1 / 25

Cryptographic Aspects of the Grid Security Architecture

Cryptographic Aspects of the Grid Security Architecture. Olivier Chevassut (LBNL). Outline. Introduction motivations research objectives Modern Cryptography First-Generation Web Services Security Second-Generation Web Services Security Peer-to-Peer Security Conclusion. Motivation.

ellis
Télécharger la présentation

Cryptographic Aspects of the Grid Security Architecture

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Cryptographic Aspects of the Grid Security Architecture Olivier Chevassut (LBNL)

  2. Outline • Introduction • motivations • research objectives • Modern Cryptography • First-Generation Web Services Security • Second-Generation Web Services Security • Peer-to-Peer Security • Conclusion

  3. Motivation • An increasing number of distributed applications need to call functionality from other applications over a network, e.g. • Web Services for financial transactions • Web Services for computational Grids • An increasing number of these distributed applications have security requirements • confidentiality of data • protection from hackers • protection from viruses and trojan horses

  4. Research Objectives • Provide a reliable communication between an initial requestor and a Web Service provider • message-level communication channel connecting the two entities • messages may be operated on by multiple intermediaries that perform actions (e.g, routing) • Provide a secure communication between an initial requestor and a Web Service provider • support confidentiality, authenticity, and integrity • support authorization and access control • support secure modification of messages operated on by intermediaries

  5. Outline • Introduction • Modern Cryptography • methodologies to design cryptographic algorithms • a provable secure design • First-Generation Web Services Security • Second-Generation Web Services Security • Peer-to-Peer Security • Conclusion

  6. Design Methodologies • Ad hoc or heuristic security • attack-response design not successful • helps avoid known attacks • Formal Methods [BAN90] • formal specification tools • successful at finding flaws and redundancy • assurance limited to formal system • Provable Security [GM85] • based on complexity theory • successful at avoiding flaws • useful to validate cryptographic algorithms

  7. How the Science of Provable Security Works 1. Specification of a model of computation • instances of players are modeled via oracles • adversary controls all interactions among the oracles • adversary’s capabilities are modeled by queries to the oracles • adversary plays a game against the oracles 2. Definition of the security goals • authentication and secrecy of session keys • Forward-Secrecy (FS) and Denial of Service (DoS), dictionary attacks 3. Statement of the intractability assumptions • computational/decisional Diffie-Hellman (CDH and DDH) 4. Description of the algorithm and its proof of security • proof shows by contradiction that the algorithm achieves the security goals under the intractability assumptions

  8. Outline • Introduction • Modern Cryptography • First-Generation Web Services Security • transport-layer security is a pragmatic solution • provably secure key-exchange primitives • Second-Generation Web Services Security • Peer-to-Peer Security • Conclusion

  9. Security at the Transport Layer : Architecture Hypertext Transfer Protocol (HTTPS) Secure Socket Layer Protocol (SSL) symmetric crypto algorithms key-exchange algorithm Transport Control Protocol (TCP)

  10. Security at the Transport Layer : Components • The TCP protocol provides a reliable communication between the requestor and the WS-provider supporting • reliable delivery of messages • fifo ordered delivery of messages • membership notifications • The SSL protocol provides a secure communication between the requestor and the WS-provider supporting • confidentiality, authenticity, and integrity • authorization and access control • security services optional

  11. A PKI-based Key-Exchange Cryptographic Algorithm • Enable the requester and the Web Services provider to establish a session key sk • Achieve data secrecy and integrity using the session key to key the AES and HMAC cryptographic primitives [gx2] [gx1] x2 x1 Requester WS-provider sk = gx1x2

  12. Outline • Introduction • Modern Cryptography • First-Generation Web Services Security • Second-Generation Web Services Security • abstract security from the underlying network • SSL-like message-level protocol • Peer-to-Peer Security • Conclusion

  13. Security at the Application Layer : Architecture WS-SecureConversation WS-Security Simple Object Access Protocol (SOAP)

  14. Security at the Application Layer : Architecture • The SOAP protocol provides a loosely-coupled, language-neutral, platform-independent way of linking applications across the Internet • Remote Procedure calls (RPC SOAP) • Messaging between applications (Document-based SOAP) • The WS-Security Specification protect sensitive data by • encrypting and signing them • enclosing them in an XML form in SOAP messages • The WS-SecureConversation specification is a security message-level protocol (similar to SSL) • use WS-Security to achieve confidentiality, authenticity, integrity • use WS-Policy and WS-Trust specifications to achieve authorization and access control

