keystone european cross domain pki architecture sokratis k. katsikas professor & head dept. of...

KEYSTONEKEYSTONE

EUROPEAN CROSS DOMAIN PKI ARCHITECTUREEUROPEAN CROSS DOMAIN PKI ARCHITECTURE

Sokratis K. KatsikasSokratis K. Katsikas

Professor & HeadProfessor & Head

Dept. of Information & Communication SystemsDept. of Information & Communication Systems

University of the AegeanUniversity of the Aegean

6/5/1998 K E Y S T O N E 2

Project Participants

EXPERTNET S.A. (Greece)– University of the Aegean (Greece)

IGNIS Technologies Ltd. (Ireland)

6/5/1998 K E Y S T O N E 3

Project objective

The main aim of KEYSTONE is to specify a logical PKI architecture which is robust, robust, scaleable, based on standards, extensible, scaleable, based on standards, extensible, flexible flexible andand useful useful across application across application domains and national and administrative domains and national and administrative boundaries.boundaries.

6/5/1998 K E Y S T O N E 4

Technical Approach

ACTS

INFOSEC

ARCHITECTUREMETHODOLOGIES

USERREQUIREMENTS

TTP SERVICES& INFRASTRUCTURES

FUNCTIONALSPECS

REFERENCEMODEL

FUNCTIONAL ARCHITECTURE

ARCHITECTURE

TECHNOLOGIESTECHNOLOGY EVALUATION

STANDARDS BUSINESS MODEL

MANAGEMENTARCHITECTURE

TECHNOLOGYPROFILES

6/5/1998 K E Y S T O N E 5

WP1: D 1.1 & D 1.2

INFOSEC projectsINFOSEC projects– The Nilson Marinade review report

– S2101 project

– THIS & TrustHealth-ETS in healthcare

– TESTFIT in freight

– BOLERO in shipping

– Ebridge in distributed business services

– EAGLE in several commercial activities

ACTS projectsACTS projects– ABS

– GAIA

– MULTIMEDIATOR

– OSM

Overview of related INFOSEC and ACTS projectsOverview of related INFOSEC and ACTS projects

6/5/1998 K E Y S T O N E 6

D 1.1 TTP User Requirements Report: INFOSEC and ACTS Projects ReviewTTP User Requirements Report: INFOSEC and ACTS Projects Review

Issues studied:– Main objectives and description.

– Technical overview.

– How common threats are dealt with.

– Organizational, legal and regulatory issues.

– Achievements and expected impact.

Result:– Correlation of each project’s results and cross domain

statement of the tools and services needed by TTP users.

6/5/1998 K E Y S T O N E 7

Conclusions of the user requirements capture process

Minimal set of securityservices:– authentication of users– integrity of messages– privacy and confidentiality of

messages– non-repudiation of message

origin and destination– availability of services– ease of use

Additional services:– anonymity of participants– uniqueness of documents– protection from abuse of

any participant by another

Key escrow: Addressed only by EAGLE.

6/5/1998 K E Y S T O N E 8

D 1.2TTP services: INFOSEC Projects ReviewTTP services: INFOSEC Projects Review

Issues studied:– Trust model.– Certification infrastructure.– Functions and services for supporting the certification

process.

6/5/1998 K E Y S T O N E 9

Conclusions of Deliverable 1.2 An overview of TTP infrastructures. An overview of TTP services:

– Primary services (e.g. certificate and key management).

– Secondary services (e.g. audit and underwriting).

– Value added services (e.g. to key generation/management ).

– Services of strategic/organisational impact (e.g. TTP

interoperation services).

6/5/1998 K E Y S T O N E 10

D1.3Architecture Specification Guidelines

Issues Studied Review of the architecture techniques in the projects

– ABS

– GAIA

– MULTIMEDIATOR

– OSM Architecture specification guidelines for Keystone

6/5/1998 K E Y S T O N E 11

D1.3 Results:Architecture Guidelines

Maximal compatibility & extensibility Maximal re-use of existing solutions Orientation towards parallel processing RM-ODP elements in the ETS Reference Model GAIA approach as the basis for the TTP Functional

Architecture Attention to TINA and OMA as service frameworks

6/5/1998 K E Y S T O N E 12

Current work

The focus is on the services of the TTPs and the

PKI:

– Services link user requirements and PKI functions.

– Example scenarios in which services are used.

– Services examples: registration, certificate

management, key management, etc.

6/5/1998 K E Y S T O N E 13

Next steps...

Coming deliverables focus on:

– Functional specification.

– Reference model.

– Functional architecture.

– Environmental aspects.

– Technology evaluation.

– Integration.