Presentation is loading. Please wait.

Presentation is loading. Please wait.

NATIONAL CENTRE FOR PHYSICS PK-Grid-CA

Published byBennett Carpenter Modified over 5 years ago

Similar presentations

Presentation on theme: "NATIONAL CENTRE FOR PHYSICS PK-Grid-CA"— Presentation transcript:

1 NATIONAL CENTRE FOR PHYSICS PK-Grid-CA
Mehnaz Hafeez Usman Ahmad Malik Sajjad Asghar Advanced Scientific Computing National Centre for Physics

2 National Centre for Physics http://www.ncp.edu.pk
Introduction In 1976, 1st International Nathiagali Summer College was organized by Prof. Salam. It was his proposal that eventually this activity should be transformed into a Centre for Physics The Nucleating Centre was established in 1994. Finally in 1999, the Centre was established on Campus of Quaid-I-Azam University. 2/23/2019 National Centre for Physics

3 National Centre for Physics
NCP is funded by the Government of Pakistan. It is a National Centre, so we are open to all universities in Pakistan. The purpose of the Centre is to promote basic research in Physics and to break the scientific isolation of physicists of Pakistan. 2/23/2019 National Centre for Physics

4 National Centre for Physics
Prof. Riazuddin is the Director of NCP. We have: Board of Governors Scientific Council The Centre has established number of National and International Collaborations: Abdus Salam ICTP European Organization for Nuclear Research 2/23/2019 National Centre for Physics

5 National Centre for Physics
We organize Workshops, Conferences and Symposia. International Nathiagali Summer College International Bhurban Conference Workshop on Particle Physics (March every year) Workshop on Advanced Scientific Computing (October every year) 2/23/2019 National Centre for Physics

6 National Centre for Physics
The Centre is visitor oriented like ICTP. Small permanent staff. Faculty members 06 Students 12 Support Staff 06 Flagship activity is research in High-Energy Physics, both theory and experiment. 2/23/2019 National Centre for Physics

7 National Centre for Physics
NCP – CERN Collaboration: Detector Simulation and Studies Detector Construction R&D related to Gaseous detectors Physics Data Analysis Computing for LHC More information: 2/23/2019 National Centre for Physics

8 National Centre for Physics http://www.ncp.edu.pk
PK-Grid-CA The PK-Grid-CA is established and managed by National Centre for Physics in Pakistan. It provides X.509 certificate to support the secure environment in grid related projects. 2/23/2019 National Centre for Physics

9 National Centre for Physics http://www.ncp.edu.pk
Procedural Security End Entity and Certificate Type Identification and Authentication Certificate Request Certificate Revocation Records Archival 2/23/2019 National Centre for Physics

10 End Entity and Certificate Type
End Entities NCP Working partners in Domestic/International Grid-based Application/Projects. Certificate Type User Certificate C=PK, O=NCP, O=People, OU=<UNIT>, CN=<FULL NAME>, =< ADDRESS> Host Certificate C=PK, O=NCP, O=Host, OU=<UNIT>, CN=<FQDN> 2/23/2019 National Centre for Physics

11 Identification and Authentication
User Certificate: The subject must personally contact the CA/RA staff in order to verify identity and the validity of the request. The subject authentication is performed through the presentation of a valid official identification document: passport; national identity card. Host Certificate: Requests must be signed with the personal PK-Grid-CA certificate. 2/23/2019 National Centre for Physics

12 National Centre for Physics http://www.ncp.edu.pk
Certificate Request On-line Request The subject can request for a host or user certificate on-line at Off-Line Request The subject can generate his key pair on his machine through OpenSSL commands. The subject has to send his public key through an encrypted at 2/23/2019 National Centre for Physics

13 Certificate Revocation
The subject of the certificate has ceased his relation with the PK- Grid projects. The subject does not require the certificate any more The private key has been lost or is suspected to be compromised. The information in the certificate is wrong or inaccurate. The system to which the certificate has been issued has been retired. The subject has failed to comply with the rules of this policy. 2/23/2019 National Centre for Physics

