1 / 22

Update on the UMU Dynamic VPN R&D Work – November 2003

Update on the UMU Dynamic VPN R&D Work – November 2003. Antonio F. Gomez Skarmeta Gregorio Martinez <skarmeta, gregorio@dif.um.es> University of Murcia (UMU) SPAIN. Agenda. Reminder from the July’03 Meeting UMU-PKIv6: Update on the Status UMU-PBNM: Update on the Status

devika
Download Presentation

Update on the UMU Dynamic VPN R&D Work – November 2003

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Update on the UMU Dynamic VPN R&D Work – November 2003 Antonio F. Gomez Skarmeta Gregorio Martinez <skarmeta, gregorio@dif.um.es> University of Murcia (UMU) SPAIN

  2. Agenda • Reminder from the July’03 Meeting • UMU-PKIv6: Update on the Status • UMU-PBNM: Update on the Status • Collaboration Plans

  3. UMU-PBNM Main Objective • Design and set-up a security framework to manage distributed communication systems using the PBNM paradigm • Features: • Flexible • Secure • Service and application-independent • Standard-based • IP-based • In collaboration with UCL-CS (through Euro6IX- 6NET project collaboration, SEINIT project)

  4. UMU-PBNM Proposed Architecture Trust Management System Policy Management Framework Cryptographic Middleware Policy Language UMU-PBNM (Policy Console, PMT, PDP, PEP) UMU-PKIv6 Java Card Network Layer Security Services IPsec Security Services

  5. General Architecture

  6. 3 4 2 6 1 5 7 Policy Management Process

  7. 2 3 4 1 Monitoring Process

  8. Agenda • Reminder from the July’03 Meeting • UMU-PKIv6: Update on the Status • UMU-PBNM: Update on the Status • Collaboration Plans

  9. UMU-PKIv6 v7.1.2 • Installation process highly improved (thanks to feedback from UCL-CS, and NRNS/DRDC-RDDC) • Version 7.1.2, supporting • WinCE-compatible devices (PDAs, mobile phones, etc.) • SSH/SCP PKCS#10 and KEYGEN (Netscape) requests • Support of DNSsec • New debug mode • New version (v7.2.0) will be released this week • OCSP and TSP applets automatically signed during the installation process • Log management from the web

  10. Agenda • Reminder from the July’03 Meeting • UMU-PKIv6: Update on the Status • UMU-PBNM: Update on the Status • Collaboration Plans

  11. Policy Language • Definition of XML schemas from the IETF IPsec PIB • Extension of the UMU-PBNM to support IPsec policies for: • Linux FreeS/WAN (in both IPv4 and IPv6) • FreeBSD (in both IPv4 and IPv6)

  12. UMU-PBNM Internal Components • COPS: • Porting of VOCAL 1.5 COPS implementation to IPv6 (in C++) • UMU-jCOPS (University of Murcia – Java COPS) implementation • Definition of all the COPS and COPS-PR messages • Definition of two APIs, allowing the definition of any kind of (security, QoS, mobility, routing, etc.) PDP or PEP: • At the message level • At the functionality level • Interoperable with VOCAL 1.5 COPS implementation

  13. UMU-PBNM Internal Components (and II) • UMU-jCOPS packages: brief description

  14. Agenda • Reminder from the July’03 Meeting • UMU-PKIv6: Update on the Status • UMU-PBNM: Update on the Status • Collaboration Plans

  15. X-Bone v3.0-beta  UMU-PKIv6  UMU-PBNM • X-Bone v3.0-beta being tested in our labs • Evaluation plan: • With UMU-PKIv6 • Using UMU-PKIv6 certificates (with IPv6 addresses in the DN field) in every X-Bone node • Check how the DNSsec support of both systems can be integrated • Analyse the use of attribute certificates in the X-Bone • With UMU-PBNM • Analysing elements in X-Bone that can be dynamically managed by the UMU-PBNM proposed architecture • Inter-site testbed • Interest from UCL-CS and UMU to set-up an inter-site testbed over IPv6 • Any other interested??

  16. DVC  UMU-PKIv6 • DVC 0.0.2a being tested in our labs • DVC needs: • Provision of PKI + KMS functionalities • IPv6 support • DVC required features: automated … • certificate enrolment • certificate renewal • certificate revocation • certificate status checking • cross-certification

  17. DVC  UMU-PKIv6 (II) • UMU-PKIv6 currently offers: • Automated certificate enrolment and revocation • SCEP server (SCEP draft version 0.5) • SSH server • Certificate status checking • CRLs published in LDAP servers • OCSP server • Cross-Certification • Certificate renewal missing!! • Additional components: • UMU-jSCEP: Java SCEP client • UMU-jOCSP: Java OCSP • Java SSH client • Being currently used with: • CISCO routers (SCEP-based) • 6WIND routers (SSH-based)

  18. DVC  UMU-PKIv6 (and III) • Decisions to be taken: • Support of ARLs (Authority Revocation Lists) • Why?: provide the status of cross-certificates • DVC: have to evaluate the need of supporting them • UMU-PKIv6: have to improve its support of ARLs • Use of DNSsec • Why?: dynamic provision of security information • DVC: have to study the interest on this • UMU-PKIv6: feature already supported • The use of PKIX-CMP protocol • Why?: providing complete certificate lifecycle management • DVC: defined as an interesting feature • UMU-PKIv6: implementation already started (both modes: simple and full)

  19. For anyone Interested in Collaborating, Integrating and/or Testing … • The UMU-PKIv6 v7.2.0 • The UMU-PBNM, or any of its components (e.g. VPN Enforcement Tool, UMU-jCOPS, etc.) • Any other idea/line regarding the dynamic management of VPNs please, send us an email to Antonio F. Gomez Skarmeta <skarmeta@dif.um.es> and/or Gregorio Martinez <gregorio@dif.um.es> Thanks!!!

More Related