Slide 1
NITTE MEENAKSHI INSTITUTE OF TECHNOLOGYGOVINDAPURA, GOLLAHALLI, YELAHANKA,BANGALORE-560064 DEPARTMENT OF INFORMATION SCIENCE AND ENGINEERING
Project Phase-3 Seminar OnOnPublic Key Infrastructure (PKI) Administration Using EJBCA and OpenCA Certifying Authority SystemsExternal Guide:Mr. Praveen D AmpattSenior Technical Officer, CDAC Internal Guide:Mrs. Vidyadevi G Biradar Assoc. Prof. Dept. Of ISE,NMITPresented By: Vinay CM.Tech 4th Sem(CNE)Dept. of ISE,NMITOUTLINE1.Introduction2.Problem Statement3.Objective4.Literature Survey5. Snapshots6.Conclusion7.References
INTRODUCTIONWith the globalization in the e-commerce, where everything is digital and is done online.
It is not just enough to transfer the documents from one person to another, but also it needs to ensure that the document retains its integrity, confirms the authenticity of the sender, provides privacy.
To maintain integrity and confidentiality, public key infrastructure (PKI) is intoduced.PKI provides robust and rigorous security measure to protect user data and credentials.Public Key Infrastructure(PKI)A public key infrastructure (PKI) is a set of hardware, software, people, policies, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates.It provides the basic security required for secure communication so that user who do not know each other can communicate securely through a chain of trust.A PKI consist of following component are: 1. Certificate Authority (CA) 2. Registration Authority (RA) 3. Security policy 4. Certificate Repository and distribution system 5. End entity
Certificate Hierarchy
ROOT CASUB CASUB CAEND USEREND USEREND USEREND USERSimple PKI Model
SubscriberProvides Proof of IdentityRegistration AuthorityVerifies Subscribers IdentityCertificate AuthorityIssues Certificate and Post in RepositoryRepositorySecurity Service of PKIThere are 4 main issues that PKI dealt with: 1. Data Integrity 2. Confidentiality 3. Identification and Authentication 4. Non-repudiation OpenSSLOpenssl is a open source tool for using the Secure Socket Layer (SSL) and Transport Layer Security (TLS) protocols for Web authentication.SSL is a secure protocol developed for sending information securely over the Internet.TLS is a protocol that ensures privacy between communicating applications and their users on the Internet.TLS is the successor to the Secure Sockets Layer (SSL).).The library includes tools for generating RSA private keys and certificate signing requests, checksum, managing certificate and performing encryption/decryption.
EnterpriseJavaBeansCertificateAuthority(EJBCA)
EJBCAis a free open source software PKI Certificate Authority.It is based on JEE5 Technology.It is flexible and platform independent.Enterprise JavaBeans are components that execute within an EJB container, under the supervision of an application server (JBOSS).EJBCA architecture consist of four parts: 1. Client 2. Web Tier 3. EJB Tier 4. Data Tier
Fig: Architecture of EJBCAOpenCAOpenCA is an open source collaborative effort to create a public key infrastructure.It is a Linux based.It is not a complete monolithic system.It is based on many Open-Source Projects. Among the required software there are OpenLDAP, OpenSSL, Apache Project, Apache mod_ssl.
Fig: OpenCA PKI ArchitectureEJBCA and OPENCA Software Requirements EJBCAOpenJDK 7Apache Ant 1.8JBOSS Application Server 7.1.1Install EJBCA 6.0.3 OPENCAOpenLDAPOpenSSLApache serverApache mod_ssl
Problem StatementPUBLIC KEY INFRASTRUCTURE (PKI)ADMINISTRATION USING EJBCA AND OPENCA CERTIFICATE AUTHORITY SYSTEMObjectivesTo provide complete comparative study on both OPENCA and EJBCA open source softwares Literature survey PAPER 1:Title: Research and application of EJBCA based on J2EEAuthor: Liyi Zhang, Qihua Liu and Min XuPublished in: The International Federation for Information Processing(IFIP).Date of published: 2011Summary: In this paper author talks about the architecture of EJBCA,installation procedure for EJBCA, Roles of EJBCA administrator.The system is divided into 4 roles: 1. Super Admin 2. CA Admin 3. RA Admin 4. SupervisorRoles of the SystemSuper AdminCA AdminSupervisorRA AdminPAPER 2:Title: Survey of EJBCA and OPENCA Certificate Authority Systems.Author: Ayesha Ishrath Ghori and Asra ParveenPublished in: IJCSEDate of Published: 2006Summary: In this paper author talks about Comparative analysis between twoleading certificate Authorities EJBCA and OPENCA.
SnapshotsStarting up the JBOSS
Browse to localhost:8080 page
Authentication
JBOSS Running
Deployment of EJBCA.EAR
Browsing to localhost:8080/ejbca home page
EJBCA Admin Web Page
Default End Entity Certificate
RootCA
Subordinate CA
End Entity certificate
Adding of End Entity Certificate
P12 file
Displaying Certificate in EJBCA Admin page
Updated CRL status for Default Management CA
Configuring OPENCA
Whats Next?Generating the Certificates in OPenCA.Comparing Both the open source software in terms.Listing out the Comparison for both EJBCA and OPENCA.Deciding which Platform is good to built the advanced features over that.ConclusionThe trust between two parties and digital signature are reinforced by components of public key infrastructure. The two Certificate Authorities EJBCA & OpenCA are providers for various clients, individual and business clients.EJBCA has been installed and generated the certificates successfully.EJBCA provides automatic CRL updates.References[1]. A Practical Approach for Implementation of Public Key Infrastructurefor Digital Signatures by M. Indra Sena Reddy, P.J. Bhat, RajeevChetwavani and K.Subba Reddy ,IIJEA in 2011[2]. www.ejbcawiki.org[3]. www. Openca pki.org[4]. http://majic.rs/book/free-software-x509-cookbook/setting-up-ejbca-as-certification-authority[5]. http://ejbca.org/older_releases/ejbca_4_0/htdocs/userguide.html .[6].
THANK YOU