SlideShare a Scribd company logo

Certification Authority - Sergio Lietti

N
Núcleo de Computação Científica
Technology
1 of 16
Download to read offline
GridUNESP – V Workshop Certification Authority Sergio M. Lietti 16Dec2009
Open Science Grid (OSG)  OSG brings together computing and storage resources from campuses and research communities into a common, shared grid infrastructure over research networks via a common set of middleware  OSG offers participating research communities low- threshold access to more resources than they could afford individually,via a combination of dedicated, scheduled and opportunistic alternatives
Open Science Grid (OSG)  OSG has 82 sites, most of them in USA, but also in Brazil, China, Mexico, South Africa, and South Korea.  GridUnesp will be part of OSG sites soon
Security  In order to share the infrastructure between all sites, security is essencial  The Grid Security Infrastructure (GSI) uses public key cryptography (also known as asymetric cryptography) as the basis for its functionality  The primary motivations behind the GSI are:  The need for secure communication (authenticated and perhaps confidential) between elements of a computational Grid.  The need to support security across organizational boundaries, thus prohibiting a centrally-managed security system.  The need to support "single sign-on" for users of the Grid, including delegation of credentials for computations that involve multiple resources and/or sites.
Certificates  Every user and service on the Grid is identified via a certificate, which contains information vital to identifying and authenticating the user or service  A GSI certificate includes four primary pieces of information:  A subject name, which identifies the person or object that the certificate represents  The public key belonging to the subject  The identity of a Certificate Authority (CA) that has signed the certificate to certify that the public key and the identity both belong to the subject  The digital signature of the named CA
Certificates  A Certification Authority (CA) is used to certify the link between the public key and the subject in the certificate  In order to trust the certificate and its contents, the CA's certificate must be trusted  GSI certificates are encoded in the X.509 certificate format, a standard data format for certificates established by the Internet Engineering Task Force (IETF)
X.509  X.509  In cryptography, X.509 is an ITU-T standard for a public key infrastructure (PKI) for single sign-on (SSO) and Privilege Management Infrastructure (PMI)  X.509 specifies, amongst other things, standard formats for public key certificates, certificate revocation lists, attribute certificates, and a certification path validation algorithm  In the X.509 system, a CA issues a certificate binding a public key to a particular Distinguished Name in the X.500 tradition, or to an Alternative Name such as an e- mail address or a DNS-entry
Public Key Infrastructure  Public-key cryptography is a relatively new cryptographic approach whose distinguishing characteristic is the use of asymmetric key algorithms instead of or in addition to symmetric key algorithms  The asymmetric key algorithms are used to create a mathematically related key pair: a secret private key and a published public key  Encryption and authorization is performed using the public key while decryption and digital signature is performed with the private key  Each user has a pair of cryptographic keys — a public key and a private key. The private key is kept secret, whilst the public key may be widely distributed
User Certificate files  Within the Globus era the key file (userkey.pem) and the certificate file (usercert.pem) correspond to the key pair of the public-key cryptography  The userkey.pem file contains the private key encrypted with your password.  The certificate file (usercert.pem) contains your public key together with additional important informations such as the subject name of the holder of the certificate, the name of the signing CA, and the digital signature of the CA  Both files are stored inside a directory called .globus in the users´s home directory
Userkey.pem example file
Usercert.pem example file
User Certificate files  In order to obtain a valid passport to the Grid you need to create a key pair and submit your public key to the CA (this process is called as a certificate request) for a signature.  The CA will follow its certificate policy and upon successful evaluation of your request your public key will be signed and posted back to you.  The important role of the CA is to establish a trustful connection between the identity of the user and the public key in the certificate file  The digital signature of the CA in the user's certificate file officially declares that the public key in the file belongs to the specific user (subject name)
Certification Authority  Grid Certificates  Hosts and services certificates for the servers  Personal certificates for the users  Why?  Security  User and server identification  Who does issue certificates?  An Certification Authority (CA)  IGTF – The International Grid Trust Federation (TAGPMA, EUGridPMA, APGridPMA, TACAR)  TAGPMA – The Americas Grid Police Management Authority
ANSP Grid Certification Authority  Local Certification Authorities  Brazil – UFF Brazilian Grid CA  São Paulo – the Academic Network at São Paulo Grid CA - soon  Users of ANSP Grid CA  Researchers from GridUNESP projetc  Researchers from the state of São Paulo  ANSP Grid CA will  offer a free X509 certification service for academic research and development activities in the e-Science and Grid Computing Communities of the state of São Paulo
ANSP Grid CA Deployment  ANSP is already a member of TAGPMA  Present status: Accreditation Process.  Recently, ANSP has bought two Hardware Security Modules (HSM´s) to generate its root certificate  TAGPMA accreditation allows members to interoperate with other IGTF participants in worldwide collaborations on the Grid
In the meantime  User certificates will be issued by Simple-CA (globus package) installed on GridUnesp main server  Those certificates will allow users to submit jobs only to GridUnesp machines  A web page is being constructed so users can request their certificates  Requests will be approved by Research Groups leaders and signed certificates will then be sent to users

