osg pki contingency and recovery plans mine altunay, von welch [email protected]@fnal.gov,...
TRANSCRIPT
![Page 1: OSG PKI Contingency and Recovery Plans Mine Altunay, Von Welch maltunay@fnal.govmaltunay@fnal.gov, vwelch@indiana.eduvwelch@indiana.edu October 16, 2012](https://reader036.vdocuments.us/reader036/viewer/2022083005/56649f1b5503460f94c30543/html5/thumbnails/1.jpg)
OSG PKI Contingency and Recovery Plans
Mine Altunay, Von Welch
[email protected], [email protected]
October 16, 2012
![Page 2: OSG PKI Contingency and Recovery Plans Mine Altunay, Von Welch maltunay@fnal.govmaltunay@fnal.gov, vwelch@indiana.eduvwelch@indiana.edu October 16, 2012](https://reader036.vdocuments.us/reader036/viewer/2022083005/56649f1b5503460f94c30543/html5/thumbnails/2.jpg)
October 16, 2012 WLCG Management Board
Background
• The Open Science Grid (OSG) relies on a public key infrastructure (PKI) built around an OSG Certificate Authority (CA) to support its operations.
• The OSG PKI is operated by two parties: The OSG itself operates a network of trusted agents
(registration authorities and grid admins) who vet certificate requests and a web front-end OSG Information Management (OIM) System that provides interfaces for users for PKI functions
The DigiCert, a private company, operates the CA that, at direction of OSG and within the bounds of policy, performs the issuance of certificates.
2
![Page 3: OSG PKI Contingency and Recovery Plans Mine Altunay, Von Welch maltunay@fnal.govmaltunay@fnal.gov, vwelch@indiana.eduvwelch@indiana.edu October 16, 2012](https://reader036.vdocuments.us/reader036/viewer/2022083005/56649f1b5503460f94c30543/html5/thumbnails/3.jpg)
October 16, 2012 WLCG Management Board
Goals and Scope
• Create a Recovery Plans document that present a recovery plan for PKI failure scenarios.
• Not a risk analysis, does not attempt to analyze whether or not a PKI failure is something that the OSG should prepare for.
• Analyzes the options for a recovery plan and recommends a broad course of action.
• Describes all the steps necessary to bring the OSG PKI back to its normal functional state.
• Focuses on the new OSG PKI, not the DOEGrids CA although most of the discussion is valid for DOEGrids CA as well.
3
![Page 4: OSG PKI Contingency and Recovery Plans Mine Altunay, Von Welch maltunay@fnal.govmaltunay@fnal.gov, vwelch@indiana.eduvwelch@indiana.edu October 16, 2012](https://reader036.vdocuments.us/reader036/viewer/2022083005/56649f1b5503460f94c30543/html5/thumbnails/4.jpg)
October 16, 2012 WLCG Management Board
OSG PKI Failure Cases
• 2 Failure Types: compromise and loss of service Back-End CA Compromise OSG Information Management (OIM) Front-End
Compromise Back-End CA Loss of Availability OSG OIM Front-End Loss of Availability
4
![Page 5: OSG PKI Contingency and Recovery Plans Mine Altunay, Von Welch maltunay@fnal.govmaltunay@fnal.gov, vwelch@indiana.eduvwelch@indiana.edu October 16, 2012](https://reader036.vdocuments.us/reader036/viewer/2022083005/56649f1b5503460f94c30543/html5/thumbnails/5.jpg)
October 16, 2012 WLCG Management Board
Recovery Plans
• A recovery plan for each failure type is presented in the document available at http://osg-docdb.opensciencegrid.org/cgi-bin/ShowDocument?docid=1121.
The plan: Is a workflow of specific steps that should be taken in
the aftermath of a failure to restore PKI back to normal. E.g., forming the incident response team, revoking compromised certs, issuing replacement certs, community communications, and so on.
Considers slight variations in a failure type depending on the different levels of severity (e.g. all RA Agents compromised vs. only some are compromised), incorporates conditional branches into the workflow.
5
![Page 6: OSG PKI Contingency and Recovery Plans Mine Altunay, Von Welch maltunay@fnal.govmaltunay@fnal.gov, vwelch@indiana.eduvwelch@indiana.edu October 16, 2012](https://reader036.vdocuments.us/reader036/viewer/2022083005/56649f1b5503460f94c30543/html5/thumbnails/6.jpg)
October 16, 2012 WLCG Management Board
Recovery Plans
Each step is accompanied with specific timelines, estimating how long the plan execution would take.
Each step has a clear owner responsible for performing the activities in the event of a failure.
• Due to time limitation and the complexity of each plan, I will not present them here.
• Please contact me and Von Welch should you have any questions or feedback.
6