update on the umu dynamic vpn r d work november 2003
Download
Skip this Video
Download Presentation
Update on the UMU Dynamic VPN R&D Work – November 2003

Loading in 2 Seconds...

play fullscreen
1 / 22

Update on the UMU Dynamic VPN R&D Work – November 2003 - PowerPoint PPT Presentation


  • 243 Views
  • Uploaded on

Update on the UMU Dynamic VPN R&D Work – November 2003. Antonio F. Gomez Skarmeta Gregorio Martinez <skarmeta, [email protected]> University of Murcia (UMU) SPAIN. Agenda. Reminder from the July’03 Meeting UMU-PKIv6: Update on the Status UMU-PBNM: Update on the Status

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' Update on the UMU Dynamic VPN R&D Work – November 2003' - devika


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
update on the umu dynamic vpn r d work november 2003

Update on the UMU Dynamic VPN R&D Work – November 2003

Antonio F. Gomez Skarmeta

Gregorio Martinez

<skarmeta, [email protected]>

University of Murcia (UMU)

SPAIN

agenda
Agenda
  • Reminder from the July’03 Meeting
  • UMU-PKIv6: Update on the Status
  • UMU-PBNM: Update on the Status
  • Collaboration Plans
umu pbnm main objective
UMU-PBNM Main Objective
  • Design and set-up a security framework to manage distributed communication systems using the PBNM paradigm
  • Features:
    • Flexible
    • Secure
    • Service and application-independent
    • Standard-based
    • IP-based
  • In collaboration with UCL-CS (through Euro6IX- 6NET project collaboration, SEINIT project)
umu pbnm proposed architecture
UMU-PBNM Proposed Architecture

Trust Management

System

Policy Management Framework

Cryptographic

Middleware

Policy

Language

UMU-PBNM (Policy

Console, PMT, PDP, PEP)

UMU-PKIv6

Java Card

Network Layer Security Services

IPsec Security Services

agenda1
Agenda
  • Reminder from the July’03 Meeting
  • UMU-PKIv6: Update on the Status
  • UMU-PBNM: Update on the Status
  • Collaboration Plans
umu pkiv6 v7 1 2
UMU-PKIv6 v7.1.2
  • Installation process highly improved (thanks to feedback from UCL-CS, and NRNS/DRDC-RDDC)
  • Version 7.1.2, supporting
    • WinCE-compatible devices (PDAs, mobile phones, etc.)
    • SSH/SCP PKCS#10 and KEYGEN (Netscape) requests
    • Support of DNSsec
    • New debug mode
  • New version (v7.2.0) will be released this week
    • OCSP and TSP applets automatically signed during the installation process
    • Log management from the web
agenda2
Agenda
  • Reminder from the July’03 Meeting
  • UMU-PKIv6: Update on the Status
  • UMU-PBNM: Update on the Status
  • Collaboration Plans
policy language
Policy Language
  • Definition of XML schemas from the IETF IPsec PIB
  • Extension of the UMU-PBNM to support IPsec policies for:
    • Linux FreeS/WAN (in both IPv4 and IPv6)
    • FreeBSD (in both IPv4 and IPv6)
umu pbnm internal components
UMU-PBNM Internal Components
  • COPS:
    • Porting of VOCAL 1.5 COPS implementation to IPv6 (in C++)
    • UMU-jCOPS (University of Murcia – Java COPS) implementation
      • Definition of all the COPS and COPS-PR messages
      • Definition of two APIs, allowing the definition of any kind of (security, QoS, mobility, routing, etc.) PDP or PEP:
        • At the message level
        • At the functionality level
      • Interoperable with VOCAL 1.5 COPS implementation
umu pbnm internal components and ii
UMU-PBNM Internal Components (and II)
  • UMU-jCOPS packages: brief description
agenda3
Agenda
  • Reminder from the July’03 Meeting
  • UMU-PKIv6: Update on the Status
  • UMU-PBNM: Update on the Status
  • Collaboration Plans
x bone v3 0 beta umu pkiv6 umu pbnm
X-Bone v3.0-beta  UMU-PKIv6  UMU-PBNM
  • X-Bone v3.0-beta being tested in our labs
  • Evaluation plan:
    • With UMU-PKIv6
      • Using UMU-PKIv6 certificates (with IPv6 addresses in the DN field) in every X-Bone node
      • Check how the DNSsec support of both systems can be integrated
      • Analyse the use of attribute certificates in the X-Bone
    • With UMU-PBNM
      • Analysing elements in X-Bone that can be dynamically managed by the UMU-PBNM proposed architecture
    • Inter-site testbed
      • Interest from UCL-CS and UMU to set-up an inter-site testbed over IPv6
      • Any other interested??
dvc umu pkiv6
DVC  UMU-PKIv6
  • DVC 0.0.2a being tested in our labs
  • DVC needs:
    • Provision of PKI + KMS functionalities
    • IPv6 support
  • DVC required features: automated …
    • certificate enrolment
    • certificate renewal
    • certificate revocation
    • certificate status checking
    • cross-certification
dvc umu pkiv6 ii
DVC  UMU-PKIv6 (II)
  • UMU-PKIv6 currently offers:
    • Automated certificate enrolment and revocation
      • SCEP server (SCEP draft version 0.5)
      • SSH server
    • Certificate status checking
      • CRLs published in LDAP servers
      • OCSP server
    • Cross-Certification
    • Certificate renewal missing!!
  • Additional components:
    • UMU-jSCEP: Java SCEP client
    • UMU-jOCSP: Java OCSP
    • Java SSH client
  • Being currently used with:
    • CISCO routers (SCEP-based)
    • 6WIND routers (SSH-based)
dvc umu pkiv6 and iii
DVC  UMU-PKIv6 (and III)
  • Decisions to be taken:
    • Support of ARLs (Authority Revocation Lists)
      • Why?: provide the status of cross-certificates
      • DVC: have to evaluate the need of supporting them
      • UMU-PKIv6: have to improve its support of ARLs
    • Use of DNSsec
      • Why?: dynamic provision of security information
      • DVC: have to study the interest on this
      • UMU-PKIv6: feature already supported
    • The use of PKIX-CMP protocol
      • Why?: providing complete certificate lifecycle management
      • DVC: defined as an interesting feature
      • UMU-PKIv6: implementation already started (both modes: simple and full)
for anyone interested in collaborating integrating and or testing
For anyone Interested in Collaborating, Integrating and/or Testing …
  • The UMU-PKIv6 v7.2.0
  • The UMU-PBNM, or any of its components (e.g. VPN Enforcement Tool, UMU-jCOPS, etc.)
  • Any other idea/line regarding the dynamic management of VPNs

please, send us an email to

Antonio F. Gomez Skarmeta <[email protected]> and/or Gregorio Martinez <[email protected]>

Thanks!!!

ad