Major Projects Mini Projects Projects Ideas & Abstracts Paper Presentations 5000 Projects # CSE Projects # ECE Projects # EEE Projects
.Net Projects ( major ) Java Projects ( major ) VB Projects ( major ) Php Projects ( major ) Vc++ Projects ( major ) SQL projects ( major ) IEEE ECE Projects
c&ds projects ( major ) c++ projects ( major ) Perl projects ( major ) Cold Fusion Projects ASP projects ( major ) Delphi projects ( major ) IEEE CSE Projects
Custom Search

What is 1000Projects
'1000projects.com' is an educational content website dedicated to finding and realizing Final Year Projects, IEEE Projects, Engineering Projects, Science Fair Projects, Project Topics, Project Ideas, Major Projects, Mini Projects, Paper Presentations, Presentation Topics, IEEE Topics, .Net Projects, Java Projects, PHP Projects, VB Projects, SQL Projects, C & DS Projects, C++ Projects, Perl Projects, ASP Projects, Delphi Projects, HTML Projects, Cold Fusion Projects, Java Script Projects, Btech Projects, BE Projects, MCA Projects, Mtech Projects, MBA Projects, Project on Software, CBSE Projects, Testing Projects, Embedded Projects, Chemistry Projects, Electronics Projects, Electrical Projects, Science Projects, Mechanical Projects, Mba project Reports, Placement papers, Sample Resumes, Entrance Exams, Technical Faq's, Puzzles, etc

how it works?

Everything on this site is submitted by the students in this professional community. You Can submit your Projects, Project Topics & Ideas to info.1000projects{at}gmail.com after you submit your project/project Idea/Abstract/Seminar Topics, These are being verified and approved by our administrator. after approval of this project/project Idea/Abstract/Seminar Topics, It can be shown on 1000projects.com so that other users can read/discuss it.The entire content on this website is Only For Educational Purpose, Non Commercial use!

Please help us/Other Users by sending projects/project Ideas/Abstracts/Seminar Topics. Thanking You!!!!!

Download The IEEE CSE Engineering Projects

Title: SECURE INTERCONNECTION OF LDAP AND DNSSEC PKIs WITHIN INTERNET
Abstract:

After decades of expansion, Internet became an essential tool useful for Professionals and private individuals providing a large range of services like emailing, Management of bank accounts, reservation of hotels, train time schedules, real time traffic information, Internet search…

If not targeted at the beginning, Information system Security became rapidly a key challenge for professionals and strong security solutions emerged on the market mainly for professionals.

Internet security is thus today two speed: pretty strong security for professionals or private individuals who cannot afford security products and do not have sufficient technical expertise to set up cheap solutions by themselves. In this context, this paper targets the provision of a minimum security level within Internet by defining a PKI solution based on LDAP and DNS (extended with DNSSEC).

The originality of the paper is related to the design of the chain of trust that is built over LDAP and DNSSEC PKIs, the certificate verification method, and indications to extend those concepts to the secure emailing application.

After decades of expansion, Internet became an essential tool useful for Professionals and private individuals providing a large range of services like emailing, Management of bank accounts, reservation of hotels, train time schedules, real time traffic information, Internet search…If not targeted at the beginning, Information system Security became rapidly a key challenge for professionals and strong security solutions emerged on the market mainly for professionals. Internet security is thus today two speed: pretty strong security for professionals or private individuals who can not afford security products and do no have sufficient technical expertise to set up cheap solutions by themselves.

In this context, this paper targets the provision of a minimum security level within Internet by defining a PKI solution based on LDAP and DNS (extended with DNSSEC). The originality of the paper is related to the design of the chain of trust that is built over both LDAP and DNSSEC PKIs, the certificate verification method, and indications to extend those concepts to the secure emailing application.

A PKI (Public Key Infrastructure) is responsible of all organizational and technical aspects to support public key management. Its duties cover the public/private Keys generation and delivery to owners, as well as publication, revocation and validation of public keys. All these functions are processed by a Trusted Third Party (TTP) which is usually structured into a hierarchy of Certification Authorities (CA), each CA being legally authorized to manage digital certificates.

