4683
Comment:
|
4689
|
Deletions are marked like this. | Additions are marked like this. |
Line 26: | Line 26: |
- Discuss the project details with mentor(s).\ | i.- Discuss the project details with mentor(s).\ |
Line 28: | Line 28: |
- Read documentation and prepare the developpement | i.- Read documentation and prepare the developpement |
Line 32: | Line 32: |
- Read some existing code relative to the debian PKI, Openssl | i.- Read some existing code relative to the debian PKI, Openssl |
Name: Sami Tabibel
Contact/Email: sami.tabibel@gmail.com, sambee on IRC,
Background: I have Master degree in the science and technology of information and communication, and actually I am 4th year student in Master of cryptology and IT security at Limoges University in France. I have several professional experiences during different internships and jobs I have done, The last one was 5 months software development job at EGSA-C in Algeria, I have good skills in C and python languages, some experience in programming, scripting, networking, certificates, openssl, one time passwords and authentication protocols,
I have recently wrote a small client-server python code for illustration of the one time password creation and verification, creation of certificate authority, using digital certificates for authentication, signing and timestamp, and SSL proxy for communication security, my work is under evaluation by the university but I can communicate a private copy.
Project title: Improving PKI on Debian
Synopsis: Increase the trust in secure network connections, by enhancement of PKI and reviewing how the trust is established in several scenarios.
Project details: Debian has a good foundation of security, because many packages offer SSL/TLS secure connectivity, these protocols use digital certificates for authentication and encrypt communications. Certificates are a secure mean of authentication but it is based on trust, if that element will break this will be the end of certificates; Some recent events such as the compromise of some Certificate authorities and success that some malicious user had to obtain fake certificates lead us to reconsider the policy of establishing trust and search for balance between ease of installation and configuration of cryptographic protocols such as SSL/TLS and safeguarding the integrity of the system.
Such work can be started by the establishment of a system of logging decisions concerning the placing of trust in a particular certificate and certificate chain verification, refine the control of the trust and seek alternative solutions to build the trust as the use of PGP instead of x.509.
Benefits to Debian: strengthen the security of system and users that use network secure connections based on the use of Public Key Infrastructure and Digital Certificates
Deliverables:
- Implementation of logging system
- Developing of an Auditor of the validity of digital certificates.
- write a script or software that consult certificates revocation lists
Project schedule:
- ==== May 28 - June 16 ====;
- i.- Discuss the project details with mentor(s).\ i.- Read documentation and prepare the developpement
- environnement by installing latest debian version and all dependencies for developping a debian package.
- commands like ca, sign, verify ...etc.
- i.- Discuss the project details with mentor(s).\ i.- Read documentation and prepare the developpement
- - 'June 17 - July 29':
- - Develop a logging system reporting on decisions made when
- verifying certificate chains.
- - Develop an Auditor of the validity of digital certificates. - Write a script or software for consulting of certificates
- revocation lists.
- - Write tests. - Create debian packages. - Impove docummentation. - Submitting final code.
- - Develop a logging system reporting on decisions made when
- ==== May 28 - June 16 ====;
Exams and other commitments: I will finish exams May 22, I have no vacation plans, so I will be free full-time to work on this project for all the summer of code periode.
Other summer plans: None.
Why Debian? The first time I used Debian it was in ?NetKit virtualization experience, as you know ?NetKit virtual machines use Debian distribution of the GNU/Linux OS, I had to make configurations (dhcp, samba, nis, nfs, netfilter ...), compilations and installations of some software and writing bash scripts on these machines. I liked the ease and flexibility of this distribution and the effectiveness of its package system.