gzim ocakoglu european commission - dg enterprise ankara, 25 september 2003 ida secure...

36
Gzim Ocakoglu Gzim Ocakoglu European Commission - DG European Commission - DG Enterprise Enterprise Ankara, 25 September 2003 Ankara, 25 September 2003 IDA Secure IDA Secure Communications Communications Platforms : Platforms : TESTA and PKI TESTA and PKI Turkey IDA Info-Day PM Session, September 25, 2003

Upload: kerrie-king

Post on 24-Dec-2015

216 views

Category:

Documents


1 download

TRANSCRIPT

Page 1: Gzim Ocakoglu European Commission - DG Enterprise Ankara, 25 September 2003 IDA Secure Communications Platforms : TESTA and PKI Turkey IDA Info-Day PM

Gzim OcakogluGzim OcakogluEuropean Commission - DG European Commission - DG

EnterpriseEnterprise

Ankara, 25 September 2003Ankara, 25 September 2003

IDA Secure IDA Secure Communications Communications

Platforms :Platforms :TESTA and PKITESTA and PKI

Turkey IDA Info-DayPM Session, September 25, 2003

Page 2: Gzim Ocakoglu European Commission - DG Enterprise Ankara, 25 September 2003 IDA Secure Communications Platforms : TESTA and PKI Turkey IDA Info-Day PM

Turkey IDA Info-DayPM Session, September 25, 2003

2

Outline

• TESTA at a glanceTESTA at a glance

• Sectoral projects using TESTASectoral projects using TESTA

• What is TESTA? … How to connect ?What is TESTA? … How to connect ?

• TESTA todayTESTA today

• The PKI serviceThe PKI service

• The future of TESTAThe future of TESTA

Page 3: Gzim Ocakoglu European Commission - DG Enterprise Ankara, 25 September 2003 IDA Secure Communications Platforms : TESTA and PKI Turkey IDA Info-Day PM

Turkey IDA Info-DayPM Session, September 25, 2003

3

TESTA at a glanceVocabulary...

Sectoral applications

Page 4: Gzim Ocakoglu European Commission - DG Enterprise Ankara, 25 September 2003 IDA Secure Communications Platforms : TESTA and PKI Turkey IDA Info-Day PM

Turkey IDA Info-DayPM Session, September 25, 2003

4

TESTA at a glanceTESTA at a glanceBenefits, Contractors, Benefits, Contractors, budgetbudget

• Secured telecommunications services with Secured telecommunications services with warranted Service Level Agreements (SLA)warranted Service Level Agreements (SLA)

• Network service and generic services Network service and generic services delivered by Equant delivered by Equant

• Support services (advice, help desk) Support services (advice, help desk) provided by Unisysprovided by Unisys

• Duration of the contract until 2004Duration of the contract until 2004

• Global potential value: € 28,5 million EuroGlobal potential value: € 28,5 million Euro

Page 5: Gzim Ocakoglu European Commission - DG Enterprise Ankara, 25 September 2003 IDA Secure Communications Platforms : TESTA and PKI Turkey IDA Info-Day PM

Turkey IDA Info-DayPM Session, September 25, 2003

5

• New users coming soon ….. - Justice and Home Affairs (VISA,SIS II)

- Environmental protection (PROCIV NET) - Energy and Transport (SafeseaNet, TachoNet) - ...

• Employment and Social Employment and Social AffairsAffairs– EURESEURES– TESSTESS

• AgricultureAgriculture– CATS/STATELCATS/STATEL

• TransportTransport– Care IICare II

• FisheriesFisheries– FidesFides

• Regional PolicyRegional Policy– Structural funds (SFC)Structural funds (SFC)

• Health and consumer Health and consumer protectionprotection– Eudra projectsEudra projects– EuphinEuphin

• Justice and Home AffairsJustice and Home Affairs– EURODACEURODAC

• TradeTrade– SIGLSIGL

• StatisticsStatistics– DatashopDatashop– StatelStatel

• Financial IntelligenceFinancial Intelligence– FIUNETFIUNET

• Humanitarian aidHumanitarian aid– HOLIS (14 points)HOLIS (14 points)

• General applicationsGeneral applications– IntraCommIntraComm– CircaCirca

Sectoral Projects using TESTA

Page 6: Gzim Ocakoglu European Commission - DG Enterprise Ankara, 25 September 2003 IDA Secure Communications Platforms : TESTA and PKI Turkey IDA Info-Day PM

Turkey IDA Info-DayPM Session, September 25, 2003

6

What is TESTA ?What is TESTA ?

