Presentation is loading. Please wait.

Presentation is loading. Please wait.

RNP's ICP-EDU Projects PKI software and hardware for the Brazilian research community Ricardo Felipe Custódio - UFSC Ricardo Dahab - UNICAMP Jeroen van.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "RNP's ICP-EDU Projects PKI software and hardware for the Brazilian research community Ricardo Felipe Custódio - UFSC Ricardo Dahab - UNICAMP Jeroen van."— Presentation transcript:

1 RNP's ICP-EDU Projects PKI software and hardware for the Brazilian research community Ricardo Felipe Custódio - UFSC Ricardo Dahab - UNICAMP Jeroen van de Graaf - UFMG

2 227 Mar 2006TAGPMA Meeting - Rio de Janeiro RNP's ICP-EDU Projects Joint effort ● UFSC – Federal U. of Santa Catarina – LabSec – The Computer Security Lab at UFSC LabSec ● UFMG – Federal U. of Minas Gerais – LCC – The Lab for Scientific Computing at UFMG LCC ● UNICAMP – State U. of Campinas (SP) – LCA – The Lab for Applied Crypto at UNICAMP LCA ● RNP through its Working Group initiative.

3 327 Mar 2006TAGPMA Meeting - Rio de Janeiro RNP's ICP-EDU Projects ● Three working groups 2003-2004 SW for certificate life cycle management 2004-2005 Hardware Security Module (HSM) 2005-2006 Private-key management ● Total budget Aprox. R$ 300K ~ US$ 100K ● 5 faculty, 3 PhD, 10+ MSc and ugrad students See http://www.icpedu.labsec.ufsc.brhttp://www.icpedu.labsec.ufsc.br

4 427 Mar 2006TAGPMA Meeting - Rio de Janeiro ICP-EDU-I ● Software suite for issuing, publication and revocation of digital certificates as well as management of certificate revocation lists. ● Three packages – Certificate management system – Public module – Public directory ● Fully operational and tested.

5 527 Mar 2006TAGPMA Meeting - Rio de Janeiro ICP-EDU-II ● An HSM and accompanying software. ● Initially meant as CA HSMs (private key protection and usage). ● Evolved into a general purpose security module equipped with crypto hardware acceleration. ● The complete prototype package includes server and client software as well as OS for three experimental platforms.

6 627 Mar 2006TAGPMA Meeting - Rio de Janeiro HSM architecture Engine Eng-A OpenSSL Management Interface APLICATIONSAPLICATIONS Engine Eng-B Engine Software Crypto in Software Crypto in Hardware Engine Eng-C Key Management OpenHSMd Host Machine HSM PKI Mode Accelerator Mode

7 727 Mar 2006TAGPMA Meeting - Rio de Janeiro A few shots

8 827 Mar 2006TAGPMA Meeting - Rio de Janeiro A few shots

9 927 Mar 2006TAGPMA Meeting - Rio de Janeiro Prototype 1

10 1027 Mar 2006TAGPMA Meeting - Rio de Janeiro Prototype 2

11 1127 Mar 2006TAGPMA Meeting - Rio de Janeiro ICP-EDU-II ● Hardware prototypes built and key management subsystems proposed in Jean E. Martina's MSc thesis at UFSC. ● Market hardware being concluded by Kryptus Technologies in Campinas. – Security sensing systems (temperature, light, tampering). FIPS 140-2 level. -3 if a simpler version. – Low to medium throughput. – Final price in the PC range.

12 1227 Mar 2006TAGPMA Meeting - Rio de Janeiro HSM specs ● Throughput: 10-100 RSA sigs/sec ● Key generation: 1/sec ● Symmetric encryption/hash: 1Mb/sec ● Algorithms – Hash: SHA-X, 3DESMAC, MD5, HMAC – Symmetric: 3-DES, AES, Twofish, Serpent, RC4 – Public-key: RSA, ECC, DSA, DH – Random number generation: 100+ kbps – Real-time clock ● OS: FreeBSD

13 1327 Mar 2006TAGPMA Meeting - Rio de Janeiro ICP-EDU-III ● Personal management and use of private keys. ● Motivations – Cost – Flexibility – Responsibility sharing ● Initially called a Virtual Smartcard, it is evolving into a general signing tool, integrated in everyday applications. ● Encryption and authentication are in the roadmap.

14 1427 Mar 2006TAGPMA Meeting - Rio de Janeiro ICP-EDU-III ● Private key generation and sharing with authenticated server. ● Only RSA signing at first. ● May or may not use HSM in server side. ● In very early stages. ● Forecast delivery for late this year.