14 Procedure for Revocation Request
The person requesting the revocation of certificate must authenticate himself by: Sending a signed to the PK-Grid-CA/RA If this is not possible the CA/RA must be contacted directly. Authentication can be performed with the same procedure used to authenticate the identity of person. 2/23/2019 National Centre for Physics

15 National Centre for Physics http://www.ncp.edu.pk
Records Archival PK-Grid-CA must record and archive All requests for certificates All issued certificates All requests for revocation All issued CRLs Boots and shutdowns of the equipment Interactive system logins All archive data is stored and backed-up in safekeeping. The retention period for archives is three years. 2/23/2019 National Centre for Physics

16 National Centre for Physics http://www.ncp.edu.pk
Physical Security The PK-Grid-CA issuing machine is: A dedicated machine. Not connected to any network. Located in a secure environment only accessible by PK-Grid-CA administrator. 2/23/2019 National Centre for Physics

17 National Centre for Physics http://www.ncp.edu.pk
Technical Security Key Generation Key Restriction Certificate Restriction CRL Policy 2/23/2019 National Centre for Physics

18 National Centre for Physics http://www.ncp.edu.pk
Key Generation Private key is generated by browsers on the users’ machine. CA and RA will never generate private key on user’s behalf. CA and RA have no access to the users’ private key. 2/23/2019 National Centre for Physics

19 National Centre for Physics http://www.ncp.edu.pk
Key Restriction Key Length PK-Grid-CA private key is 2048 bits. User private key must have 1024 bits. Host private key must has 1024 bits. Pass phrase The pass phrase of PK-Grid-CA’s private key is at least 15 characters. The pass phrase of end entity’s private key is at minimum 8 characters. Protecting the pass phrase from others. 2/23/2019 National Centre for Physics

20 Certificate Restriction
Certificate Lifetime for Validity of PK-Grid-CA certificate is five (5) years. User certificate is issued for one (1) year. Host certificate is issued for one (1) year. Certificate should not be shared. 2/23/2019 National Centre for Physics

21 Certificate Revocation List (CRL) Policy
The lifetime of CRL is 23 days. CRL is updated immediately after every certificate revocation. CRL is reissued 7 days before expiration even if there have been no revocations. 2/23/2019 National Centre for Physics

22 National Centre for Physics http://www.ncp.edu.pk
Related Information Homepage CP/CPS Latest version: Follows the RFC 2527 structure Available at: PK-Grid-CA certificate CRL 2/23/2019 National Centre for Physics

23 National Centre for Physics http://www.ncp.edu.pk
Contact Information Sajjad Asghar Phone: (+92-51) Fax: (+92-51) Address: National Centre for Physics, Quaid-I-Azam University, Islamabad – 45320, Pakistan. Usman Ahmad Malik 2/23/2019 National Centre for Physics

Download ppt "NATIONAL CENTRE FOR PHYSICS PK-Grid-CA"

Similar presentations

Experiences with Massive PKI Deployment and Usage Daniel Kouřil, Michal Procházka Masaryk University & CESNET Security and Protection of Information 2009.

Experiences with Massive PKI Deployment and Usage Daniel Kouřil, Michal Procházka Masaryk University & CESNET Security and Protection of Information 2009.
APGrid PMA Face-to-Face Meeting NCHC CA Weicheng Huang National Center for High-performance Computing April 8, 2008.

APGrid PMA Face-to-Face Meeting NCHC CA Weicheng Huang National Center for High-performance Computing April 8, 2008.
Grid Computing, B. Wilkinson, 20045a.1 Security Continued.

Grid Computing, B. Wilkinson, 20045a.1 Security Continued.
Academia Sinica Grid Computing Certification Authority (ASGCCA) Yuan, Tein Horng Academia Sinica Computing Centre 13 June 2003.