. . . How to . . . How to connect ?connect ?

Page 7: Gzim Ocakoglu European Commission - DG Enterprise Ankara, 25 September 2003 IDA Secure Communications Platforms : TESTA and PKI Turkey IDA Info-Day PM

Turkey IDA Info-DayPM Session, September 25, 2003

7

TESTA principlesTESTA principles

TTrans rans EEuropean uropean SServices for ervices for TTelematics elematics between between AAdministrationsdministrations

• IP protocol on MPLSIP protocol on MPLS

• Separation from the InternetSeparation from the Internet

• Registered but non-Internet routable Registered but non-Internet routable address rangeaddress range

• Private domain-names (eu-admin.net)Private domain-names (eu-admin.net)

Page 8: Gzim Ocakoglu European Commission - DG Enterprise Ankara, 25 September 2003 IDA Secure Communications Platforms : TESTA and PKI Turkey IDA Info-Day PM

Turkey IDA Info-DayPM Session, September 25, 2003

8

EuroDomain

EuroGate

EuroGate

EuroGate

EuroGate

EuroGate

EU Agencies

National Network

EU Institutions

Direct connectedsectors

ExternalDial-up services

TESTA: a domain-based approach

Page 9: Gzim Ocakoglu European Commission - DG Enterprise Ankara, 25 September 2003 IDA Secure Communications Platforms : TESTA and PKI Turkey IDA Info-Day PM

Turkey IDA Info-DayPM Session, September 25, 2003

9

EuroDomain

EuroGate

EuroGate

EuroGate

EuroGate

EuroGate

National Network

National agency

National agency

National agency

Direct connectedsectors

TESTA : a domain-based approach

Page 10: Gzim Ocakoglu European Commission - DG Enterprise Ankara, 25 September 2003 IDA Secure Communications Platforms : TESTA and PKI Turkey IDA Info-Day PM

Turkey IDA Info-DayPM Session, September 25, 2003

10

EuroDomain

EuroGate

EuroGate

EuroGate

EuroGate

EuroGate

EU Agencies

National Network

EU Institutions

PKI

NTP

DNSMailrelay

Portal Circa

ExternalDial-up services Direct connected

sectors

Generic services

Page 11: Gzim Ocakoglu European Commission - DG Enterprise Ankara, 25 September 2003 IDA Secure Communications Platforms : TESTA and PKI Turkey IDA Info-Day PM

Turkey IDA Info-DayPM Session, September 25, 2003

11

Architecture : 62.62 Architecture : 62.62 addressing & NATaddressing & NAT

EuroDomain

EuroGate

EuroGate

EuroGate

EuroGate

EuroGate

EU Agencies

Finland

Commission

62.62.x.x62.62.2.0/24 - 62.62.5.0/24

Spain

62.62.6.0/24 - 62.62.9.0/24

62.62.69.0/24 - 62.62.70.0/24

62.62.80.0/24 - 62.62.83.0/24

Page 12: Gzim Ocakoglu European Commission - DG Enterprise Ankara, 25 September 2003 IDA Secure Communications Platforms : TESTA and PKI Turkey IDA Info-Day PM

