380 likes | 524 Views
Security in Grid Computing. AZIZOL ABDULLAH DEPARTMENT OF COMMUNICATION TECHNOLOGY AND NETWORK. Grid Example. Security Issues. Each company could be regarded as a domain Each domain will have its own security policy
E N D
Security in Grid Computing AZIZOL ABDULLAH DEPARTMENT OF COMMUNICATION TECHNOLOGY AND NETWORK
Security Issues • Each company could be regarded as a domain • Each domain will have its own security policy • The primary goal of Grid environment is to encourage domain-to-domain interactions to share the resources
Security Issues: How to share the resources? • To encourage the controlled sharing of resources: • The security overhead should be minimized so that the sharing is appealing • The security mechanism applied should be scalable • Domains should not lose control over their own resources
Security Issues: What is Trust ? • Trust is to model the human social behavior • When I use a credit card to pay the bill, the bank trust me that I will pay back the money later • When I use the e-banking service to perform a transaction, I trust the bank that it will perform the transaction for me
Definition of Trust • Trust is the firm belief in the competence of an entity to behave as expected such that this firm belief is a dynamic value associated with the entity and is subject to the entity’s behavior and applies only within a specific context at a given time
Trust • Trust value is a continuous and dynamic value in the range of [0,1] • 1 means very trustworthy • 0 means very untrustworthy • It is built on past experience • It is context based (under different context may have different trust value)
Reputation • When making trust-based decisions, entities can rely on others for information regarding to a specific entity. • The information regarding to a specific entity x is defined as the reputation of entity x.
Definition of Reputation • The reputation of an entity is an expectation of its behavior based on other entities’ observations or information about the entity’s past behavior within a specific context at a given time.
Security Issues Traditional systems: • Protect a system from its users • Protect data of one user from compromise In Grid systems: • Protect applications and data from system where computation executes • Stronger authentication needed (for users and code) • Protect local execution from remote systems • Different admin domains/security policies
Authentication • Process of verifying identity of a participant to an operation or request • Principal: entity whose identity is verified • local user OR user logged into remote system • Traditional systems: authenticate client to protect server • Grid systems: mutual authentication required • Ensure that resources and data not provided by an attacker
Authentication Methods:Password-based Authentication • Send unencrypted passwords: only suitable when messages can’t be read by untrusted processes while on network • Instead: Prove knowledge of a password: • Don’t send password over network • Use password as an encryption key • Encrypt a known but non-repeating value • Send encrypted value to party verifying authentication • Both parties must know password or trust a third-party to distribute it
Authentication Systems:Kerberos • Authentication and key distribution protocol • Used with symmetric encryption systems (both sides must share same key) • Better performance than systems using public key or asymmetric cryptography • Well-suited to frequent authentication • Centrally administered • Requires trusted, on-line certification authority: Key Distribution Center (KDC)
Using Kerberos to authenticate a client and a server • Each client and server register their keys in advance with Kerberos authentication server • Client wants to communicate with service provider: sends client and service provider names to Kerberos authentication server • Kerberos server randomly generates a session key that will be used for symmetric encryption between client and server • Kerberos server sends session key to client as well as a ticket that contains client’s name and session key, all encrypted with server’s key
Kerberos Authentication (cont.) • Client caches encrypted session key and ticket, which are valid for some period • Reduces number of authentication requests to server • Client forwards ticket to service provider AND sends server a timestamp encrypted using the session key • Server decrypts ticket and extracts session key • Server uses session key to decrypt timestamp and checks that timestamp is recent • If client needs to authenticate server, server encrypts the timestamp with the session key and sends it back to client
Authentication Systems: Secure Sockets Layer (SSL) • Widely-deployed: every web browser! • Client authenticates identity of the server • Send a session key from client to server to set up an encrypted communication • Server has a certificate that contains its public key • If client has a certificate, can authenticate itself to the server
Using SSL to authenticate a server • Client web browser with SSL contacts web server with SSL • Server sends public-key certificate to client • Client uses public key of a trusted Certificate Authority (CA) to verify server’s certificate is valid • Client verifies that hostname embedded in certificate is hostname of intended server • Client extracts server’s public key from certificate • Client uses server’s public key to encrypt a session key for a symmetric cryptosystem • Client sends encrypted session key to server • Server uses its private key to decrypt session key • Client and server communicate using symmetric cryptosystem with session key
Certificates and Certification Authorities (CA) • Certification mechanism provides binding between encryption key and authenticated identity • Certification authority (CA) is a third party that certifies or validates the binding • CA issues a certificate and signs it • Certificate is a data object that contains: • Distinguished name of a principal • In asymmetric cryptographic systems: the public key of the principal • Optional attributes: authorizations, group memeberships, email addresses, alternate names
Certification (cont.) • X.509 certificates:most widely used format • Web browsers • Secure email services • Public-key-based electronic payment systems • Validating the binding • Verifier must know the CA’s public key • Uses CA’s public key to validate CA’s signature • Hierarchy of CAs: each CA certified by higher-level CA except for root CA(s) • Applications and servers must know public key of trusted root CAs