Academia Sinica Grid Computing Certification Authority (ASGCCA) Yuan, Tein Horng Academia Sinica Computing Centre 13 June 2003.
Grid Computing Basics From the perspective of security or An Introduction to Certificates.

Grid Computing Basics From the perspective of security or An Introduction to Certificates.
CNIC Grid CA/SDG CA Self Audit Kejun (Kevin) Dong Computer Network Information Center (CNIC) Chinese Academy of Sciences APGridPMA F2F.

CNIC Grid CA/SDG CA Self Audit Kejun (Kevin) Dong Computer Network Information Center (CNIC) Chinese Academy of Sciences APGridPMA F2F.
Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.

Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.
1 REUNA Certificate Authority Juan Carlos Martínez REUNA Chile Rio de Janeiro,27/03/2006, F2F meeting, TAGPMA.

1 REUNA Certificate Authority Juan Carlos Martínez REUNA Chile Rio de Janeiro,27/03/2006, F2F meeting, TAGPMA.
Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.

Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.
Summer School Certificates Diego Romano & Gilda Team.

Summer School Certificates Diego Romano & Gilda Team.
Computing Research Center, High Energy Accelerator Organization (KEK) KEK Grid CA Go Iwai The 2 nd APGrid PMA Meeting at Osaka Univ.

Computing Research Center, High Energy Accelerator Organization (KEK) KEK Grid CA Go Iwai The 2 nd APGrid PMA Meeting at Osaka Univ.
NECTEC-GOC CA APGrid PMA face-to-face meeting. October, 15 2006 Sornthep Vannarat National Electronics and Computer Technology Center, Thailand.

NECTEC-GOC CA APGrid PMA face-to-face meeting. October, Sornthep Vannarat National Electronics and Computer Technology Center, Thailand.
Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®

Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®
National Institute of Advanced Industrial Science and Technology Self-audit report of AIST GRID CA Yoshio Tanaka Information.

National Institute of Advanced Industrial Science and Technology Self-audit report of AIST GRID CA Yoshio Tanaka Information.
DataGrid WP6 CA meeting, CERN, 12 December 2002 IISAS Certification Authority Jan Astalos Department of Parallel and Distributed Computing Institute of.

DataGrid WP6 CA meeting, CERN, 12 December 2002 IISAS Certification Authority Jan Astalos Department of Parallel and Distributed Computing Institute of.
SECURITY MANAGEMENT Key Management in the case of public-key cryptosystems, we assumed that a sender of a message had the public key of the receiver at.

SECURITY MANAGEMENT Key Management in the case of public-key cryptosystems, we assumed that a sender of a message had the public key of the receiver at.
March 27, 2006TAGPMA - Rio de Janeiro1 Short Lived Credential Services Profile Tony J. Genovese The Americas Grid PMA DOEGridsATF/ESnet/LBNL.

March 27, 2006TAGPMA - Rio de Janeiro1 Short Lived Credential Services Profile Tony J. Genovese The Americas Grid PMA DOEGridsATF/ESnet/LBNL.
National Institute of Advanced Industrial Science and Technology Brief status report of AIST GRID CA APGridPMA Singapore September 16 Yoshio.

National Institute of Advanced Industrial Science and Technology Brief status report of AIST GRID CA APGridPMA Singapore September 16 Yoshio.
T. Basaglia, Group Meeting, 08.02.2005 Connecting Portable Computers to the CERN Network Why register? Who is concerned? What should be registered? How.

T. Basaglia, Group Meeting, Connecting Portable Computers to the CERN Network Why register? Who is concerned? What should be registered? How.
NECTEC-GOC CA Self Audit 7 th APGrid PMA Face-to-Face meeting March 8 th, 2010 Large-Scale Simulation Research Laboratory Sornthep Vannarat Large-Scale.

NECTEC-GOC CA Self Audit 7 th APGrid PMA Face-to-Face meeting March 8 th, 2010 Large-Scale Simulation Research Laboratory Sornthep Vannarat Large-Scale.

Similar presentations

Ads by Google