Agile Credentialing with MyProxy
Distributed authentication is a compelling strength of public key infrastructures. Participants that share trust in one or more certification authorities can perform strong identity verification in a decentralized fashion, without requiring the active participation of a third party in their transaction. A PKI can operate effectively in environments where connectivity to a central authentication service cannot be provided reliably, due to network unavailability or limits on service scalability. Examples include: verifying the identity and attributes of emergency response personnel at the scene, maintenance personnel at a remote power station, and participants in a massively parallel, collaborative, wide-area distributed computation.

An effective PKI deployment must address the challenges of credential issuance, mobility, and revocation. Credential issuance requires an identity vetting process, which typically leverages multiple sources of identity (such as government identity documents, enterprise identity management systems, reputation and recommendations, and criminal background and credit checks). Credential mobility ensures that participants can use their credentials when needed, by storing the credentials (securely) on a portable device or network server. Revocation ensures that credential information is up-to-date; often by requiring that participants fetch certificate revocation lists or contact online certificate status services, which introduce reliability and scalability issues.

We have experienced the challenges of PKI deployment in two very different environments. NCSA supports a production PKI for distributed, high performance computing in its role as an NSF supercomputing center, serving over 7,500 registered users from 460 U.S. research organizations. We are also participating in an Illinois Terrorism Task Force project for smartcard credentialing of incident responders for authentication at the incident scene. These experiences motivate and inform our ongoing work developing agile PKI solutions.
 
Project Leads
Jim Basney, NCSA

Return to Projects list


The National Center for Advanced Secure Systems Research NCASSR) at the University of Illinois at Urbana-Champaign (UIUC) is a multi-institutional cybersecurity research team. NCASSR focuses basic and applied research necessary to develop next generation information security technologies that address national cybersecurity needs. NCASSR is led by the National Center for Supercomputing Applications (NCSA) and supported by funding from the Office of Naval Research (ONR).


SELS 0.7 released
Secure Email List Services (SELS) is an open source software for creating and developing secure email list services among user communities.
 
Strong community engagement strengthens cybersecurity research and development
NCASSR-supported exploratory research at NCSA and elsewhere has sparked additional external funding and development opportunities as well as successful deployment and adoption by users ranging from the defense sector to state law enforcement to the utilities industry.
 
NCASSR Collaborator Goes To Washington
Carl Gunter, a professor in the University of Illinois Department of Computer Science and a project lead on NCASSR-supported work involving adaptive, secure messaging, recently spoke to an audience of congressional staffers and lobbyists on Capitol Hill regarding ways to address a variety of critical cybersecurity issues in areas such as healthcare and energy distribution.