Recommended

Certification authority
Certification authorityCertification authority
Certification authorityproser tech
 
Ch12 Cryptographic Protocols and Public Key Infrastructure
Ch12 Cryptographic Protocols and Public Key InfrastructureCh12 Cryptographic Protocols and Public Key Infrastructure
Ch12 Cryptographic Protocols and Public Key InfrastructureInformation Technology
 
Ch14
Ch14Ch14
Ch14Joe Christensen
 
Digital Certificates and Secure Web Access
Digital Certificates and Secure Web AccessDigital Certificates and Secure Web Access
Digital Certificates and Secure Web Accessbluntm64
 
SSL Certificate and Code Signing
SSL Certificate and Code SigningSSL Certificate and Code Signing
SSL Certificate and Code SigningLi-Wei Yao
 
How Does Code Signing Works?
How Does Code Signing Works?How Does Code Signing Works?
How Does Code Signing Works?AboutSSL
 
Digital certificate & signature
Digital certificate & signatureDigital certificate & signature
Digital certificate & signatureNetri Chowdhary
 
Impact of digital certificate in network security
Impact of digital certificate in network securityImpact of digital certificate in network security
Impact of digital certificate in network securityrhassan84
 

Recommended

Certification authority
Certification authorityCertification authority
Certification authorityproser tech
 
Ch12 Cryptographic Protocols and Public Key Infrastructure
Ch12 Cryptographic Protocols and Public Key InfrastructureCh12 Cryptographic Protocols and Public Key Infrastructure
Ch12 Cryptographic Protocols and Public Key InfrastructureInformation Technology
 
Ch14
Ch14Ch14
Ch14Joe Christensen
 
Digital Certificates and Secure Web Access
Digital Certificates and Secure Web AccessDigital Certificates and Secure Web Access
Digital Certificates and Secure Web Accessbluntm64
 
SSL Certificate and Code Signing
SSL Certificate and Code SigningSSL Certificate and Code Signing
SSL Certificate and Code SigningLi-Wei Yao
 
How Does Code Signing Works?
How Does Code Signing Works?How Does Code Signing Works?
How Does Code Signing Works?AboutSSL
 
Digital certificate & signature
Digital certificate & signatureDigital certificate & signature
Digital certificate & signatureNetri Chowdhary
 
Impact of digital certificate in network security
Impact of digital certificate in network securityImpact of digital certificate in network security
Impact of digital certificate in network securityrhassan84
 
Digital signature & PKI Infrastructure
Digital signature & PKI InfrastructureDigital signature & PKI Infrastructure
Digital signature & PKI InfrastructureShubham Sharma
 
Understanding Digital Certificates & Secure Sockets Layer
Understanding Digital Certificates & Secure Sockets LayerUnderstanding Digital Certificates & Secure Sockets Layer
Understanding Digital Certificates & Secure Sockets LayerCheapSSLUSA
 
X 509 Certificates How And Why In Vb.Net
X 509 Certificates How And Why In Vb.NetX 509 Certificates How And Why In Vb.Net
X 509 Certificates How And Why In Vb.NetPuneet Arora
 
PKI by Tim Polk
PKI by Tim PolkPKI by Tim Polk
PKI by Tim PolkInformation Security Awareness Group
 
Pki for dummies
Pki for dummiesPki for dummies
Pki for dummiesAlex de Jong
 
Introduction to Public Key Infrastructure
Introduction to Public Key InfrastructureIntroduction to Public Key Infrastructure
Introduction to Public Key InfrastructureTheo Gravity
 
