PKI Scalability Issues

This report surveys different PKI technologies such as PKIX and SPKI and the issues of PKI that affect scalability. Much focus is spent on certificate revocation methodologies and status verification systems such as CRLs, Delta-CRLs, CRS, Certificate Revocation Trees, Windowed Certificate Revocation, OCSP, SCVP and DVCS.Comment: 23 pages, 2 figure

An Evaluated Certification Services System for the German National Root CA - Legally Binding and Trustworthy Transactions in E-Business and E-Government

National Root CAs enable legally binding E-Business and E-Government transactions. This is a report about the development, the evaluation and the certification of the new certification services system for the German National Root CA. We illustrate why a new certification services system was necessary, and which requirements to the new system existed. Then we derive the tasks to be done from the mentioned requirements. After that we introduce the initial situation at the beginning of the project. We report about the very process and talk about some unfamiliar situations, special approaches and remarkable experiences. Finally we present the ready IT system and its impact to E-Business and E-Government.Comment: 6 pages; 1 figure; IEEE style; final versio

User oriented access to secure biomedical resources through the grid

The life science domain is typified by heterogeneous data sets that are evolving at an exponential rate. Numerous post-genomic databases and areas of post-genomic life science research have been established and are being actively explored. Whilst many of these databases are public and freely accessible, it is often the case that researchers have data that is not so freely available and access to this data needs to be strictly controlled when distributed collaborative research is undertaken. Grid technologies provide one mechanism by which access to and integration of federated data sets is possible. Combining such data access and integration technologies with fine grained security infrastructures facilitates the establishment of virtual organisations (VO). However experience has shown that the general research (non-Grid) community are not comfortable with the Grid and its associated security models based upon public key infrastructures (PKIs). The Internet2 Shibboleth technology helps to overcome this through users only having to log in to their home site to gain access to resources across a VO – or in Shibboleth terminology a federation. In this paper we outline how we have applied the combination of Grid technologies, advanced security infrastructures and the Internet2 Shibboleth technology in several biomedical projects to provide a user-oriented model for secure access to and usage of Grid resources. We believe that this model may well become the de facto mechanism for undertaking e-Research on the Grid across numerous domains including the life sciences

Citizen Electronic Identities using TPM 2.0

Electronic Identification (eID) is becoming commonplace in several European countries. eID is typically used to authenticate to government e-services, but is also used for other services, such as public transit, e-banking, and physical security access control. Typical eID tokens take the form of physical smart cards, but successes in merging eID into phone operator SIM cards show that eID tokens integrated into a personal device can offer better usability compared to standalone tokens. At the same time, trusted hardware that enables secure storage and isolated processing of sensitive data have become commonplace both on PC platforms as well as mobile devices. Some time ago, the Trusted Computing Group (TCG) released the version 2.0 of the Trusted Platform Module (TPM) specification. We propose an eID architecture based on the new, rich authorization model introduced in the TCGs TPM 2.0. The goal of the design is to improve the overall security and usability compared to traditional smart card-based solutions. We also provide, to the best our knowledge, the first accessible description of the TPM 2.0 authorization model.Comment: This work is based on an earlier work: Citizen Electronic Identities using TPM 2.0, to appear in the Proceedings of the 4th international workshop on Trustworthy embedded devices, TrustED'14, November 3, 2014, Scottsdale, Arizona, USA, http://dx.doi.org/10.1145/2666141.266614

Experiences in teaching grid computing to advanced level students

The development of teaching materials for future software engineers is critical to the long term success of the grid. At present however there is considerable turmoil in the grid community both within the standards and the technology base underpinning these standards. In this context, it is especially challenging to develop teaching materials that have some sort of lifetime beyond the next wave of grid middleware and standards. In addition, the current way in which grid security is supported and delivered has two key problems. Firstly in the case of the UK e-Science community, scalability issues arise from a central certificate authority. Secondly, the current security mechanisms used by the grid community are not line grained enough. In this paper we outline how these issues are being addressed through the development of a grid computing module supported by an advanced authorisation infrastructure at the University of Glasgow

Development of a tool for validating ETSI AdES digital signatures as defined by the European Standard ETSI EN 319 102-1

The objectives of the various European standards for digital signatures are to establish common specifications within the European Union on how the creation and validation of these should be carried out. This makes it possible to use interoperable electronic signatures across borders of Europe. This thesis consists of the development of a tool to validate ETSI AdES digital signatures according to the European standard ETSI EN 319 102-1. For this purpose, a study of the different standards has been carried out, together with Object-Oriented Analysis and Design techniques, to achieve the implementation of the validation algorithm and the development of a unit testing framework to check its correct operation. The result is a tool capable of validating Basic Signatures, Signatures with Time and Signatures with Long-Term Validation Material of any ETSI AdES signature form (XAdES, CAdES and PAdES).Els objectius de les diferents normes europees per a les signatures digitals són establir especificacions comuns dins de la Unió Europea sobre com s'ha de dur a terme la creació i validació de les mateixes. Això fa possible l'ús de signatures electròniques interoperables a través de les fronteres d'Europa. Aquesta tesi consisteix en el desenvolupament d'una eina de validació de signatures digitals ETSI AdES segons la norma europea ETSI EN 319 102-1. Per a això, s'ha realitzat un estudi dels diferents estàndards, juntament amb tècniques d'Anàlisi i Disseny Orientat a Objectes, per aconseguir la implementació de l'algoritme de validació i el desenvolupament d'un marc de proves unitàries per a comprovar el seu correcte funcionament. El resultat és una eina capaç de validar Firmes Bàsiques, Firmes amb Temps i Firmes amb Material de Validació a Llarg Termini de qualsevol format de signatura ETSI AdES (XAdES, CAdES i PAdES).Los objetivos de las distintas normas europeas para las firmas digitales son establecer especificaciones comunes dentro de la Unión Europea sobre cómo debe llevarse a cabo la creación y validación de las mismas. Esto hace posible el uso de firmas electrónicas interoperables a través de las fronteras de Europa. Esta tesis consiste en el desarrollo de una herramienta de validación de firmas digitales ETSI AdES según la norma europea ETSI EN 319 102-1. Para ello, se ha realizado un estudio de los diferentes estándares, junto con técnicas de Análisis y Diseño Orientado a Objetos, para así lograr la implementación del algoritmo de validación y el desarrollo de un marco de pruebas unitarias para comprobar su correcto funcionamiento. El resultado es una herramienta capaz de validar Firmas Básicas, Firmas con Tiempo y Firmas con Material de Validación a Largo Plazo de cualquier formato de firma ETSI AdES (XAdES, CAdES y PAdES)