Differences between revisions 17 and 18
Revision 17 as of 2013-04-28 21:03:10
Size: 4683
Editor: ?SamiTabibel
Comment:
Revision 18 as of 2013-04-28 21:03:52
Size: 4689
Editor: ?SamiTabibel
Comment:
Deletions are marked like this. Additions are marked like this.
Line 26: Line 26:
                 - Discuss the project details with mentor(s).\                  i.- Discuss the project details with mentor(s).\
Line 28: Line 28:
                 - Read documentation and prepare the developpement                  i.- Read documentation and prepare the developpement
Line 32: Line 32:
                 - Read some existing code relative to the debian PKI, Openssl                  i.- Read some existing code relative to the debian PKI, Openssl
  • Name: Sami Tabibel

  • Contact/Email: sami.tabibel@gmail.com, sambee on IRC,

  • Background: I have Master degree in the science and technology of information and communication, and actually I am 4th year student in Master of cryptology and IT security at Limoges University in France. I have several professional experiences during different internships and jobs I have done, The last one was 5 months software development job at EGSA-C in Algeria, I have good skills in C and python languages, some experience in programming, scripting, networking, certificates, openssl, one time passwords and authentication protocols,

I have recently wrote a small client-server python code for illustration of the one time password creation and verification, creation of certificate authority, using digital certificates for authentication, signing and timestamp, and SSL proxy for communication security, my work is under evaluation by the university but I can communicate a private copy.

  • Project title: Improving PKI on Debian

  • Synopsis: Increase the trust in secure network connections, by enhancement of PKI and reviewing how the trust is established in several scenarios.

  • Project details: Debian has a good foundation of security, because many packages offer SSL/TLS secure connectivity, these protocols use digital certificates for authentication and encrypt communications. Certificates are a secure mean of authentication but it is based on trust, if that element will break this will be the end of certificates; Some recent events such as the compromise of some Certificate authorities and success that some malicious user had to obtain fake certificates lead us to reconsider the policy of establishing trust and search for balance between ease of installation and configuration of cryptographic protocols such as SSL/TLS and safeguarding the integrity of the system.

Such work can be started by the establishment of a system of logging decisions concerning the placing of trust in a particular certificate and certificate chain verification, refine the control of the trust and seek alternative solutions to build the trust as the use of PGP instead of x.509.

  • Benefits to Debian: strengthen the security of system and users that use network secure connections based on the use of Public Key Infrastructure and Digital Certificates

  • Deliverables:

    • Implementation of logging system
    • Developing of an Auditor of the validity of digital certificates.
    • write a script or software that consult certificates revocation lists
  • Project schedule:

    • ==== May 28 - June 16 ====;
      • i.- Discuss the project details with mentor(s).\ i.- Read documentation and prepare the developpement
        • environnement by installing latest debian version and all dependencies for developping a debian package.
        i.- Read some existing code relative to the debian PKI, Openssl
        • commands like ca, sign, verify ...etc.
    • - 'June 17 - July 29':
      • - Develop a logging system reporting on decisions made when
        • verifying certificate chains.
        - Write documentation for the logging system. - Submit the completed work for the mid-term evaluation.
      - 'July 30 - Septempber 10':
      • - Develop an Auditor of the validity of digital certificates. - Write a script or software for consulting of certificates
        • revocation lists.
        - Write final documentation.
      - 'September 11 - September 27':
      • - Write tests. - Create debian packages. - Impove docummentation. - Submitting final code.
  • Exams and other commitments: I will finish exams May 22, I have no vacation plans, so I will be free full-time to work on this project for all the summer of code periode.

  • Other summer plans: None.

  • Why Debian? The first time I used Debian it was in ?NetKit virtualization experience, as you know ?NetKit virtual machines use Debian distribution of the GNU/Linux OS, I had to make configurations (dhcp, samba, nis, nfs, netfilter ...), compilations and installations of some software and writing bash scripts on these machines. I liked the ease and flexibility of this distribution and the effectiveness of its package system.