Implementing Public-Key-Infrastructures
Implementing Public-Key-InfrastructuresImplementing Public-Key-Infrastructures
Implementing Public-Key-InfrastructuresOliver Pfaff
 
x.509-Directory Authentication Service
x.509-Directory Authentication Servicex.509-Directory Authentication Service
x.509-Directory Authentication ServiceSwathy T
 
Implementing MITREid - CIS 2014 Presentation
Implementing MITREid - CIS 2014 PresentationImplementing MITREid - CIS 2014 Presentation
Implementing MITREid - CIS 2014 PresentationJustin Richer
 
Digital certificates and information security
Digital certificates and information securityDigital certificates and information security
Digital certificates and information securityDevam Shah
 
Multi-Factor Authentication & Authorisation
Multi-Factor Authentication & AuthorisationMulti-Factor Authentication & Authorisation
Multi-Factor Authentication & AuthorisationUbisecure
 
Authentication services
Authentication servicesAuthentication services
Authentication servicesGreater Noida Institute Of Technology
 
Public key Infrastructure (PKI)
Public key Infrastructure (PKI)Public key Infrastructure (PKI)
Public key Infrastructure (PKI)Venkatesh Jambulingam
 
Digital certificates & its importance
Digital certificates & its importanceDigital certificates & its importance
Digital certificates & its importancesvm
 
PKI and Applications
PKI and ApplicationsPKI and Applications
PKI and ApplicationsSvetlin Nakov
 
Building basic public key infrastucture (PKI)
Building basic public key infrastucture (PKI)Building basic public key infrastucture (PKI)
Building basic public key infrastucture (PKI)Ismail Rachdaoui
 
Digital signature & certificate
Digital signature & certificateDigital signature & certificate
Digital signature & certificateNetGains Technologies Pvt. Ltd.
 
Scott Rea - IoT: Taking PKI Where No PKI Has Gone Before
Scott Rea - IoT: Taking PKI Where No PKI Has Gone BeforeScott Rea - IoT: Taking PKI Where No PKI Has Gone Before
Scott Rea - IoT: Taking PKI Where No PKI Has Gone BeforeDigiCert, Inc.
 
OAuth 2.0 and OpenID Connect
OAuth 2.0 and OpenID ConnectOAuth 2.0 and OpenID Connect
OAuth 2.0 and OpenID ConnectJacob Combs
 
CERTIFYING AUTHORITY
CERTIFYING AUTHORITYCERTIFYING AUTHORITY
CERTIFYING AUTHORITYStartupSolicitors
 
Authentication and Authorization Models
Authentication and Authorization ModelsAuthentication and Authorization Models
Authentication and Authorization ModelsCSCJournals
 
Security Mechanisms for Precious Data Protection of Divergent Heterogeneous G...
Security Mechanisms for Precious Data Protection of Divergent Heterogeneous G...Security Mechanisms for Precious Data Protection of Divergent Heterogeneous G...
Security Mechanisms for Precious Data Protection of Divergent Heterogeneous G...RSIS International
 

More Related Content

What's hot

Digital signature & PKI Infrastructure
Digital signature & PKI InfrastructureDigital signature & PKI Infrastructure
Digital signature & PKI InfrastructureShubham Sharma
 
Understanding Digital Certificates & Secure Sockets Layer
Understanding Digital Certificates & Secure Sockets LayerUnderstanding Digital Certificates & Secure Sockets Layer
Understanding Digital Certificates & Secure Sockets LayerCheapSSLUSA
 
X 509 Certificates How And Why In Vb.Net
X 509 Certificates How And Why In Vb.NetX 509 Certificates How And Why In Vb.Net
X 509 Certificates How And Why In Vb.NetPuneet Arora
 
Introduction to Public Key Infrastructure
Introduction to Public Key InfrastructureIntroduction to Public Key Infrastructure
Introduction to Public Key InfrastructureTheo Gravity
 
Implementing Public-Key-Infrastructures
Implementing Public-Key-InfrastructuresImplementing Public-Key-Infrastructures
Implementing Public-Key-InfrastructuresOliver Pfaff
 
x.509-Directory Authentication Service
x.509-Directory Authentication Servicex.509-Directory Authentication Service
x.509-Directory Authentication ServiceSwathy T
 
