1 / 18

UNAMgrid

UNAMgrid . Alejandro Núñez Sandoval anunez@seguridad.unam.mx Rio de Janeiro, Brazil, 03/27/06 F2F meeting, TAGPMA. UNAMgrid Certificate Authority. UNAM, is the National University of Mexico, UNAM is one of the biggest Universities in Mexico. Student Comunity is more than 265,000 students.

yair
Download Presentation

UNAMgrid

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. UNAMgrid Alejandro Núñez Sandoval anunez@seguridad.unam.mx Rio de Janeiro, Brazil, 03/27/06 F2F meeting, TAGPMA

  2. UNAMgrid Certificate Authority • UNAM, is the National University of Mexico, UNAM is one of the biggest Universities in Mexico. • Student Comunity is more than 265,000 students. • 70% research in Mexico is doing at UNAM.

  3. UNAMgrid Overview • Actually the SuperComputing Deparment of UNAM is working on different grid projects, but these don’t include a robust CA (Globus). • Focus to UNAMgrid is R&D Community in the National University and around the country. • In first phase, the Supercomputing Deparment will be the principal “customer” to UNAMgrid services.

  4. Other CA projects • FEA project, Firma Electrónica Avanzada – Electronic advanced signature - • Provide certificates to all Comunity in Nacional University (students, academics, researchs). • RSA Solution. • UNAM-CERT Participate on this project 2 years ago. • Colaborate on the documents, security issues, etc.

  5. UNAMgrid Today Computer Security Deparment Supercomputing Deparment UNAMgrid CA

  6. UNAMgrid Today • UNAMgrid CA Members: • Juan Carlos Guel • UNAM-CERT Manager • UNAMgridCA Manager • Alejandro Nuñez • Technical Contact UNAMgrid • Israel Becerril • Technical Contact UNAMgrid

  7. UNAMgrid Certificate Authority • Services: • Management of PKI services • Web interface: http://www.unamgrid.unam.mx/ • Information about CA project in UNAMgrid. • Information in spanish and english • Research in new technologies CA.

  8. Name Space • The certificate subject name is based in X.501 standard. • Three types of CN component: • People. • Hosts. • Services.

  9. Name space examples • /C=MX/O=UNAMgridCA/O=organization/OU=organizational-unit/CN=subject-name • /C=MX/O=UNAMgridCA/O=dgsca/OU=super/CN=Juan Lopez • /C=MX/O=UNAMgridCA/O=organization/OU=org-unit/CN=host/host-dns-name • /C=MX/O=UNAMGridCA/O=dgsca/OU=super/CN=host/pki.super.unam.mx • /C=MX/O=UNAMGridCA/O=organization/OU=org-unit/CN=service/host-dns-name • /C=MX/O=UNAMGridCA/O=dgsca/OU=super/CN=ftp/ftp.super.unam.mx

  10. Certificate & Key sizes • The certificates issued by UNAMgrid CA must not be used for financial transactions. • The subscriber key size at least 1024 bits. • The UNAMgrid CA key is 2048 bits length. • The CA certificate has a validity period of 10 years

  11. UNAMgrid CA Architecture

  12. UNAMgrid Certificate Life-cycle Re-new Request Revocation Expiration

  13. Subscribe requirements • Read and adhere to the procedures described in this document. • Use certificate for the permitted purposes only. • Authorize procedures and conservation of personal data. • Generate a key pair (at least 1024bits). • Selecting a strong passphrase. • Protecting the pass phrase from others. • Never sharing the private key with other users. • Notify to UNAMgrid CA in case of private key loss or compromise;

  14. Certificate Revocation List • The subscriber has ceased to be a member associated from UNAMgrid. • Subscriber private key is lost o suspected to be compromised. • The private key of the UNAMgrid CA have been compromised or lost. • The CRL have a lifetime of 30 days. • A new CRL must be published inmediately after its issuance. • A new CRL at least 7 days before the expiration date or inmediately after having a revocation.

  15. UNAMgrid CA Security • Physical access – restricted to authorized people. • Cameras. • Cops. • UNAMgrid CA is offline.(probes will be made with our research community) • Backup every night except on weekend and holidays. • DVD backup. • Auditing security process internal. • Incident report-procedure

  16. UNAMgrid CA Status • Review in progress • Documents CP/CPS TAGPMA Committe. • Draft 0.2 issue March 5, 2006 • Website UNAMgrid. • Technical Test with OpenCA.

  17. UNAMgrid CA Further work • Spanish documents. • OpenCA test with our Research community (Mexico) • Risk assesment and contigency plans documents in progress. • RA test ( 1 Nuclear Science Department)

  18. Thank you Questions?

More Related