1 / 8

Local switch

Internet. Main switch. 128.198.162.51 128.198.162.52 128.198.162.53. NIC1 128.198.162.50 FC4 NIC2 10.0.0.1. Local switch. Domain-controller 10.0.0.10. IIS 10.0.0.11. Win-XP 10.0.0.12. SIS Network Topology And IP assignments.

chaney
Télécharger la présentation

Local switch

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Internet Main switch 128.198.162.51 128.198.162.52 128.198.162.53 NIC1 128.198.162.50 FC4 NIC2 10.0.0.1 Local switch Domain-controller 10.0.0.10 IIS 10.0.0.11 Win-XP 10.0.0.12 SIS Network Topology And IP assignments

  2. The Testbed • A 4-machine testbed has been built. • It contains the following: • Windows server 2003 with AD (The Domain Controller). • Windows server 2003 with IIS 6.0 (The web server). • Windows XP (a client). • Fedora Core 4 with IPtables-based firewall (A Gateway).

  3. The SIS Admin Tool • An admin tool is being developed to provide an easy-to-use GUI for setting up the SIS environment. • C# (C# Express 2005 IDE) has been used. • The main three components that we have so far are: • Public Key Infrastructure (PKI) setup. • Privilege Management Infrastructure (PMI) setup. • Certificates Management.

  4. Features: Creating new Certificate Authorities(CAs). Loading an existing CAs. Issuing a single digital cert (DC) and storing it in the AD, based on a GUI form. Issuing a bunch of DCs and storing them in the AD, based on a simple text file. Features: Creating new Attribute Authorities (AAs). Loading an existing AA. Issuing a single attribute cert (AC) and storing it in the AD, based on a GUI form. Issuing a bunch of ACs and storing them in the AD, based on a simple text file. PKI PMI

  5. Certificates Management • Check & validate a digital certificate. • Revoke a digital certificate. • Check & validate an attribute certificate. • Revoke an attribute certificate.

  6. Packages & techniques • OpenSSL [http://www.stunnel.org/download/binaries.html]: A wrapper compiled in binaries (exe file) has been used to implement the PKI part. • JCE-IAIK[http://jce.iaik.tugraz.at/]: A set of java APIs and implementations of cryptographic functionality that has been used to implement the PMI part. • IKVM.NET [http://www.ikvm.net]: an implementation of Java for the Microsoft .NET Framework that has been used to allow us using the IAIK java-based package in the .NET. • CryptLib [http://www.cs.auckland.ac.nz/~pgut001/cryptlib/] or [http://www.cryptlib.com]: a security toolkit that allows adding encryption and authentication services. * (We faced problems with it [files format & AC errors], therefore, we replaced it with the OpenSSL solution).

More Related