Turkey IDA Info-DayPM Session, September 25, 2003

12

Spain

bxl-vpn.cec.eu-admin.net A 62.62.69.14

care.eu-admin.net A 62.62.70.22

curia.webmail.eu-admin.net A 62.62.71.250

emcdda.eu-admin.net A 62.62.81.166

emea.eu-admin.net A 62.62.13.83

europaplus.eu-admin.net A 62.62.70.12

europarl-ns.eu-admin.net A 62.62.72.96

nap01.dac.lu.eu-admin.net MX 62.62.0.17

TESTA TESTA architecture :DNSarchitecture :DNS

Page 13: Gzim Ocakoglu European Commission - DG Enterprise Ankara, 25 September 2003 IDA Secure Communications Platforms : TESTA and PKI Turkey IDA Info-Day PM

Turkey IDA Info-DayPM Session, September 25, 2003

13

Architecture : Architecture : DNS how it DNS how it worksworks

Local domain A

Client

LDA

Server

DNS

Internet

Server

Server

Server

DNS

EuroDomain

EuroGate

EuroGate

EuroGate

EuroGate

EuroGate

DNSServer

EU

www.ai.mit.edu

Page 14: Gzim Ocakoglu European Commission - DG Enterprise Ankara, 25 September 2003 IDA Secure Communications Platforms : TESTA and PKI Turkey IDA Info-Day PM

Turkey IDA Info-DayPM Session, September 25, 2003

14

Architecture : DNS Architecture : DNS how it workshow it works

Local domain A

Client

LDA

Server

Local DNSSlave of eu-admin.net DNS

Internet

Server

Server

Server

DNS

EuroDomain

EuroGate

EuroGate

EuroGate

EuroGate

EuroGate

DNSServer

EU

testa.eu-admin.net

Page 15: Gzim Ocakoglu European Commission - DG Enterprise Ankara, 25 September 2003 IDA Secure Communications Platforms : TESTA and PKI Turkey IDA Info-Day PM

Turkey IDA Info-DayPM Session, September 25, 2003

15

BelgiumBelgium

DenmarkDenmark

GermanyGermany

GreeceGreece

SpainSpain

IrelandIreland

United KingdomUnited Kingdom

ItalyItaly

LuxembourgLuxembourg

NetherlandsNetherlands

AustriaAustria

PortugalPortugal

FinlandFinland

France : in the processFrance : in the process

Sweden : in the Sweden : in the processprocess

IcelandIceland

NorwayNorway

Connected Countries

+

Page 16: Gzim Ocakoglu European Commission - DG Enterprise Ankara, 25 September 2003 IDA Secure Communications Platforms : TESTA and PKI Turkey IDA Info-Day PM

Turkey IDA Info-DayPM Session, September 25, 2003

16

Connected Acceding Countries

Czech Republic - 05 06 2003

Estonia - 30 06 2003

Malta 25 08 2003

Poland 27 06 2003

Slovenia 24 04 2003

Cyprus to be connected end of Sept 2003

Slovakia : in the process

Hungary : in the process

Page 17: Gzim Ocakoglu European Commission - DG Enterprise Ankara, 25 September 2003 IDA Secure Communications Platforms : TESTA and PKI Turkey IDA Info-Day PM

Turkey IDA Info-DayPM Session, September 25, 2003

17

Council of the Council of the European UnionEuropean Union

European ParliamentEuropean Parliament

European European CommissionCommission

Court of auditorsCourt of auditors

Court of JusticeCourt of Justice

European Economic European Economic and Social Committeeand Social Committee

Committee of the Committee of the regionsregions

Expected :Expected :

European European Investment BankInvestment Bank

Connected EU institutions

Page 18: Gzim Ocakoglu European Commission - DG Enterprise Ankara, 25 September 2003 IDA Secure Communications Platforms : TESTA and PKI Turkey IDA Info-Day PM

Turkey IDA Info-DayPM Session, September 25, 2003

18

Connected EU agencies

CEDEFOPCEDEFOP European Centre for the Development of Vocational TrainingEuropean Centre for the Development of Vocational Training

EUROFOUNDEUROFOUND European Foundation for the Improvement of Living and European Foundation for the Improvement of Living and Working ConditionsWorking Conditions

