>> English Top
SINET5 to Facilitate Development of Various Application Services
SINET5 to Become Campus Application
by Shunji Abe, Associate Professor, NII
Prof. Abe outlined how institutions are currently using cloud services via SINET4; showed the future direction of how cloud services can be used via SINET5; and then explained how this can be realised by utilising SDN (Software-Defined Networking) technology.
At the moment, various cloud-service providers are directly connected to SINET4, and users access these commercial services via SINET-L3VPN, IPsec or SINET-L2VPN connections. In the near future, it is expected that cloud services and communication lines will be integrated and highly sophisticated. They will be able to offer a cyber environment in which researchers, lecturers, and students can use the services they require. In such an environment, it will be even more important to maintain the security of data and communications exchanged in cyber space.
Each institution will be able to create its own ICT infrastructure on SINET5. Security will be reinforced using the cloud DC. This will provide institutions with an up-to-date security system at a lower cost compared to having a security system within the institution (i.e. institutions do not have to continuously improve their own security system at an additional cost). Institutions and cloud DCs will be connected to create a virtual university LAN that offers various ICT functions.
The directions in which cloud services can be used on SINET5 are three fold. 1/ SINET5 can allow institutions to easily add cloud services by extending VPN and transferring on-campus FW and IDS/IPS to the SINET’s security infrastructure on the cloud. 2/ SINET5 can allow cloud services to be inter-connected. For example, institutions in a collaborative research project can inter-connect storage on their academic cloud on SINET5, and allow members to access shared data easily. 3/ SINET5 can allow each user to customise or define whatever cloud services they want. For example, a user may customise the usage of a network to send large amounts of data at high speed only when the network is not busy. Or, a user may set up connections to access video lectures offered at different universities at specific times of the day.
According to Abe, these will be realised by utilising SDN technology. SDN is a technology to configure and change the network’s settings dynamically. Although SINET4 already provides on-demand L2VPN services that share a similar concept, SINET5 will adopt SDN for the control of L2VPN and increase its usability. By doing so, Abe hopes that SINET5 will encourage users to use more cloud services.
Providing Secure and Convenient Cloud Services via GakuNin
by Motonori Nakamura, Professor by Special Appointment, NII
Prof. Nakamura outlined the recent security threat on the network and introduced what GakuNin, Academic Access Management Federation, has done to tackle security issues, including issuing digital certificates, offering support to increase security literacy, implementing SSO, and joining and adopting a trust framework. Nakamura argued that GakuNin will continue to reinforce its security measures and facilitate a secure and convenient use of cloud services in the age of SINET5.
Network security has been a big issue in recent years especially with the increasing number of password leakage incidents through spam wares. The weakness of Open SSL lies here, as the information on a password-authenticated site can be easily stolen once a password is obtained by an attacker. In order to prevent such a situation, advanced authentication systems such as digital certificates (i.e. client certificates) can be used; however, it is a challenge for any institution to achieve the required level of security while keeping the incurring cost low.
In order to tackle this, GakuNin introduced digital certificates and has collectively issued server certificates to the participating institutions. The cost saved by GakuNin’s scheme counts for about 180 million yen per year as a whole. Responding to the demands from participating institutions, GakuNin continues to issue server certificates and is also preparing to issue client certificates as a next level certificate service.
Alongside reinforcing the security of the system, NII has been supporting higher education institutions to create a security policy by providing sample regulations and courses on information security literacy. Security E-learning courses such as ‘Hikari & Tsubasa’ and ‘Rin-Rin Hime’ are made available on GakuNin’s Moodle site for lecturers and students to attend. GakuNin’s Moodle site also allows institutions to register their own content, share content with other institutions, and obtain records of attendance.
By implementing SSO (Single Sign On) technology, GakuNin has established a framework in which institutions can connect to outside services securely, and created a trust framework that guarantees trust between IdPs and SPs. The advantages of SSO are as follows: 1) the authentication process is centralised at each IdP, which cuts the cost and increases credibility; 2) the authentication process is separated from associated services and so is more secure (i.e. the password is entered on the IdP site and not at each SP site); and 3) the authentication process can easily be upgraded (e.g. by introducing client certificates together with SSO, it can increase the level of security and prevent the risk of password leakage).
GakuNin continues to reinforce its level of security and keeps up-to-date with the world standard. For example, GakuNin became a designated Trust Framework Provider. This means that GakuNin can grant a Level 1 in LoA (Level of Assurance) to its participating IdPs. The Level of Assurance is an evaluation system that is used to assess whether an IdP can be allowed to connect to the services provided by the US Federal Government. In addition to adopting world-level trust frameworks, it is also important to adopt different levels of authentication depending on the risk levels of each SP. GakuNin is planning to rate the security level of each service and create standards for required strengths of authentication, for example, by referring to Hiroshima University’s Usage Guideline for cloud services.
As outlined above, GakuNin has implemented various security measures and continues to provide a high standard of security. Nakamura argued that GakuNin can facilitate the academic community’s effective and secure use of cloud services. He concluded his presentation by saying that the academic community is not merely a user of IT services, but has an important role to play in leading the IT innovation of a society.
Copyright© National Institute of Informatics