1 / 37

Security in Grid Computing

Security in Grid Computing. AZIZOL ABDULLAH DEPARTMENT OF COMMUNICATION TECHNOLOGY AND NETWORK. Grid Example. Security Issues. Each company could be regarded as a domain Each domain will have its own security policy

mardi
Télécharger la présentation

Security in Grid Computing

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Security in Grid Computing AZIZOL ABDULLAH DEPARTMENT OF COMMUNICATION TECHNOLOGY AND NETWORK

  2. Grid Example

  3. Security Issues • Each company could be regarded as a domain • Each domain will have its own security policy • The primary goal of Grid environment is to encourage domain-to-domain interactions to share the resources

  4. Security Issues: How to share the resources? • To encourage the controlled sharing of resources: • The security overhead should be minimized so that the sharing is appealing • The security mechanism applied should be scalable • Domains should not lose control over their own resources

  5. Security Issues: What is Trust ? • Trust is to model the human social behavior • When I use a credit card to pay the bill, the bank trust me that I will pay back the money later • When I use the e-banking service to perform a transaction, I trust the bank that it will perform the transaction for me

  6. Definition of Trust • Trust is the firm belief in the competence of an entity to behave as expected such that this firm belief is a dynamic value associated with the entity and is subject to the entity’s behavior and applies only within a specific context at a given time

  7. Trust • Trust value is a continuous and dynamic value in the range of [0,1] • 1 means very trustworthy • 0 means very untrustworthy • It is built on past experience • It is context based (under different context may have different trust value)

  8. Reputation • When making trust-based decisions, entities can rely on others for information regarding to a specific entity. • The information regarding to a specific entity x is defined as the reputation of entity x.

  9. Definition of Reputation • The reputation of an entity is an expectation of its behavior based on other entities’ observations or information about the entity’s past behavior within a specific context at a given time.

  10. Security Issues Traditional systems: • Protect a system from its users • Protect data of one user from compromise In Grid systems: • Protect applications and data from system where computation executes • Stronger authentication needed (for users and code) • Protect local execution from remote systems • Different admin domains/security policies

  11. Authentication • Process of verifying identity of a participant to an operation or request • Principal: entity whose identity is verified • local user OR user logged into remote system • Traditional systems: authenticate client to protect server • Grid systems: mutual authentication required • Ensure that resources and data not provided by an attacker

  12. Authentication Methods:Password-based Authentication • Send unencrypted passwords: only suitable when messages can’t be read by untrusted processes while on network • Instead: Prove knowledge of a password: • Don’t send password over network • Use password as an encryption key • Encrypt a known but non-repeating value • Send encrypted value to party verifying authentication • Both parties must know password or trust a third-party to distribute it

  13. Authentication Systems:Kerberos • Authentication and key distribution protocol • Used with symmetric encryption systems (both sides must share same key) • Better performance than systems using public key or asymmetric cryptography • Well-suited to frequent authentication • Centrally administered • Requires trusted, on-line certification authority: Key Distribution Center (KDC)

  14. Using Kerberos to authenticate a client and a server • Each client and server register their keys in advance with Kerberos authentication server • Client wants to communicate with service provider: sends client and service provider names to Kerberos authentication server • Kerberos server randomly generates a session key that will be used for symmetric encryption between client and server • Kerberos server sends session key to client as well as a ticket that contains client’s name and session key, all encrypted with server’s key

  15. Kerberos Authentication (cont.) • Client caches encrypted session key and ticket, which are valid for some period • Reduces number of authentication requests to server • Client forwards ticket to service provider AND sends server a timestamp encrypted using the session key • Server decrypts ticket and extracts session key • Server uses session key to decrypt timestamp and checks that timestamp is recent • If client needs to authenticate server, server encrypts the timestamp with the session key and sends it back to client

  16. Authentication Systems: Secure Sockets Layer (SSL) • Widely-deployed: every web browser! • Client authenticates identity of the server • Send a session key from client to server to set up an encrypted communication • Server has a certificate that contains its public key • If client has a certificate, can authenticate itself to the server

  17. Using SSL to authenticate a server • Client web browser with SSL contacts web server with SSL • Server sends public-key certificate to client • Client uses public key of a trusted Certificate Authority (CA) to verify server’s certificate is valid • Client verifies that hostname embedded in certificate is hostname of intended server • Client extracts server’s public key from certificate • Client uses server’s public key to encrypt a session key for a symmetric cryptosystem • Client sends encrypted session key to server • Server uses its private key to decrypt session key • Client and server communicate using symmetric cryptosystem with session key

  18. Certificates and Certification Authorities (CA) • Certification mechanism provides binding between encryption key and authenticated identity • Certification authority (CA) is a third party that certifies or validates the binding • CA issues a certificate and signs it • Certificate is a data object that contains: • Distinguished name of a principal • In asymmetric cryptographic systems: the public key of the principal • Optional attributes: authorizations, group memeberships, email addresses, alternate names

  19. Certification (cont.) • X.509 certificates:most widely used format • Web browsers • Secure email services • Public-key-based electronic payment systems • Validating the binding • Verifier must know the CA’s public key • Uses CA’s public key to validate CA’s signature • Hierarchy of CAs: each CA certified by higher-level CA except for root CA(s) • Applications and servers must know public key of trusted root CAs

  20. Data Origin Authentication • Provides assurance that a particular message, data item or executable originated with a particular principal • Determines whether program was modified or sent by attacker