Implementing MITREid - CIS 2014 Presentation
Implementing MITREid - CIS 2014 PresentationImplementing MITREid - CIS 2014 Presentation
Implementing MITREid - CIS 2014 PresentationJustin Richer
 
Digital certificates and information security
Digital certificates and information securityDigital certificates and information security
Digital certificates and information securityDevam Shah
 
Multi-Factor Authentication & Authorisation
Multi-Factor Authentication & AuthorisationMulti-Factor Authentication & Authorisation
Multi-Factor Authentication & AuthorisationUbisecure
 
Digital certificates & its importance
Digital certificates & its importanceDigital certificates & its importance
Digital certificates & its importancesvm
 
PKI and Applications
PKI and ApplicationsPKI and Applications
PKI and ApplicationsSvetlin Nakov
 
Building basic public key infrastucture (PKI)
Building basic public key infrastucture (PKI)Building basic public key infrastucture (PKI)
Building basic public key infrastucture (PKI)Ismail Rachdaoui
 
Scott Rea - IoT: Taking PKI Where No PKI Has Gone Before
Scott Rea - IoT: Taking PKI Where No PKI Has Gone BeforeScott Rea - IoT: Taking PKI Where No PKI Has Gone Before
Scott Rea - IoT: Taking PKI Where No PKI Has Gone BeforeDigiCert, Inc.
 
OAuth 2.0 and OpenID Connect
OAuth 2.0 and OpenID ConnectOAuth 2.0 and OpenID Connect
OAuth 2.0 and OpenID ConnectJacob Combs
 

What's hot (20)

Digital signature & PKI Infrastructure
Digital signature & PKI InfrastructureDigital signature & PKI Infrastructure
Digital signature & PKI Infrastructure
 
Understanding Digital Certificates & Secure Sockets Layer
Understanding Digital Certificates & Secure Sockets LayerUnderstanding Digital Certificates & Secure Sockets Layer
Understanding Digital Certificates & Secure Sockets Layer
 
X 509 Certificates How And Why In Vb.Net
X 509 Certificates How And Why In Vb.NetX 509 Certificates How And Why In Vb.Net
X 509 Certificates How And Why In Vb.Net
 
PKI by Tim Polk
PKI by Tim PolkPKI by Tim Polk
PKI by Tim Polk
 
Pki for dummies
Pki for dummiesPki for dummies
Pki for dummies
 
Introduction to Public Key Infrastructure
Introduction to Public Key InfrastructureIntroduction to Public Key Infrastructure
Introduction to Public Key Infrastructure
 
Implementing Public-Key-Infrastructures
Implementing Public-Key-InfrastructuresImplementing Public-Key-Infrastructures
Implementing Public-Key-Infrastructures
 
x.509-Directory Authentication Service
x.509-Directory Authentication Servicex.509-Directory Authentication Service
x.509-Directory Authentication Service
 
Implementing MITREid - CIS 2014 Presentation
Implementing MITREid - CIS 2014 PresentationImplementing MITREid - CIS 2014 Presentation
Implementing MITREid - CIS 2014 Presentation
 
Digital certificates and information security
Digital certificates and information securityDigital certificates and information security
Digital certificates and information security
 
Multi-Factor Authentication & Authorisation
Multi-Factor Authentication & AuthorisationMulti-Factor Authentication & Authorisation
Multi-Factor Authentication & Authorisation
 
Authentication services
Authentication servicesAuthentication services
Authentication services
 
Public key Infrastructure (PKI)
Public key Infrastructure (PKI)Public key Infrastructure (PKI)
Public key Infrastructure (PKI)
 
Digital certificates & its importance
Digital certificates & its importanceDigital certificates & its importance
Digital certificates & its importance
 
PKI and Applications
PKI and ApplicationsPKI and Applications
PKI and Applications
 
Building basic public key infrastucture (PKI)
Building basic public key infrastucture (PKI)Building basic public key infrastucture (PKI)
Building basic public key infrastucture (PKI)
 
Digital signature & certificate
Digital signature & certificateDigital signature & certificate
Digital signature & certificate
 
Scott Rea - IoT: Taking PKI Where No PKI Has Gone Before
Scott Rea - IoT: Taking PKI Where No PKI Has Gone BeforeScott Rea - IoT: Taking PKI Where No PKI Has Gone Before
Scott Rea - IoT: Taking PKI Where No PKI Has Gone Before
 