Today PKI is widely adopted within Internet and serves as a basis to strong security solutions targeting (https) electronic transactions, (SSH) remote connections, code signature, emailing…

After years of research, development and deployment, PKI is still facing strong technical and organizational challenges, as follows:

1) Trust into CA

Validity of electronic certificates is partly guaranteed by the signature appended by a CA. for a system to approve a certificate as valid, trust into the issuer CA is necessary. Configuring a system with a trust level for each CA is a critical task. The paradox is that today trust level associated to CA is usually fixed by the users themselves (more often with no security knowledge). Moreover, users may freely import new CAs in their systems at their suitability. So the risk is high that users configure fake CAs as trusted CAs, thus accept certificates from a fake CA, and next be abused by fake internet servers. Trust into CA is today a subjective but critical parameter that servers to build secure relationships between Internet entities.

2) Certificate revocation

The challenge in managing revocation is providing internet entities with information as fresh as possible. The objective is to publish the certificate “revoked” status as soon as revocation is done, to avoid entities establishing relationship with fake entities. For instance, in case pf private key being compromised, the risk is high that the private key stealer usurps the identity of the private key owner.

Many revocation mechanisms were defined, but none of them are satisfying today. CRL (for Certificate Revocation List) serves to periodically publish list of revoked certificates (only their serial numbers are published).However, all the certificates being revoked during one interval of time are published at the interval after. So there is at maximum a one interval delay for the revocation information to be published.

Improving freshness leads to the OCSP. OCSP (Online Certificate Status Protocol) and SCVP (Simple Certificate Validation Protocol) servers. The OCSP server is attached to one CA and replies to simple certificate status requests relative to that issuer CA only. The SCVP server operates full verification of certificates on behalf of local clients delegating verification to that server. These remaining key challenges make use of PKI sometimes uncomfortable from an operational point of view.

1.2.2. Provision of a minimum security level within Internet:

This minimum security level is built on the idea of interconnecting two PKI, a DNSSEC PKI and an LDAP PKI. Both DNS and LDAP are today standardized by the IETF and support public key publication. DNSSEC extension defines new registration records-like Delegation Signer (DS RR), DNSKEY record, digital signatures (RRSIG RR), and certificates (Cert RR)-and enables mapping a PKI onto the DNS hierarchy. LDAP was also enriched with new attributes to publish user certificates (User Certificate), CA certificates (CA certificate), and CRLS (Certificate Revocation List) One original idea of the proposed PKI is to interconnect very simply these two PKI, but one may wonder the interest of interconnecting these two PKIs.

LDAP is well introduced into organizations for centralizing and publishing employees’ features (e.g. phone number, office number, position…); as such LDAP is the solution of choice to publish employees’ certificates. However as raised in section 1.”trust into CA” is one of the most critical problems of managing PKI, and defining as many CAs as organizations to register employees certificates into their LDAP server does not help solving this trust problem.

In our PKI, the trust relationship is established through DNSSEC that needs to publish the certificate of the organization’s CA bound to the domain name of the organization. Details on the resulted chain of trust are given in section 2.2. To our summarize, the designed PKI relies on DNSSEC for internet entities to securely get and trust the organization’s CA public keys, and LDAP to make user’s certificates publicly available.

The strength of this PKI proposal is to request no modifications to software tools already in place: LDAP serves as a common directory for managing employees within companies, and DNS is commonly employed to do the mapping between companies’ domain names and IP addresses of public servers.

Actually the security level offered by this PKI depends on the security level of the DNSSEC directory managing certificates, and specifically on the more or less strong procedures defined around certificate management.

Next for illustration, we assume that company1 is provided with one official domain name (company1.fr) secured by DNSSEC. Company1 defines its own CA next referred to as company1 root CA, and owns its own LDAP server named 1dapserver where users and servers’ certificates are stored and made publicly available.

Certificate verification:

An internet entity needing to verify the validity of an employee’s certificate asks its local SCVP server. The verification processing is decomposed into three steps, the first one to download the certificates belonging to the chain certificate (of Company1), and the third one to check the validity of each certificate of the chain, as follows:

1. All the certificates belonging to the certificate chain are downloaded from the bottom-level certificate (issuer) up to the high-level certificate based on the isuerAltName information within the certificates. For Bob’s certificate, the LDAP server will be solicited only once to get the root CA’s certificate, because the LDAP PKI is a one-level CA hierarchy.

2. As soon as the root certificate is found in the chain, the DNS hierarchy is solicited to provide the CERT RR containing the root CA’s certificates. This CERT RR is get from the DNS reference given either in the issuerAltName or SubjectAltName field of the root CA’s certificate. The validity of the returned CERT RR is ensured by the DNSSEC PKI, but it will be definitely considered as valid if the root certificates registered in DNSSEC and LDAP PKIs are exactly the same.