  15. A PKI-based Key-Exchange Cryptographic Algorithm • Enable the requester and the Web Services provider to establish a session key sk • Achieve data secrecy and integrity using the session key to key the AES and HMAC cryptographic primitives [gx2]XML-Sig [gx1 ]XML-Sig x2 x1 Requester WS-provider sk = gx1x2

  16. Security Measurement:Authenticated Key Exchange • Theorem of Security Advake(t,qs,qh)  n · Succcma(t’ ) + 2 · qsn.·qh ·Succgcdh(t’’ ) t’,t’’ t + qs · n ·Texp(k) • The adversary can break the algorithm in two ways (1) the adversary forges a signature w.r.t some player’s LL-key => it is possible to build a forger (CMA) (2) the adversary is able to guess the bit b involved in the Test-query => it is possible to solve an instance of the GCDH problem

  17. A Password-based Key-Exchange Cryptographic Algorithm • Enable the requester and the Web Services provider to establish a session key sk • Achieve data secrecy and integrity using the session key to key the AES and HMAC cryptographic primitives [gx2]pw [gx1 ]pw x2 x1 Requester WS-provider sk = gx1x2

  18. Security Measurement :Dictionary Attacks • Ideal-cipher assumption • Theorem Advake(T,qs,qe)  2qs / N + 2qs ·(n-1) · Advddh(T’ ) + 2 ·qh ·Succtgcdh(T’ ) + Cte T’ T + n · (3qs+qe)·Texp(k) • The theorem shows that the security against dictionary attacks since the advantage of the adversary grows essentially with the ratio of interactions (number of send-queries) to the number of password. • The security holds provided that DDH, TGCDH and M-DDH are hard. These terms can be made negligible.

  19. Outline • Introduction • Modern Cryptography • First-Generation Web Services Security • Second-Generation Web Services Security • Peer-to-Peer Security • multicast-transport security is a pragmatic solution • SSL-like group communication protocol • Conclusion

  20. Security at the Multicast-Transport Layer: Architecture Collaborative Application Group DH key exchange algorithm Access control algorithm Secure Group Layer (SGL) Symmetric cryptographic algorithms Reliable Multicast Transport Protocol

  21. The Reliable Multicast Transport Layer • Provide SGL with reliable and ordered delivery of messages • data messages are delivered in order - FIFO, partial, and total - at each member of the group • Provide SGL with membership notifications • membership changes delivered in order with respect to data messages • Several systems provide a reliable multicast layer • e.g., Totem and InterGroup

  22. The Secure Group Layer • Symmetric crypto algorithms (e.g. Rijndael and HMAC) • implement an authenticated and encrypted channel • A group key-exchange cryptographic primitive enables group members to establish a session key • A certificate-based access control mechanism makes sure that only the legitimate parties have access to the session key • off-line (does not participate in key exchange)

  23. The Group Key-Exchange Algorithm • Up-flow: Uiraises received values to the power of xiand forwards to Ui+1 • Down-flow: Un processes the last up-flow and broadcasts [g, gx1] x2 x1 [gx2x3 , gx1x3] [gx2, gx1, gx1x2] sk=gx1x2x3 x3

  24. Security Measurement:Authenticated Key Exchange (AKE) • Theorem Advake(t,Q,qs,qh)  2 ·n · Succcma(t’ ) + 2 · Q ·(ns) ·s ·qh ·Succgcdh(t’’ ) t’,t’’ t + (Q+qs) · n ·Texp(k) • The adversary can break the protocol in two ways (1) the adversary forges a signature w.r.t some player ’s LL-key => it is possible to build a forger (CMA) (2) the adversary is able to guess the bit b involved in the Test-query => it is possible to come up with an algo that solves an instance of the GCDH problem

  25. The Access Control Algorithm in SGL : a user join User Group Controller Application 1 4 4 4 2.1 1 AuthorizationTTP Secure Group Layer Secure Group Layer Secure Group Layer 2.2 3.1 2.2 3.2 2.2 3.2 Reliable multicast transport Reliable multicast transport Reliable multicast transport 1. Authorization: The user requests its permission from TTP and obtains a membership authorization certificate 2. Join multicast group: 2.1.The user submits a join request 2.2. Secure Group Layer gets a membership change notification 3. Access control: 3.1. The user broadcasts its certificate 3.2. Ugc checks the user’s permission and, if authorized, initiates group DH key exchange 4. Deliver secure membership: When the group DH key exchange is done, Secure Group Layer delivers the secure membership notification to the application

More Related