OAuth 2.0 and OpenID Connect
OAuth 2.0 and OpenID ConnectOAuth 2.0 and OpenID Connect
OAuth 2.0 and OpenID Connect
 
CERTIFYING AUTHORITY
CERTIFYING AUTHORITYCERTIFYING AUTHORITY
CERTIFYING AUTHORITY
 

Similar to Certification Authority - Sergio Lietti

Authentication and Authorization Models
Authentication and Authorization ModelsAuthentication and Authorization Models
Authentication and Authorization ModelsCSCJournals
 
Security Mechanisms for Precious Data Protection of Divergent Heterogeneous G...
Security Mechanisms for Precious Data Protection of Divergent Heterogeneous G...Security Mechanisms for Precious Data Protection of Divergent Heterogeneous G...
Security Mechanisms for Precious Data Protection of Divergent Heterogeneous G...RSIS International
 
317c0cdb 81da-40f9-84f2-1c5fba2f4b2d
317c0cdb 81da-40f9-84f2-1c5fba2f4b2d317c0cdb 81da-40f9-84f2-1c5fba2f4b2d
317c0cdb 81da-40f9-84f2-1c5fba2f4b2dP2PSystem
 
Define PKI (Public Key Infrastructure) and list and discuss the type.pdf
Define PKI (Public Key Infrastructure) and list and discuss the type.pdfDefine PKI (Public Key Infrastructure) and list and discuss the type.pdf
Define PKI (Public Key Infrastructure) and list and discuss the type.pdfxlynettalampleyxc
 
Ijarcet vol-2-issue-7-2307-2310
Ijarcet vol-2-issue-7-2307-2310Ijarcet vol-2-issue-7-2307-2310
Ijarcet vol-2-issue-7-2307-2310Editor IJARCET
 
Ijarcet vol-2-issue-7-2307-2310
Ijarcet vol-2-issue-7-2307-2310Ijarcet vol-2-issue-7-2307-2310
Ijarcet vol-2-issue-7-2307-2310Editor IJARCET
 
COST-EFFECTIVE AUTHENTIC AND ANONYMOUS DATA SHARING WITH FORWARD SECURITY
COST-EFFECTIVE AUTHENTIC AND ANONYMOUS DATA SHARING WITH FORWARD SECURITYCOST-EFFECTIVE AUTHENTIC AND ANONYMOUS DATA SHARING WITH FORWARD SECURITY
COST-EFFECTIVE AUTHENTIC AND ANONYMOUS DATA SHARING WITH FORWARD SECURITYShakas Technologies
 
Authorization Policy in a PKI Environment Mary Thompson Srilekha Mudumbai A...
Authorization Policy in a PKI Environment Mary Thompson Srilekha Mudumbai A... Authorization Policy in a PKI Environment Mary Thompson Srilekha Mudumbai A...
Authorization Policy in a PKI Environment Mary Thompson Srilekha Mudumbai A...Information Security Awareness Group
 
Grid security seminar mohit modi
Grid security seminar mohit modiGrid security seminar mohit modi
Grid security seminar mohit modiMohit Modi
 
Mohit seminar gs.cse2012
Mohit seminar gs.cse2012Mohit seminar gs.cse2012
Mohit seminar gs.cse2012Mohit Modi
 
Module 4 network and computer security
Module 4 network and computer securityModule 4 network and computer security
Module 4 network and computer securityDeepak John
 
public key infrastructure
public key infrastructurepublic key infrastructure
public key infrastructurevimal kumar
 
I would appreciate help with these 4 questions. Thank You.1) Expla.pdf
I would appreciate help with these 4 questions. Thank You.1) Expla.pdfI would appreciate help with these 4 questions. Thank You.1) Expla.pdf
I would appreciate help with these 4 questions. Thank You.1) Expla.pdfJUSTSTYLISH3B2MOHALI
 
Mutual query data sharing protocol for public key encryption through chosen-c...
Mutual query data sharing protocol for public key encryption through chosen-c...Mutual query data sharing protocol for public key encryption through chosen-c...
Mutual query data sharing protocol for public key encryption through chosen-c...IJECEIAES
 