3. All the downloaded certificates are then verified checking their validity period (validity), the signature (signature value) and, if possible, the CRL. The verification is done from the high-level certificate down to the bottom-level certificate. For revocation verification, it is required to download the CRL corresponding to the CrlDistributionPoints URI of the certificate under test, and to check its own validity period, and signature.

Defining a minimum security level within Internet:

With the designed PKI, any internet entities are provided with mechanisms to get certificates and to verify their authenticity and validity. This helps introducing a homogeneous security level within Internet and lets private individuals benefiting from that more secure Internet.

The overall security level depends on how LDAP and DNSSEC PKI are managed. If strict procedures for managing public and private keys are imposed by regulating or standardized bodies, the resulted security level will be significant. Otherwise, it will serve as a basic security level. Anyway, the security level get from that solution will never be as high as with CSP (Certificate Service Provider), and so its application will concern scenarios which are not too much security demanding.

Limitations:

The efficiency of the proposed PKI is closely related to the deployment of DNSSEC. Today, DNSSEC is still experimental and for management and organization difficulties, administrators of zones are reluctant to deploy DNSSEC. As a consequence, there is not only one DNSSEC PKI mapped on to the DNS hierarchy, but a number of small DNSSEC islands being independent from each other. It means that today the system must trust each root CA independently, and the DNSSEC PKI As required in this paper does not meet its original objectives of simplicity. However, international collaborative efforts must be underlined towards a secure DNS like the international DNSSEC experiment being realized within the rs.net tested Also some DNSSEC shadow zones are already operational, and applied at a pretty large scale as they are synchronized with real non- DNSSEC zones like”.fr”, “.nl”… All these experiments contribute to the progressive installation of DNSSEC. LDAP server must be accessible by any internet entities. To avoid the risk that a private LDAP information is divulged to unauthorized users intruding the LDAP server system, an LDAP proxy may be installed as a front end. For instance, this LDAP proxy might be initialized with public information only.

Testing platform:

A platform was developed as a proof of concept during CADDISC and VERICERT projects. We selected open LDAP to implement the LDAP server, BIND (Berkeley Internet Name Domain) for the DNS server, and OpenCA for certificate/CRL generation and automatic publication into OpenLDAP. SCVP open source softwares (responder and client) were developed for the client and server and encompass LDAP and DNSSEC clients.

The certificate verification module extends the OpenSSL verify function and required the development of a new trust method and a new lookup method for OpenSSL. More precisely, the trust method was extracted from the DNSSEC validator of the French IDsA project so that certificates verified by a DNS client are considered as trusted by OpenSSL. The LDAP lookup method was defined to get certificated from LDAP servers.

