Nectec goc ca
Download
1 / 21

NECTEC-GOC CA - PowerPoint PPT Presentation


  • 85 Views
  • Uploaded on

NECTEC-GOC CA. APGrid PMA face-to-face meeting. October, 15 2006 Sornthep Vannarat National Electronics and Computer Technology Center, Thailand. Introduction. NECTEC: National Electronics and Computer Technology Center Government research institute under Ministry of Science

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' NECTEC-GOC CA' - lance-oconnor


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Nectec goc ca

NECTEC-GOC CA

APGrid PMA face-to-face meeting. October, 15 2006

Sornthep VannaratNational Electronics and Computer Technology Center, Thailand


Introduction
Introduction

  • NECTEC:National Electronics and Computer Technology Center

    • Government research institute under Ministry of Science

    • For electronics, telecommunication, computer and information technologies including Grid Computing

  • NECTEC GOC CA:NECTEC GRID Operation Center Certificate Authority

  • NECTEC GRID PMA

    • Large Scale Simulation Research Laboratory,

    • Network Technology Laboratory

    • Thai Computer Emergency Response Team


Cp cps
CP/CPS

  • Current version:1.0 (October, 2006)

  • Object ID: 1.3.6.1.4.1.25149.1.1.1.0

  • Conform to RFC 2527

  • Managed by the NECTEC GRID PMA

    • Changes in contents need to be approved by the NECTEC GRID PMA


Nectec goc ca organization

GRID CA PMA

CA Manager

CA Operator

RA Operator

NECTEC-GOC CA Organization

Table 1-2 Organization...

  • GRID CA PMA: Policy Management Authority

  • CA Manager: Administrates all tasks on the CA system

  • RA Operator:

    • Accepts and verifies User Application form

    • Checks Certificate Signing Request form

    • Informs CA to issue certificate

  • CA Operator:

    • Issues certificates

    • Manages CA and RA servers

    • Maintains the CA system

    • Manages CA private key

Remove CP/CPS 2.2.5


End entity
End Entity

  • NECTEC-GOC CA issues certificates for the following subjects:

    • Users of NECTEC.

    • Users of domestic Grid-based applications or projects.

    • Collaborators related to NECTEC Grid Computing research.


Certificate type
Certificate Type

  • User Certificate:C=TH,O=NECTEC,OU=GOC,CN=Sornthep Vannarat/

    emailAddress=sornthep@nectec.or.th

  • Grid Host Certificate:C=TH,O=NECTEC,OU=GOC, CN=host/grid64.hpcc.nectec.or.th


Identification and authentication
Identification and Authentication

  • User and Grid Host Certificate:

    • Subscriber meet in-person with RA Operator

    • RA Operator review and approve Application and Certificate Request according to user’s documents [CPS 1.3.2 and 3.1.x]


Certificate restrictions
Certificate Restrictions

  • Certificate Lifetime:

    • 13 months for End Entity certificate.

    • 10 years for CA certificate.


Issuing certificates
Issuing Certificates

  • End entities request certificates

    • Each generate keypair by itself

    • Submit Applications and Certificate Signing Request forms

  • RA Operator checks the Requests

    • RA Operator uses secure communication method e.g. signed and encrypted email


Issuing certificates cont d
Issuing Certificates (cont’d)

  • RA Operator transfers the Request to CA Operator

    • RA Operator tar ball the CSRs and copy to USB drive

    • CA Operator copy tar ball from USB drive to CA machine


Issuing certificates cont d1
Issuing Certificates (cont’d)

  • CA Operator checks CSRs and issues certificates

  • CA Operator transfers certificates to RA Operator

    • CA Operator tar ball certificates to USB drive

    • RA Operator copy tar ball into RA server

  • RA Operator publishes certificates to website and informs users by emails


Certificate revocation
Certificate Revocation

  • Certificates are revoked when

    • User private key compromised

    • Inaccurate user information suspected

    • UserObligation violated (CPS 2.1.4)

    • CA private key compromised

    • User leaves his/her organization


Revocation request procedure
Revocation Request Procedure

  • Revocation Requests can be submitted through web interface

  • OR to CA Manager


Nectec goc ca
CRL

  • CRL validity is 30 days.

  • New CRL issued

    • 7 days before expiration of previous one

    • immediately after certificate revocation


Physical security
Physical Security

  • CA Server:

    • Stored in a safe deposit box, which is protected by six-digit code

    • Not connected to network of any sort

    • Located in a room, which is restricted to CA Operator during its operations

  • CA private key:

    • Protected by passpharse 15 characters.

    • Backup in USB drive and stored in the safe box by CA Operator.



Ca room equipments 2
CA Room & Equipments (2)

  • RA Server

  • CA Machine

  • UPS



Records archival
Records Archival

  • Types of archive data:

    • All issued certificates and CRLs

    • All enrollment requests and notifications between the NECTEC-GOC CA and users.

    • Operation history of the CA key

    • Events of interest, as described in CP/CPS section 4.7.1

  • The retention period is 3 years.

  • Archived files are stored in CD or DVD located at NECTEC server room’s safe box.


Key pair
Key Pair

  • CA private key generated by CA operator using OpenCA

  • User and Grid Host key pair generated by User using e.g. grid-cert-req

  • Key Length:

    • CA Certificate 2048 bits

    • End Entity Certificate: 1024 bits


Contact information
Contact Information

Sornthep Vannarat and Suriya U-ruekolan

National Electronics and Computer Technology Center

Grid Operation Center

112 Paholyotin Road,

Klong 1, Klong Luang,

Pathumthani 12120 Thailand

Tel: (662) 564-6900 ext 2278

Fax: (662) 564-6772

Email: camanager@hpcc.nectec.or.th