EEAEEA European Environment AgencyEuropean Environment Agency

ETFETF European Training FoundationEuropean Training Foundation

EMCDDAEMCDDA European Monitoring Centre for Drugs and Drug AddictionEuropean Monitoring Centre for Drugs and Drug Addiction

EMEAEMEA European Agency for the Evaluation of Medicinal ProductsEuropean Agency for the Evaluation of Medicinal Products

OHIMOHIM Office for Harmonisation in the Internal Market (Trade Marks and Office for Harmonisation in the Internal Market (Trade Marks and Designs)Designs)

EU-OSHAEU-OSHA European Agency for Safety and Health at WorkEuropean Agency for Safety and Health at Work

CPVOCPVO Community Plant Variety OfficeCommunity Plant Variety Office

CdTCdT Translation Centre for the Bodies of the European UnionTranslation Centre for the Bodies of the European Union

EUMCEUMC European Monitoring Centre on Racism and XenophobiaEuropean Monitoring Centre on Racism and Xenophobia

EAREAR European Agency for ReconstructionEuropean Agency for Reconstruction

EUROJUSTEUROJUST

Page 19: Gzim Ocakoglu European Commission - DG Enterprise Ankara, 25 September 2003 IDA Secure Communications Platforms : TESTA and PKI Turkey IDA Info-Day PM

Turkey IDA Info-DayPM Session, September 25, 2003

19

Local domain A

Euro-Domain

PE

Initial Initial ArchitectuArchitectu

rereSite Site

installinstall

CE

Page 20: Gzim Ocakoglu European Commission - DG Enterprise Ankara, 25 September 2003 IDA Secure Communications Platforms : TESTA and PKI Turkey IDA Info-Day PM

Turkey IDA Info-DayPM Session, September 25, 2003

21

Local domain A

Euro-Domain

PE

ArchitectureArchitectureSite installSite installPhase 2Phase 2

CE

IPSEC TUNNEL

NAT

EC20M CE EC20M

Page 21: Gzim Ocakoglu European Commission - DG Enterprise Ankara, 25 September 2003 IDA Secure Communications Platforms : TESTA and PKI Turkey IDA Info-Day PM

Turkey IDA Info-DayPM Session, September 25, 2003

23

Site location

• Concentration point for national agenciesConcentration point for national agencies

• Security (physical protection, site security Security (physical protection, site security officer)officer)

• SLA (availability, helpdesk) SLA (availability, helpdesk)

• In function of projects of immediate In function of projects of immediate interestinterest– Sectoral projectsSectoral projects

– ......

Page 22: Gzim Ocakoglu European Commission - DG Enterprise Ankara, 25 September 2003 IDA Secure Communications Platforms : TESTA and PKI Turkey IDA Info-Day PM

Turkey IDA Info-DayPM Session, September 25, 2003

24

Cost sharing

• All costs covered by IDA forAll costs covered by IDA for– National administrative networksNational administrative networks

– EU institutions and EU agenciesEU institutions and EU agencies

• Cost sharing forCost sharing for– Direct to TESTA connected local administrationsDirect to TESTA connected local administrations

• Back-bone costs are covered by IDABack-bone costs are covered by IDA

• Local loop costs not covered by IDA (Leased line, router, Local loop costs not covered by IDA (Leased line, router, monitoring, installation)monitoring, installation)

Page 23: Gzim Ocakoglu European Commission - DG Enterprise Ankara, 25 September 2003 IDA Secure Communications Platforms : TESTA and PKI Turkey IDA Info-Day PM

Turkey IDA Info-DayPM Session, September 25, 2003

25

Request connectionRequest contacts

Request installation Send technical questionnaire+ start installation

Send contact infoSite info

Send technical data( Unisys assist) Site configuration

+ test Request acceptanceInvoice

Acceptance

Payment

TESTA how to TESTA how to connectconnect

Page 24: Gzim Ocakoglu European Commission - DG Enterprise Ankara, 25 September 2003 IDA Secure Communications Platforms : TESTA and PKI Turkey IDA Info-Day PM

