Securing digital identities: from the deployment to the analysis of a PKI ecosystem with virtual HSMs leveraging open-source tools
Alessandro Loconsolo
Securing digital identities: from the deployment to the analysis of a PKI ecosystem with virtual HSMs leveraging open-source tools.
Rel. Antonio Lioy. Politecnico di Torino, Master of science program in Computer Engineering, 2024
|
Preview |
PDF (Tesi_di_laurea)
- Thesis
Licence: Creative Commons Attribution Non-commercial No Derivatives. Download (2MB) | Preview |
![[thumbnail of Documenti_allegati]](https://webthesis.biblio.polito.it/style/images/fileicons/application_zip.png "Documenti_allegati")
|
Archive (ZIP) (Documenti_allegati)
- Other
Licence: Creative Commons Attribution Non-commercial No Derivatives. Download (67kB) |
Abstract
The objective of this work is to implement a PKI using exclusively open-source tools, with a particular focus on the integration of EJBCA CE with a virtual HSM. The primary goal is to establish trust between the Authorities and the End Entities within the ecosystem and then to identify the principal challenges that might be encountered during the deployment, from a security, performance and management point of view. The system has been implemented within a containerised environment, with Docker Compose orchestrating the modules of the infrastructure. The designed architecture comprises two EJBCA CE instances, which have been configured as the CA and the VA, respectively.
Each instance is equipped with its own database and virtual HSM, and its functionalities are subject to RBAC, thereby ensuring that the principle of least privilege is upheld for the entities within the organisation
Publication type
URI
 |
Modify record (reserved for operators) |