Narrative of digital signature technology and moving forward
Narrative of digital signature technology and moving forwardNarrative of digital signature technology and moving forward
Narrative of digital signature technology and moving forwardConference Papers
 
Oralce SSL walelt -TCPS_Troubleshooting_PB.pptx
Oralce SSL walelt -TCPS_Troubleshooting_PB.pptxOralce SSL walelt -TCPS_Troubleshooting_PB.pptx
Oralce SSL walelt -TCPS_Troubleshooting_PB.pptxssuser865ecd
 
Attribute-Based Data Sharing
Attribute-Based Data SharingAttribute-Based Data Sharing
Attribute-Based Data SharingIJERA Editor
 

Similar to Certification Authority - Sergio Lietti (20)

Authentication and Authorization Models
Authentication and Authorization ModelsAuthentication and Authorization Models
Authentication and Authorization Models
 
Security Mechanisms for Precious Data Protection of Divergent Heterogeneous G...
Security Mechanisms for Precious Data Protection of Divergent Heterogeneous G...Security Mechanisms for Precious Data Protection of Divergent Heterogeneous G...
Security Mechanisms for Precious Data Protection of Divergent Heterogeneous G...
 
317c0cdb 81da-40f9-84f2-1c5fba2f4b2d
317c0cdb 81da-40f9-84f2-1c5fba2f4b2d317c0cdb 81da-40f9-84f2-1c5fba2f4b2d
317c0cdb 81da-40f9-84f2-1c5fba2f4b2d
 
Define PKI (Public Key Infrastructure) and list and discuss the type.pdf
Define PKI (Public Key Infrastructure) and list and discuss the type.pdfDefine PKI (Public Key Infrastructure) and list and discuss the type.pdf
Define PKI (Public Key Infrastructure) and list and discuss the type.pdf
 
Ijarcet vol-2-issue-7-2307-2310
Ijarcet vol-2-issue-7-2307-2310Ijarcet vol-2-issue-7-2307-2310
Ijarcet vol-2-issue-7-2307-2310
 
Ijarcet vol-2-issue-7-2307-2310
Ijarcet vol-2-issue-7-2307-2310Ijarcet vol-2-issue-7-2307-2310
Ijarcet vol-2-issue-7-2307-2310
 
COST-EFFECTIVE AUTHENTIC AND ANONYMOUS DATA SHARING WITH FORWARD SECURITY
COST-EFFECTIVE AUTHENTIC AND ANONYMOUS DATA SHARING WITH FORWARD SECURITYCOST-EFFECTIVE AUTHENTIC AND ANONYMOUS DATA SHARING WITH FORWARD SECURITY
COST-EFFECTIVE AUTHENTIC AND ANONYMOUS DATA SHARING WITH FORWARD SECURITY
 
Authorization Policy in a PKI Environment Mary Thompson Srilekha Mudumbai A...
Authorization Policy in a PKI Environment Mary Thompson Srilekha Mudumbai A... Authorization Policy in a PKI Environment Mary Thompson Srilekha Mudumbai A...
Authorization Policy in a PKI Environment Mary Thompson Srilekha Mudumbai A...
 
Grid security seminar mohit modi
Grid security seminar mohit modiGrid security seminar mohit modi
Grid security seminar mohit modi
 
www.ijerd.com
www.ijerd.comwww.ijerd.com
www.ijerd.com
 
Mohit seminar gs.cse2012
Mohit seminar gs.cse2012Mohit seminar gs.cse2012
Mohit seminar gs.cse2012
 
IS-Crypttools.pptx
IS-Crypttools.pptxIS-Crypttools.pptx
IS-Crypttools.pptx
 
Module 4 network and computer security
Module 4 network and computer securityModule 4 network and computer security
Module 4 network and computer security
 
public key infrastructure
public key infrastructurepublic key infrastructure
public key infrastructure
 
I would appreciate help with these 4 questions. Thank You.1) Expla.pdf
I would appreciate help with these 4 questions. Thank You.1) Expla.pdfI would appreciate help with these 4 questions. Thank You.1) Expla.pdf
I would appreciate help with these 4 questions. Thank You.1) Expla.pdf
 
10. grid security
10. grid security10. grid security
10. grid security
 
Mutual query data sharing protocol for public key encryption through chosen-c...
Mutual query data sharing protocol for public key encryption through chosen-c...Mutual query data sharing protocol for public key encryption through chosen-c...
Mutual query data sharing protocol for public key encryption through chosen-c...
 