Turkey IDA Info-DayPM Session, September 25, 2003

26

Request connection

Request for possible integrationnational network+ request price connection

YESInform sector+ assistance

NO

Order direct link

Price Offer

Inform sector

Sectoral request for Sectoral request for direct TESTA linkdirect TESTA link

Page 25: Gzim Ocakoglu European Commission - DG Enterprise Ankara, 25 September 2003 IDA Secure Communications Platforms : TESTA and PKI Turkey IDA Info-Day PM

Turkey IDA Info-DayPM Session, September 25, 2003

27

TESTA todayTESTA today

Page 26: Gzim Ocakoglu European Commission - DG Enterprise Ankara, 25 September 2003 IDA Secure Communications Platforms : TESTA and PKI Turkey IDA Info-Day PM

Turkey IDA Info-DayPM Session, September 25, 2003

28

Activities on Network :Extension

• Connect national networks in all Connect national networks in all Member StatesMember States– FranceFrance

– SwedenSweden

• Connect Acceding and Candidate Connect Acceding and Candidate Countries Countries

• Integrate new usersIntegrate new users Environmental protection (PROCIV NET)Environmental protection (PROCIV NET)

Energy and Transport (SafeseaNet, TachoNet)Energy and Transport (SafeseaNet, TachoNet)

Page 27: Gzim Ocakoglu European Commission - DG Enterprise Ankara, 25 September 2003 IDA Secure Communications Platforms : TESTA and PKI Turkey IDA Info-Day PM

Activities on Security: Enhancements

• On the EurodomainOn the Eurodomain– Add line-encryptionAdd line-encryption

– Prepare for TESTA security accreditationPrepare for TESTA security accreditation

• For the border to local domainsFor the border to local domains– Formulation of general security frameworkFormulation of general security framework

– Prepare for accreditation of the TESTA LDCPs (Local Prepare for accreditation of the TESTA LDCPs (Local Domain Connection Points)Domain Connection Points)

Bulgaria Info-DayPM Session, April 15, 2003

Page 28: Gzim Ocakoglu European Commission - DG Enterprise Ankara, 25 September 2003 IDA Secure Communications Platforms : TESTA and PKI Turkey IDA Info-Day PM

Turkey IDA Info-DayPM Session, September 25, 2003

30

Activities on Quality: Enhancements

• On TESTA services and TESTA On TESTA services and TESTA environmentenvironment– Enhance resiliency of generic servicesEnhance resiliency of generic services

– Portal and newsletterPortal and newsletter

– Workbook and applications guidelinesWorkbook and applications guidelines

• With end to end approachWith end to end approach– Promote SLAs in local domains through Promote SLAs in local domains through

TESTA MoUTESTA MoU

Page 29: Gzim Ocakoglu European Commission - DG Enterprise Ankara, 25 September 2003 IDA Secure Communications Platforms : TESTA and PKI Turkey IDA Info-Day PM

Turkey IDA Info-DayPM Session, September 25, 2003

33

Page 30: Gzim Ocakoglu European Commission - DG Enterprise Ankara, 25 September 2003 IDA Secure Communications Platforms : TESTA and PKI Turkey IDA Info-Day PM

Turkey IDA Info-DayPM Session, September 25, 2003

34

The PKI Service

Page 31: Gzim Ocakoglu European Commission - DG Enterprise Ankara, 25 September 2003 IDA Secure Communications Platforms : TESTA and PKI Turkey IDA Info-Day PM

Turkey IDA Info-DayPM Session, September 25, 2003

35

The IDA PKI projectThe IDA PKI project• Objectives of the Public Key Infrastructure (PKI)Objectives of the Public Key Infrastructure (PKI)

– ready to use by all networks of the IDA programmeready to use by all networks of the IDA programme

– adaptable or extensible to the specific requirements of some adaptable or extensible to the specific requirements of some networksnetworks

– enable the members of a user community to access other IDA enable the members of a user community to access other IDA networks with the same certificate (subject to access rights networks with the same certificate (subject to access rights control)control)

• Set-up steps for each user communitySet-up steps for each user community– requirements analysisrequirements analysis

– definition of organisation and servicesdefinition of organisation and services

– service set-upservice set-up

– routine management of the infrastructureroutine management of the infrastructure

Page 32: Gzim Ocakoglu European Commission - DG Enterprise Ankara, 25 September 2003 IDA Secure Communications Platforms : TESTA and PKI Turkey IDA Info-Day PM

Turkey IDA Info-DayPM Session, September 25, 2003

36

Where can Where can networks use the networks use the IDA PKI ?IDA PKI ?