Download SECURE INTERCONNECTION OF LDAP AND DNSSEC PKIs WITHIN INTERNET Project
Custom Search
Project Ideas, Abstracts & Reports (5000)
  1. Computer Science Project Ideas & Abstracts (2400)
  2. Information Technology Project Ideas & Abstracts (2400)
  3. Electronics Project Ideas & Abstracts (1200)
  4. Electrical Project Ideas & Abstracts (200)
  5. Instrumentation Project Ideas & Abstracts (200)
  6. Mechanical Project Ideas & Abstracts (365)
  7. Civil Engineering Project Ideas & Abstracts (35)
  8. Biotechnology Project Ideas & Abstracts (11)
  9. Industrial Production Project Ideas & Abstracts (2)
  10. Chemical Project Ideas & Abstracts (35)
  11. Bio-Medical Project Ideas & Abstracts (7)
  12. Bioinformatics Project Ideas & Abstracts (2)
  13. Architecture Project Ideas & Abstracts (1)
  14. MBA Project Reports Ideas & Abstracts (434)
  15. Environmental Engineering Project Ideas & Abstracts (7)
  16. Science Projects in Chemistry/Physics/Biology (57)
  17. Textile Engineering Project Ideas & Abstracts (1)
Top Downloaded Projects
Management of Group of Hotels ( J2EE) Project The system aims at the maintenance and management of the different Hotels that are available in the different parts of the world. It mainly takes care of the Hotel management at the core area of the database.
Digital Image Tracing By Sequential Multiple Watermarking .Net Project The possibility of adding several watermarks to the same image would enable many interesting applications such as multimedia document tracing, data usage monitoring, and multiple property management.
Visa Processing System ASP.Net Project The project “Visa Processing System” is an automated system. It describes the process of applying for visa. There are so many visa types provided by the government like H1-visa, Dependent visa. Getting a Visa, Visa issuance is a very objective decision, and is not subjective.
A MINI PROJECT REPORT ON PORT SCANNER A port scanner is a piece of software designed to search a network host for open ports. This is often used by administrators to check the security of their networks and by hackers to compromise it. An online port scanner will scan your computer looking for open ports.
Advertisement Management System This is a website where different types of advertisements and classifieds are posted. Here the person, who wants to advertise their product, can choose different advertisement previews which are available in the advertisement template region. And client can order the advertisement by registering and conveying the requirements to the administrator.
Alumni Information Database This project is aimed at developing a Repository and each Engine for alumni of the college, which is of importance to a college. The Alumni Information Database is a web based application that can be accessed throughout the World. Anyone can access the search Engine to know about any Alumni of that college but can’t able to add.
college management system This project is aimed at developing an Online Intranet College Management System (CMS) that is of importance to either an educational institution or a college. The system (CMS) is an Intranet based application that can be accessed throughout the institution or a specified department.
COMM4 Efficient Packet Filtering in Wireless Ad Hoc Networks - U Wireless Mesh Networks (WMNs) have emerged as an important technology to deliver pervasive network access and ubiquitous mobile applications in various scenarios, such as disaster relief operations, ad hoc network support in convention centers
Corporate Address Book Corporate address book mainly developed for an organization to store their employee’s personal data. The System consists of various users like the Administrator, HR manager and Employees. Everyone have their own responsibilities.HR manager has the privileges to add/delete the employees. Administrator registers the employees and allocates the IDs for the employees. Employees can login and store their personal data.
Corporate Recruitment System1 The Main objective of this solution is to make easy the recruitment process of any organization. This CRS is designed by keeping in mind both parties Job providers and Job seekers. CRS allows Job seekers to register their details like skills and experience with the system, and then on the other hand even it allows job providers to post their requirements with the system.
E LEARNING CODE You'll be attending the nation's largest accredited portal, with an unsurpassed reputation for educational excellence and student service. You'll also be earning one of the most current and relevant degrees offered in the areas of Business, Management, Technology Management, Information Systems, Education and Nursing. Best of all, most of our students complete their degree in just two or three years.
E-Solution Provider This Web application provider is developed for an organization, which deals with attending customer requirements. This site provides online solutions for their customer’s. Once the customer is registered with the organization
e-Ticketing System The Ultimate motto of the project addresses all the problems that were faced by the current traveling agencies. Coming to the feasibility aspect the current project focuses on
Geo Spacial Matching for Image Retrieval Every day the average person with a computer faces a growing flow of multimedia information particularly via the Internet. But this ocean of information would be useless without the ability to manipulate, classify, archive and access them quickly and selectively. While text indexing is ubiquitous, it is often limited, tedious and subjective for describing image content.
Greedy Routing for Wireless Sensor Networks The unreachability problem (i.e., the so-called void problem) that exists in the greedy routing algorithms has been studied for the wireless sensor networks. Some of the current research work cannot fully resolve the void problem, while there exist other schemes that can guarantee the delivery of packets with the excessive consumption of control overheads.
HUMAN RESOURCE MANAGEMENT SYSTEM To develop a software application that supports the application specific to the HR automation in an intranet specific to a company there by allowing the integration of all the employees pertaining to that organization. To keep track of all the other departments related to that organization such as marketing, development etc.
