Update on the umu dynamic vpn r d work november 2003
This presentation is the property of its rightful owner.
Sponsored Links
1 / 22

Update on the UMU Dynamic VPN R&D Work – November 2003 PowerPoint PPT Presentation


  • 81 Views
  • Uploaded on
  • Presentation posted in: General

Update on the UMU Dynamic VPN R&D Work – November 2003. Antonio F. Gomez Skarmeta Gregorio Martinez <skarmeta, [email protected]> University of Murcia (UMU) SPAIN. Agenda. Reminder from the July’03 Meeting UMU-PKIv6: Update on the Status UMU-PBNM: Update on the Status

Download Presentation

Update on the UMU Dynamic VPN R&D Work – November 2003

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Update on the umu dynamic vpn r d work november 2003

Update on the UMU Dynamic VPN R&D Work – November 2003

Antonio F. Gomez Skarmeta

Gregorio Martinez

<skarmeta, [email protected]>

University of Murcia (UMU)

SPAIN


Agenda

Agenda

  • Reminder from the July’03 Meeting

  • UMU-PKIv6: Update on the Status

  • UMU-PBNM: Update on the Status

  • Collaboration Plans


Umu pbnm main objective

UMU-PBNM Main Objective

  • Design and set-up a security framework to manage distributed communication systems using the PBNM paradigm

  • Features:

    • Flexible

    • Secure

    • Service and application-independent

    • Standard-based

    • IP-based

  • In collaboration with UCL-CS (through Euro6IX- 6NET project collaboration, SEINIT project)


Umu pbnm proposed architecture

UMU-PBNM Proposed Architecture

Trust Management

System

Policy Management Framework

Cryptographic

Middleware

Policy

Language

UMU-PBNM (Policy

Console, PMT, PDP, PEP)

UMU-PKIv6

Java Card

Network Layer Security Services

IPsec Security Services


Update on the umu dynamic vpn r d work november 2003

General Architecture


Policy management process

3

4

2

6

1

5

7

Policy Management Process


Monitoring process

2

3

4

1

Monitoring Process


Agenda1

Agenda

  • Reminder from the July’03 Meeting

  • UMU-PKIv6: Update on the Status

  • UMU-PBNM: Update on the Status

  • Collaboration Plans


Umu pkiv6 v7 1 2

UMU-PKIv6 v7.1.2

  • Installation process highly improved (thanks to feedback from UCL-CS, and NRNS/DRDC-RDDC)

  • Version 7.1.2, supporting

    • WinCE-compatible devices (PDAs, mobile phones, etc.)

    • SSH/SCP PKCS#10 and KEYGEN (Netscape) requests

    • Support of DNSsec

    • New debug mode

  • New version (v7.2.0) will be released this week

    • OCSP and TSP applets automatically signed during the installation process

    • Log management from the web


Agenda2

Agenda

  • Reminder from the July’03 Meeting

  • UMU-PKIv6: Update on the Status

  • UMU-PBNM: Update on the Status

  • Collaboration Plans


Policy language

Policy Language

  • Definition of XML schemas from the IETF IPsec PIB

  • Extension of the UMU-PBNM to support IPsec policies for:

    • Linux FreeS/WAN (in both IPv4 and IPv6)

    • FreeBSD (in both IPv4 and IPv6)


Umu pbnm internal components

UMU-PBNM Internal Components

  • COPS:

    • Porting of VOCAL 1.5 COPS implementation to IPv6 (in C++)

    • UMU-jCOPS (University of Murcia – Java COPS) implementation

      • Definition of all the COPS and COPS-PR messages

      • Definition of two APIs, allowing the definition of any kind of (security, QoS, mobility, routing, etc.) PDP or PEP:

        • At the message level

        • At the functionality level

      • Interoperable with VOCAL 1.5 COPS implementation


Umu pbnm internal components and ii

UMU-PBNM Internal Components (and II)

  • UMU-jCOPS packages: brief description


Agenda3

Agenda

  • Reminder from the July’03 Meeting

  • UMU-PKIv6: Update on the Status

  • UMU-PBNM: Update on the Status

  • Collaboration Plans


X bone v3 0 beta umu pkiv6 umu pbnm

X-Bone v3.0-beta  UMU-PKIv6  UMU-PBNM

  • X-Bone v3.0-beta being tested in our labs

  • Evaluation plan:

    • With UMU-PKIv6

      • Using UMU-PKIv6 certificates (with IPv6 addresses in the DN field) in every X-Bone node

      • Check how the DNSsec support of both systems can be integrated

      • Analyse the use of attribute certificates in the X-Bone

    • With UMU-PBNM

      • Analysing elements in X-Bone that can be dynamically managed by the UMU-PBNM proposed architecture

    • Inter-site testbed

      • Interest from UCL-CS and UMU to set-up an inter-site testbed over IPv6

      • Any other interested??


Dvc umu pkiv6

DVC  UMU-PKIv6

  • DVC 0.0.2a being tested in our labs

  • DVC needs:

    • Provision of PKI + KMS functionalities

    • IPv6 support

  • DVC required features: automated …

    • certificate enrolment

    • certificate renewal

    • certificate revocation

    • certificate status checking

    • cross-certification


Dvc umu pkiv6 ii

DVC  UMU-PKIv6 (II)

  • UMU-PKIv6 currently offers:

    • Automated certificate enrolment and revocation

      • SCEP server (SCEP draft version 0.5)

      • SSH server

    • Certificate status checking

      • CRLs published in LDAP servers

      • OCSP server

    • Cross-Certification

    • Certificate renewal missing!!

  • Additional components:

    • UMU-jSCEP: Java SCEP client

    • UMU-jOCSP: Java OCSP

    • Java SSH client

  • Being currently used with:

    • CISCO routers (SCEP-based)

    • 6WIND routers (SSH-based)


Dvc umu pkiv6 and iii

DVC  UMU-PKIv6 (and III)

  • Decisions to be taken:

    • Support of ARLs (Authority Revocation Lists)

      • Why?: provide the status of cross-certificates

      • DVC: have to evaluate the need of supporting them

      • UMU-PKIv6: have to improve its support of ARLs

    • Use of DNSsec

      • Why?: dynamic provision of security information

      • DVC: have to study the interest on this

      • UMU-PKIv6: feature already supported

    • The use of PKIX-CMP protocol

      • Why?: providing complete certificate lifecycle management

      • DVC: defined as an interesting feature

      • UMU-PKIv6: implementation already started (both modes: simple and full)


For anyone interested in collaborating integrating and or testing

For anyone Interested in Collaborating, Integrating and/or Testing …

  • The UMU-PKIv6 v7.2.0

  • The UMU-PBNM, or any of its components (e.g. VPN Enforcement Tool, UMU-jCOPS, etc.)

  • Any other idea/line regarding the dynamic management of VPNs

    please, send us an email to

    Antonio F. Gomez Skarmeta <[email protected]> and/or Gregorio Martinez <[email protected]>

    Thanks!!!


  • Login