Narrative of digital signature technology and moving forward
Narrative of digital signature technology and moving forwardNarrative of digital signature technology and moving forward
Narrative of digital signature technology and moving forward
 
Oralce SSL walelt -TCPS_Troubleshooting_PB.pptx
Oralce SSL walelt -TCPS_Troubleshooting_PB.pptxOralce SSL walelt -TCPS_Troubleshooting_PB.pptx
Oralce SSL walelt -TCPS_Troubleshooting_PB.pptx
 
Attribute-Based Data Sharing
Attribute-Based Data SharingAttribute-Based Data Sharing
Attribute-Based Data Sharing
 

More from Núcleo de Computação Científica

Atualização Deployment - Hardware e Middleware - Rogério Iope
Atualização Deployment - Hardware e Middleware - Rogério IopeAtualização Deployment - Hardware e Middleware - Rogério Iope
Atualização Deployment - Hardware e Middleware - Rogério IopeNúcleo de Computação Científica
 
Atualização Deployment - Hardware e Middleware - Gabriel Winckler
Atualização Deployment - Hardware e Middleware - Gabriel WincklerAtualização Deployment - Hardware e Middleware - Gabriel Winckler
Atualização Deployment - Hardware e Middleware - Gabriel WincklerNúcleo de Computação Científica
 

More from Núcleo de Computação Científica (9)

Cadastramento de Projetos - Gabriel Winckler
Cadastramento de Projetos - Gabriel WincklerCadastramento de Projetos - Gabriel Winckler
Cadastramento de Projetos - Gabriel Winckler
 
Atualização Deployment - Rede - José Roberto
Atualização Deployment - Rede - José RobertoAtualização Deployment - Rede - José Roberto
Atualização Deployment - Rede - José Roberto
 
Atualização Deployment - Hardware e Middleware - Rogério Iope
Atualização Deployment - Hardware e Middleware - Rogério IopeAtualização Deployment - Hardware e Middleware - Rogério Iope
Atualização Deployment - Hardware e Middleware - Rogério Iope
 
Atualização Deployment - Hardware e Middleware - Gabriel Winckler
Atualização Deployment - Hardware e Middleware - Gabriel WincklerAtualização Deployment - Hardware e Middleware - Gabriel Winckler
Atualização Deployment - Hardware e Middleware - Gabriel Winckler
 
Softwares no Cluster - Ney Lemke
Softwares no Cluster - Ney LemkeSoftwares no Cluster - Ney Lemke
Softwares no Cluster - Ney Lemke
 
Osg - Horst Severini
Osg - Horst SeveriniOsg - Horst Severini
Osg - Horst Severini
 
Submissão de Jobs - Marco Dias
Submissão de Jobs - Marco DiasSubmissão de Jobs - Marco Dias
Submissão de Jobs - Marco Dias
 
Atualização Deployment - Rede - Rogério Iope
Atualização Deployment - Rede - Rogério IopeAtualização Deployment - Rede - Rogério Iope
Atualização Deployment - Rede - Rogério Iope
 
Treinamento em Grid
Treinamento em GridTreinamento em Grid
Treinamento em Grid
 

Recently uploaded

Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAndikSusilo4
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 

Recently uploaded (20)

Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & Application
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
The transition to renewables in India.pdf
The transition to renewables in India.pdfThe transition to renewables in India.pdf
The transition to renewables in India.pdf
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 