Implementaion of Eccentric Network for Intranetp Eccentric network is mainly used in software companies. Because many persons involve in completion of the project like team leader, project leader. Team members should finish their daily task and their source code should be stored in the main server. This is the day-to-day task done by the team members.
Infrastructure Management System This is to certify that the project work entitled “Infrastructure Management System for Vishakhapatnam Steel Plant” is submitted by xxxx student of B.Tech third year in order to fulfill the required curriculum of the mini project to be submitted in the college. It is a bonafied record of work carried out by her in the IT Department of VSP.
INTERCOM PROJECT The Intercom project lets two people type across the intranet. You just start up the project, connect with the click of a button, and you’ve got your own connection: everything you type into the intercom, the other user can see; every thing he or she types, you can see. Presto – your own private intercom over the intranet.
Intranet Mail System The aim of the project was to develop an Intranet web based mail client system connecting to a Linux server running a mail server and with Apache as the web server. The aim was to implement the necessary functionality to the users such as receiving and organizing mails
KEYPASS PASSWORD PROTECTION MANAGER In the present scenario every person is associated with some id and password. It may pertain to accessing the PC, the web, emails, financial institutions, access to credit cards, ATM’s etc. Most often a person tries to remember them in order to use it. It is always known that a person or individual confuses between passwords of different id’s. Some individuals in order to avoid confusion also adapt to use a common password for all id’s.
MINI PROJECT Report on E-COPS This feature is made available to public for interaction with police indirectly. This system registers the complaints from people through online and is helpful to the police department in catching criminals. In this system any person can give any complaint anytime.
multile service browsers The web consist of a vast world wide collection of documents called “pages”. Each page contains a number of links to other related pages,
ONLINE BANK FINANCIAL SERVICES The project titled “Online bank Financial Services” is designed using Active Server Pages .NET with Microsoft Visual Studio.Net 2003 as front end and Microsoft SQL Server 2000 as back end which works in .Net framework version 1.1. The coding language used is VB.NET
Patient Information System New technologies have improved the ability of electronically storing, transferring and sharing medical data also changed. At the same time, they also create serious questions about who has access to this information and how they are protected.
perfect project plan Project Scheduler is a simple, fast, accurate and easy to use with flexible options for viewing the essential details. The solution is best suited for individuals working on various projects, which helps to keep track of all the Projects and their Schedules.
Recruitment Processing System The Recruitment Process System is Intermediate between Jobseekers and Employers. The purpose is to enable the Jobseekers to search for the jobs from any remote location. The Jobseeker can Search for the jobs from any remote location. The Jobseeker can Search for the jobs which with the Consultancy without actually visiting the Consultancy.
Road Transport Authority Road Transport Authority (RTA) is an online information source developed for Road Transport Authority to facilitate the users in applying for various licenses and registrations. This tool has been designed to facilitate the flow of information within the organization.
SCAR GLOBAL LIFE INSURANCE Coding This is an online project initiated by Scar Global Life Insurance. Main purpose of this project is to provide online services to do analysis on some important statistics of Miner insurance in the current market of India by gathering and analyzing and managing data which is available. The statistics will be used to prepare better insurance plans to boost up the Miner Insurance industry in India.
Shift Management System SHIFT PLUS is a shift management system for maintaining and managing the schedules and related details of the employees working on different projects in different shifts. Moreover, the calculation and maintenance of comprehensive shift-related allowances for the employees is done using the system. This tool is a Web enabled system with increased efficiency and accuracy.
Single-Link Failure Detection in All-Optical Networks Using Monitoring Cycles and Paths Main In this paper, we consider the problem of fault localization in all-optical networks. We introduce the concept of monitoring cycles (MCs) and monitoring paths (MPs) for unique identification of single-link failures. MCs and MPs are required to pass through one or more monitoring locations.
A VLSI PROGRESSIVE CODING FOR WAVELET-BASED IMAGE COMPRESSION This paper describes the hardware design flow of lifting based 2-D Forward Discrete Wavelet Transform (FDWT) processor for JPEG 2000. In order to build high quality image of JPEG 2000 codec, an effective 2-D FDWT algorithm has been performed on input image file to get the decomposed image coefficients.
An Algorithm for SAR Image Embedded Compression based on Wavelet Transform Synthetic Aperture Radar (SAR) image compression is important in image transmission and archiving. In this paper, SAR image compression using embedded zerotree wavelets algorithm, based on discrete wavelet transform (DWT),
Automatic Railway Gate Control System The objective of this project is to manage the control system of railway gate using the microcontroller. When train arrives at the sensing point alarm is triggered at the railway crossing point so that the people get intimation that gate is going to be closed.
COMMUNICATION ANTENNA SWITCHING SYSTEM BASED ON MICRO CONTROLLER Testing and simulation are important in the system behavior. The main objective of the simulation is to verify whether the design meets the specification. On many occasion the specification itself must be tested to determine if it meets the requirements.
DAM LEVEL WARNING USING GSM (Global system for mobile communication) SMS The main goal of the project “DAM LEVEL WARNING USING GSM SMS” is to monitor and control the water level in the dams. Here with the help of some different sensors we are monitoring the different level of water using GSM technology.