Differences between revisions 35 and 36
Revision 35 as of 2013-04-29 02:58:03
Size: 4911
Editor: ?SamiTabibel
Comment:
Revision 36 as of 2013-04-29 03:04:17
Size: 4985
Editor: ?SamiTabibel
Comment:
Deletions are marked like this. Additions are marked like this.
Line 8: Line 8:
I have recently wrote a small client-server python code for illustration of the one time password creation and verification, creation of certificate authority, using digital certificates for authentication, signing and timestamp, and SSL proxy for communication security, my work is still under evaluation by the university so I can not publicate the source code for public now but you can find private link under the '''Source code''' section of the proposal [[http://www.google-melange.com/gsoc/proposal/review/google/gsoc2013/sambee/1|page]] on melange site. I have recently wrote a small client-server python code for illustration of the one time password creation and verification, creation of certificate authority, using digital certificates for authentication, signing and timestamp, and SSL proxy for communication security, my work is still under evaluation by the university so I can not publicate the source code for public now but you can find private link under the '''Source code''' section of my proposal [[http://www.google-melange.com/gsoc/proposal/review/google/gsoc2013/sambee/1|page]] on [[http://www.google-melange.com/gsoc/proposal/review/google/gsoc2013/sambee/1|Melange]].
  • Name: Sami Tabibel

  • Contact/Email: sami.tabibel@gmail.com, sambee on IRC.

  • Background: I have Master degree in the science and technology of information and communication, and actually I am 4th year student in Master of cryptology and IT security at Limoges University in France. I have several professional experiences during different internships and jobs I have done, The last one was 5 months software development job at EGSA-C in Algeria, I have good skills in C and python languages, some experience in programming, scripting, networking, certificates, Openssl, one time passwords and authentication protocols.

I have recently wrote a small client-server python code for illustration of the one time password creation and verification, creation of certificate authority, using digital certificates for authentication, signing and timestamp, and SSL proxy for communication security, my work is still under evaluation by the university so I can not publicate the source code for public now but you can find private link under the Source code section of my proposal page on Melange.

  • Project title: Improving PKI on Debian

  • Synopsis: Increase the trust in secure network connections, by enhancement of PKI and reviewing how the trust is established in several scenarios.

  • Project details: Debian has a good foundation of security, because many packages offer SSL/TLS secure connectivity, these protocols use digital certificates for authentication and encrypt communications. Certificates are a secure mean of authentication but it is based on trust, if that element will break this will be the end of certificates; Some recent events such as the compromise of some Certificate authorities and success that some malicious users had to obtain fake certificates lead us to reconsider the policy of establishing trust and search for balance between ease of installation and configuration of cryptographic protocols such as SSL/TLS and safeguarding the integrity of the system.

Such work can be started by the establishment of a system of logging decisions concerning the placing of trust in a particular certificate and certificate chain verification, refine the control of the trust and seek alternative solutions to build the trust as the use of PGP instead of x.509.

  • Benefits to Debian: strengthen the security of system and users that use network secure connections based on the use of Public Key Infrastructure and Digital Certificates

  • Deliverable:

    • Implementation of logging system.
    • Developing of an Auditor of the validity of digital certificates.
    • write a script or software that consult certificates revocation lists.
  • Project schedule:

    • May 28 - June 16

      • - Discuss the project details with mentor(s).
      • - Read documentation and prepare the development environment by installing latest Debian version,
        • and all dependencies for developing a Debian package.
      • - Read some existing code relative to the Debian PKI, Openssl
        • commands like ca, sign, verify ...etc.
    • June 17 - July 29

      • - Develop a logging system reporting on decisions made when
        • verifying certificate chains.
      • - Write documentation for the logging system.
      • - Submit the completed work for the mid-term evaluation.

      July 30 - September 10

      • - Develop an Auditor of the validity of digital certificates.
      • - Write a script or software for consulting of certificates
        • revocation lists.
      • - Write final documentation.

      September 11 - September 27

      • - Write tests.
      • - Create Debian packages.
      • - Improve documentation.
      • - Submitting final code.
  • Exams and other commitments: I will finish exams May 22, I have no vacation plans, so I will be free full-time to work on this project for all the summer of code period.

  • Other summer plans: None.

  • Why Debian? The first time I used Debian it was in ?NetKit virtualization experience, as you know ?NetKit virtual machines use Debian distribution of the GNU/Linux OS, I had to make configurations (dhcp, samba, nis, nfs, netfilter ...), compilations and installations of some software and writing bash scripts on these machines. I liked the ease and flexibility of this distribution and the effectiveness of its package system.