  21. Delegation of Identity • Process that grants one principal the authority to act as another individual • Assume another’s identity to perform certain functions • E.g., in Globus: use the gridmap file on a particular resource to map authenticated user onto another’s account, with corresponding privileges

  22. Authorization • Process that determines whether a particular operation is allowed • Traditionally: based on authenticated identity of requester and local information • Access Control Lists (ACLs) • Grids: determine whether access to resource is allowed • Might have access control lists associated with resources, principals or authorized programs • User-provided code must also be authenticated

  23. Distributed Authorization • E.g., Distributed Computing Environment • Systems still being developed • Distributed maintenance of authorization information: • Group membership • Access control lists • Need to verify the authenticity of authorization (and assurance) information • One approach: Embed these attributes in certificates • Signed by trusted third-party • “Privilege attribute certificates”

  24. Distributed Authorization (cont.) • Restricted proxy: authorization certificate that grants authority to perform operation on behalf of grantor • Restricted for access to particular objects • Only when specified restrictions are satisfied • Alternative: separate authorization server • Party providing a service checks with server whether a named principal is authorized

  25. Delegation of Authority • User or process that is authorized to perform an operation can grant authroity to perform the operation to another process • More restricted than identity delegation • In Grids: • Used for tasks that run remotely on grid that must read or write data stored across the network • E.g., resource manager allocates a node to a job and delegates to job’s initator authority to use that node

  26. Integrity and Confidentiality • Protect data during transmission on network • Anyone connected to an open network may observe, insert or possibly remove messages • Cryptography • Encryption: scrambles data in a way that varies based on a secret encryption key • Decryption: unscramble data using corresponding decryption key • Ciphertext: scrambled data • Plaintext: original or unscrambled data

  27. Encrypted messages provide integrity and confidentiality • Protect data • data encrypted before transmission and decrypted afterward • Checksums protect data integrity • Attach a checksum to data before enryption • After decryption, receiver verifies checksum • Detect modifications of data by someone who doesn’t know encryption key

  28. Symmetric Cryptosystems • Examples:DES (data encryption standard), triple-DES, idea, blowfish, RC4, RC5 • Uses same key for encryption & decryption • Both parties must share same key • With static keys: • User needs different key for every other user or service provider • Service provider maintains key for every user • Or, use mutually-trusted intermediary to generate and distribute session key to both parties • E.g., Kerberos Key Distribution Center

  29. Symmetric Encryption Key Distribution Using Kerberos • Each client and server register their keys with Kerberos authentication server in advance • Client wants to communicate with service provider: sends client and service provider names to Kerberos authentication server • Kerberos server randomly generates a session key that will be used for symmetric encryption between client and server • Kerberos server sends session key to client as well as a ticket that contains client’s name and session key, all encrypted with server’s key

  30. Key Distribution Using Kerberos (cont.) • Client caches encrypted session key and ticket, which are valid for some period • Reduces number of authentication requests to server • Client forwards ticket to service provider AND sends server a timestamp encrypted using the session key • Server decrypts ticket and extracts session key • Server uses session key to decrypt timestamp, checks that it is recent • If client needs to authenticate server, server encrypts the timestamp with the session key and sends to client

  31. Asymmetric Cryptography • Also Public Key cryptography (PKI) • E.g., RSA or DSA (digital signature algorithm) • Uses a pair of keys for encryption and decryption • Knowledge of one key does not reveal the other • Public key: published and available to anyone • Private key: secret, known to only one party • Advantage: can disseminate public key freely • Disadvantage: significantly worse performance than symmetric encryption • Because of performance, rarely used in isolation • Used in combination with symmetric encryption

  32. Using Asymmetric Encryption to Exchange a Symmetric Key • Sender generates a symmetric session key and an associated checksum • Sender encrypts key and checksum using recipient’s public key and sends them to recipient • Recipient decrypts key and checksum using its private key • Recipient verifies checksum is correct and extracts session key • Communication proceeds using symmetric encryption with the session key

  33. Using Asymmetric Encryption to Exchange Symmetric Key (cont.) • Pay asymmetric performance penalty at startup but not on every block transferred • Relies on each party knowing public keys or relying on trusted third party (CA) to verify public keys • Otherwise, attacker could replace public key with different public key that has a private key known by attacker

  34. Encryption with PGP (Pretty Good Privacy) • Provides integrity, authentication and confidentiality for email and data files • Sender: • Computes a message digest (similar to a checksum) • Encrypts original message using symmetric cryptography with a message key • Encrypts the message digest with asymmetric cryptography using the private key of the sender • Provides a digital signature (integrity) • Encrypts the message key with asymmetric cryptography using recipient’s public key

  35. PGP (Pretty Good Privacy) (cont.) • Recipient: • Decrypts message digest using public key of sender • Decrypts message key using its own private key • Uses message key to decrypt original message • Verifies the correctness of message using digest

  36. Digital Signatures • Does not require encryption of original message • Message digest • Computationally infeasible for another message to produce the same digest • Encrypted • Attached to message • Can detect if message was altered during transmission • Provides a digital signature

  37. Summary • Security Issues : Trust and Reputation • Authentication • Password-based • Kerberos authentication • SSL authentication • Certification authorities • Authorization • Integrity and Confidentiality • Symmetric and asymmetric cryptography • PGP (Pretty Good Privacy) • SSL

More Related