15 1527 Mar 2006TAGPMA Meeting - Rio de Janeiro ICP-EDU deployment ● Pilot projects in early stages of planning at UFSC, UNICAMP and UFMG. ● After that demand will rise sharply, also boosted by other national initiatives, income tax return the most visible. ● Should benefit from collaboration with groups working in authentication and authorization frameworks.

16 1627 Mar 2006TAGPMA Meeting - Rio de Janeiro Related activities ICP-EDU group is ● Working closely with RNP in its PKI- related initiatives, as TAGPMA. ● Present in Brazil's national PKI (ICP-BR) steering committee, representing the Brazilian Computing Society (SBC).

17 1727 Mar 2006TAGPMA Meeting - Rio de Janeiro Related activities ICP-EDU group is ● Present in ICP-BR's effort to produce its own FIPS-compliant PKI software and hardware. ● Part of an ongoing effort by ICP-BR to disseminate the use of digital certification.

18 1827 Mar 2006TAGPMA Meeting - Rio de Janeiro Thank you!

Download ppt "RNP's ICP-EDU Projects PKI software and hardware for the Brazilian research community Ricardo Felipe Custódio - UFSC Ricardo Dahab - UNICAMP Jeroen van."

Similar presentations

Confidential 1 Phoenix Security Architecture and DevID July 2005 Karen Zelenko Phoenix Technologies.

Confidential 1 Phoenix Security Architecture and DevID July 2005 Karen Zelenko Phoenix Technologies.
ASI-HSM Lightning our Black Box

ASI-HSM Lightning our Black Box
Trusted Symbol of the Digital Economy 1 Bill Holmes – VP Marketing ID Platform - Smart Cards.

Trusted Symbol of the Digital Economy 1 Bill Holmes – VP Marketing ID Platform - Smart Cards.
Introduction to z/OS Security Lesson 4: There’s more to it than RACF

Introduction to z/OS Security Lesson 4: There’s more to it than RACF
GOPAS TechEd 2012 PKI Design Ing. Ondřej Ševeček | GOPAS a.s. |

GOPAS TechEd 2012 PKI Design Ing. Ondřej Ševeček | GOPAS a.s. |
Identity and Access IDPrime MD 8840 and IDCore 8030 MicroSD cards

Identity and Access IDPrime MD 8840 and IDCore 8030 MicroSD cards
SSL Implementation Guide Onno W. Purbo

SSL Implementation Guide Onno W. Purbo
SafeNet Luna XML Hardware Security Module

SafeNet Luna XML Hardware Security Module
Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.

Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.
Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.

Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.
COMP043-Cryptology Week 4 – Certs and Sigs. Digital Signatures Digital signatures provide –Integrity –Authenticity and –Non-repudiation How do they work?

COMP043-Cryptology Week 4 – Certs and Sigs. Digital Signatures Digital signatures provide –Integrity –Authenticity and –Non-repudiation How do they work?
Customized Network Security Protocols Cristina Nita-Rotaru and Jeffrey Seibert SPONSORED BY DOUBLE-TAKE SOFTWARE (Jan. 2009 - July 2009) Department of.

Customized Network Security Protocols Cristina Nita-Rotaru and Jeffrey Seibert SPONSORED BY DOUBLE-TAKE SOFTWARE (Jan July 2009) Department of.
Hardware Cryptographic Coprocessor Peter R. Wihl Security in Software.

Hardware Cryptographic Coprocessor Peter R. Wihl Security in Software.
Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.

Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.
Public Key Infrastructure Ben Sangster February 23, 2006.

Public Key Infrastructure Ben Sangster February 23, 2006.
PKI in US Higher Education TAGPMA Meeting, March 2006 Rio De Janeiro, Brazil.

PKI in US Higher Education TAGPMA Meeting, March 2006 Rio De Janeiro, Brazil.
Introduction to Cryptography

Introduction to Cryptography
Kerberos and PKI Cooperation Daniel Kouřil, Luděk Matyska, Michal Procházka Masaryk University AFS & Kerberos Best Practices Workshop 2006.

Kerberos and PKI Cooperation Daniel Kouřil, Luděk Matyska, Michal Procházka Masaryk University AFS & Kerberos Best Practices Workshop 2006.
An In-Depth Examination of PKI Strengths, Weaknesses and Recommendations.

An In-Depth Examination of PKI Strengths, Weaknesses and Recommendations.
Web Security for Network and System Administrators1 Chapter 4 Encryption.

Web Security for Network and System Administrators1 Chapter 4 Encryption.

Similar presentations

Ads by Google