Infrastructure (PKI) Office of Information Security The University of Texas at Brownsville & Texas Southmost College.

Introduction to Public Key Infrastructure (PKI) Office of Information Security The University of Texas at Brownsville & Texas Southmost College.
Encryption Methods By: Michael A. Scott 20140508.

Encryption Methods By: Michael A. Scott
Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.

Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.
Digital Signature Xiaoyan Guo/102587 Xiaohang Luo/104446.

Digital Signature Xiaoyan Guo/ Xiaohang Luo/
INTRODUCTION Why Signatures? A uthenticates who created a document Adds formality and finality In many cases, required by law or rule Digital Signatures.

INTRODUCTION Why Signatures? A uthenticates who created a document Adds formality and finality In many cases, required by law or rule Digital Signatures.
Secure Systems Research Group - FAU Patterns for Digital Signature using hashing Presented by Keiko Hashizume.

Secure Systems Research Group - FAU Patterns for Digital Signature using hashing Presented by Keiko Hashizume.
31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.

31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
AQA Computing A2 © Nelson Thornes 2009 Section 6.4 1 Unit 3 Section 6.4: Internet Security Digital Signatures and Certificates.

AQA Computing A2 © Nelson Thornes 2009 Section Unit 3 Section 6.4: Internet Security Digital Signatures and Certificates.
1 Web Security Web now widely used by business, government, individuals but Internet & Web are vulnerable have a variety of threats –integrity –confidentiality.

1 Web Security Web now widely used by business, government, individuals but Internet & Web are vulnerable have a variety of threats –integrity –confidentiality.
_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications1.

_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications1.
Cryptography, Authentication and Digital Signatures

Cryptography, Authentication and Digital Signatures
4 th lecture.  Message to be encrypted: HELLO  Key: XMCKL H E L L O message 7 (H) 4 (E) 11 (L) 11 (L) 14 (O) message + 23 (X) 12 (M) 2 (C) 10 (K) 11.

4 th lecture.  Message to be encrypted: HELLO  Key: XMCKL H E L L O message 7 (H) 4 (E) 11 (L) 11 (L) 14 (O) message + 23 (X) 12 (M) 2 (C) 10 (K) 11.
Digital Envelopes, Secure Socket Layer and Digital Certificates By: Anthony and James.

Digital Envelopes, Secure Socket Layer and Digital Certificates By: Anthony and James.

Similar presentations

Ads by Google