• Web-based applications:Web-based applications:– protection of web-based information repositories and protection of web-based information repositories and

client/server communicationsclient/server communications

• Secure messaging:Secure messaging:– secure e-mailsecure e-mail

– electronic signatureselectronic signatures

– authenticationauthentication

– integrityintegrity

– confidentialityconfidentiality

Message

Encryption

Secret (session)

key

Encrypted

message

Page 33: Gzim Ocakoglu European Commission - DG Enterprise Ankara, 25 September 2003 IDA Secure Communications Platforms : TESTA and PKI Turkey IDA Info-Day PM

Turkey IDA Info-DayPM Session, September 25, 2003

37

TESTA the futureTESTA the future

Page 34: Gzim Ocakoglu European Commission - DG Enterprise Ankara, 25 September 2003 IDA Secure Communications Platforms : TESTA and PKI Turkey IDA Info-Day PM

Turkey IDA Info-DayPM Session, September 25, 2003

38

TESTA post 2004 - TESTA post 2004 - ObjectiveObjective

• To define what TESTA will become after To define what TESTA will become after 2004 as an “IDA communication platform”2004 as an “IDA communication platform”

• To define the needs of communication at To define the needs of communication at the European levelthe European level– the growing need for the exchange of information the growing need for the exchange of information

between European administrationsbetween European administrations

– the growing need of a secure and resilient platform the growing need of a secure and resilient platform

Page 35: Gzim Ocakoglu European Commission - DG Enterprise Ankara, 25 September 2003 IDA Secure Communications Platforms : TESTA and PKI Turkey IDA Info-Day PM

Turkey IDA Info-DayPM Session, September 25, 2003

39

TESTA post 2004 TESTA post 2004 Working methodWorking method

• TESTA Steering CommitteeTESTA Steering Committee

– Participants : IDA, EC DI, Major Sectors (DG JAI, Participants : IDA, EC DI, Major Sectors (DG JAI, DG TAXUD), the Council, …DG TAXUD), the Council, …

• TESTA Expert Group MeetingsTESTA Expert Group Meetings

– The group will meet 2 or 3 times and will give The group will meet 2 or 3 times and will give regular feedback to the TAC WHAM and the TACregular feedback to the TAC WHAM and the TAC

• previous meetings held on 10/12/2002, previous meetings held on 10/12/2002, 09/09/200309/09/2003

• next meeting foreseen on 01/10/2003next meeting foreseen on 01/10/2003

• An Info-Day with private sector in 4Q2003An Info-Day with private sector in 4Q2003

Page 36: Gzim Ocakoglu European Commission - DG Enterprise Ankara, 25 September 2003 IDA Secure Communications Platforms : TESTA and PKI Turkey IDA Info-Day PM

Turkey IDA Info-DayPM Session, September 25, 2003

40

Further informationFurther information

• TESTA web siteTESTA web site– http://testa.eu-admin.net (via TESTA access)http://testa.eu-admin.net (via TESTA access)

• IDA web site IDA web site – http://europa.eu.int/ISPO/ida/http://europa.eu.int/ISPO/ida/

• TESTA CIRCA interest groupTESTA CIRCA interest group– http://forum.europa.eu.int/Members/irc/ida/testa/http://forum.europa.eu.int/Members/irc/ida/testa/

home (restricted access)home (restricted access)• IDA project managementIDA project management

– European Commission, DG Enterprise D.2European Commission, DG Enterprise D.2– [email protected]@cec.eu.int