Certification Authority - Sergio Lietti

  • 1. GridUNESP – V Workshop Certification Authority Sergio M. Lietti 16Dec2009
  • 2. Open Science Grid (OSG)  OSG brings together computing and storage resources from campuses and research communities into a common, shared grid infrastructure over research networks via a common set of middleware  OSG offers participating research communities low- threshold access to more resources than they could afford individually,via a combination of dedicated, scheduled and opportunistic alternatives
  • 3. Open Science Grid (OSG)  OSG has 82 sites, most of them in USA, but also in Brazil, China, Mexico, South Africa, and South Korea.  GridUnesp will be part of OSG sites soon
  • 4. Security  In order to share the infrastructure between all sites, security is essencial  The Grid Security Infrastructure (GSI) uses public key cryptography (also known as asymetric cryptography) as the basis for its functionality  The primary motivations behind the GSI are:  The need for secure communication (authenticated and perhaps confidential) between elements of a computational Grid.  The need to support security across organizational boundaries, thus prohibiting a centrally-managed security system.  The need to support "single sign-on" for users of the Grid, including delegation of credentials for computations that involve multiple resources and/or sites.
  • 5. Certificates  Every user and service on the Grid is identified via a certificate, which contains information vital to identifying and authenticating the user or service  A GSI certificate includes four primary pieces of information:  A subject name, which identifies the person or object that the certificate represents  The public key belonging to the subject  The identity of a Certificate Authority (CA) that has signed the certificate to certify that the public key and the identity both belong to the subject  The digital signature of the named CA
  • 6. Certificates  A Certification Authority (CA) is used to certify the link between the public key and the subject in the certificate  In order to trust the certificate and its contents, the CA's certificate must be trusted  GSI certificates are encoded in the X.509 certificate format, a standard data format for certificates established by the Internet Engineering Task Force (IETF)
  • 7. X.509  X.509  In cryptography, X.509 is an ITU-T standard for a public key infrastructure (PKI) for single sign-on (SSO) and Privilege Management Infrastructure (PMI)  X.509 specifies, amongst other things, standard formats for public key certificates, certificate revocation lists, attribute certificates, and a certification path validation algorithm  In the X.509 system, a CA issues a certificate binding a public key to a particular Distinguished Name in the X.500 tradition, or to an Alternative Name such as an e- mail address or a DNS-entry
  • 8. Public Key Infrastructure  Public-key cryptography is a relatively new cryptographic approach whose distinguishing characteristic is the use of asymmetric key algorithms instead of or in addition to symmetric key algorithms  The asymmetric key algorithms are used to create a mathematically related key pair: a secret private key and a published public key  Encryption and authorization is performed using the public key while decryption and digital signature is performed with the private key  Each user has a pair of cryptographic keys — a public key and a private key. The private key is kept secret, whilst the public key may be widely distributed
  • 9. User Certificate files  Within the Globus era the key file (userkey.pem) and the certificate file (usercert.pem) correspond to the key pair of the public-key cryptography  The userkey.pem file contains the private key encrypted with your password.  The certificate file (usercert.pem) contains your public key together with additional important informations such as the subject name of the holder of the certificate, the name of the signing CA, and the digital signature of the CA  Both files are stored inside a directory called .globus in the users´s home directory
  • 12. User Certificate files  In order to obtain a valid passport to the Grid you need to create a key pair and submit your public key to the CA (this process is called as a certificate request) for a signature.  The CA will follow its certificate policy and upon successful evaluation of your request your public key will be signed and posted back to you.  The important role of the CA is to establish a trustful connection between the identity of the user and the public key in the certificate file  The digital signature of the CA in the user's certificate file officially declares that the public key in the file belongs to the specific user (subject name)
  • 13. Certification Authority  Grid Certificates  Hosts and services certificates for the servers  Personal certificates for the users  Why?  Security  User and server identification  Who does issue certificates?  An Certification Authority (CA)  IGTF – The International Grid Trust Federation (TAGPMA, EUGridPMA, APGridPMA, TACAR)  TAGPMA – The Americas Grid Police Management Authority
  • 14. ANSP Grid Certification Authority  Local Certification Authorities  Brazil – UFF Brazilian Grid CA  São Paulo – the Academic Network at São Paulo Grid CA - soon  Users of ANSP Grid CA  Researchers from GridUNESP projetc  Researchers from the state of São Paulo  ANSP Grid CA will  offer a free X509 certification service for academic research and development activities in the e-Science and Grid Computing Communities of the state of São Paulo
  • 15. ANSP Grid CA Deployment  ANSP is already a member of TAGPMA  Present status: Accreditation Process.  Recently, ANSP has bought two Hardware Security Modules (HSM´s) to generate its root certificate  TAGPMA accreditation allows members to interoperate with other IGTF participants in worldwide collaborations on the Grid
  • 16. In the meantime  User certificates will be issued by Simple-CA (globus package) installed on GridUnesp main server  Those certificates will allow users to submit jobs only to GridUnesp machines  A web page is being constructed so users can request their certificates  Requests will be approved by Research Groups leaders and signed certificates will then be sent to users