Data Origin Authentication • Provides assurance that a particular message, data item or executable originated with a particular principal • Determines whether program was modified or sent by attacker
Delegation of Identity • Process that grants one principal the authority to act as another individual • Assume another’s identity to perform certain functions • E.g., in Globus: use the gridmap file on a particular resource to map authenticated user onto another’s account, with corresponding privileges
Authorization • Process that determines whether a particular operation is allowed • Traditionally: based on authenticated identity of requester and local information • Access Control Lists (ACLs) • Grids: determine whether access to resource is allowed • Might have access control lists associated with resources, principals or authorized programs • User-provided code must also be authenticated
Distributed Authorization • E.g., Distributed Computing Environment • Systems still being developed • Distributed maintenance of authorization information: • Group membership • Access control lists • Need to verify the authenticity of authorization (and assurance) information • One approach: Embed these attributes in certificates • Signed by trusted third-party • “Privilege attribute certificates”
Distributed Authorization (cont.) • Restricted proxy: authorization certificate that grants authority to perform operation on behalf of grantor • Restricted for access to particular objects • Only when specified restrictions are satisfied • Alternative: separate authorization server • Party providing a service checks with server whether a named principal is authorized
Delegation of Authority • User or process that is authorized to perform an operation can grant authroity to perform the operation to another process • More restricted than identity delegation • In Grids: • Used for tasks that run remotely on grid that must read or write data stored across the network • E.g., resource manager allocates a node to a job and delegates to job’s initator authority to use that node
Integrity and Confidentiality • Protect data during transmission on network • Anyone connected to an open network may observe, insert or possibly remove messages • Cryptography • Encryption: scrambles data in a way that varies based on a secret encryption key • Decryption: unscramble data using corresponding decryption key • Ciphertext: scrambled data • Plaintext: original or unscrambled data
Encrypted messages provide integrity and confidentiality • Protect data • data encrypted before transmission and decrypted afterward • Checksums protect data integrity • Attach a checksum to data before enryption • After decryption, receiver verifies checksum • Detect modifications of data by someone who doesn’t know encryption key
Symmetric Cryptosystems • Examples:DES (data encryption standard), triple-DES, idea, blowfish, RC4, RC5 • Uses same key for encryption & decryption • Both parties must share same key • With static keys: • User needs different key for every other user or service provider • Service provider maintains key for every user • Or, use mutually-trusted intermediary to generate and distribute session key to both parties • E.g., Kerberos Key Distribution Center
Symmetric Encryption Key Distribution Using Kerberos • Each client and server register their keys with Kerberos authentication server in advance • Client wants to communicate with service provider: sends client and service provider names to Kerberos authentication server • Kerberos server randomly generates a session key that will be used for symmetric encryption between client and server • Kerberos server sends session key to client as well as a ticket that contains client’s name and session key, all encrypted with server’s key
Key Distribution Using Kerberos (cont.) • Client caches encrypted session key and ticket, which are valid for some period • Reduces number of authentication requests to server • Client forwards ticket to service provider AND sends server a timestamp encrypted using the session key • Server decrypts ticket and extracts session key • Server uses session key to decrypt timestamp, checks that it is recent • If client needs to authenticate server, server encrypts the timestamp with the session key and sends to client
Asymmetric Cryptography • Also Public Key cryptography (PKI) • E.g., RSA or DSA (digital signature algorithm) • Uses a pair of keys for encryption and decryption • Knowledge of one key does not reveal the other • Public key: published and available to anyone • Private key: secret, known to only one party • Advantage: can disseminate public key freely • Disadvantage: significantly worse performance than symmetric encryption • Because of performance, rarely used in isolation • Used in combination with symmetric encryption
Using Asymmetric Encryption to Exchange a Symmetric Key • Sender generates a symmetric session key and an associated checksum • Sender encrypts key and checksum using recipient’s public key and sends them to recipient • Recipient decrypts key and checksum using its private key • Recipient verifies checksum is correct and extracts session key • Communication proceeds using symmetric encryption with the session key
Using Asymmetric Encryption to Exchange Symmetric Key (cont.) • Pay asymmetric performance penalty at startup but not on every block transferred • Relies on each party knowing public keys or relying on trusted third party (CA) to verify public keys • Otherwise, attacker could replace public key with different public key that has a private key known by attacker
Encryption with PGP (Pretty Good Privacy) • Provides integrity, authentication and confidentiality for email and data files • Sender: • Computes a message digest (similar to a checksum) • Encrypts original message using symmetric cryptography with a message key • Encrypts the message digest with asymmetric cryptography using the private key of the sender • Provides a digital signature (integrity) • Encrypts the message key with asymmetric cryptography using recipient’s public key
PGP (Pretty Good Privacy) (cont.) • Recipient: • Decrypts message digest using public key of sender • Decrypts message key using its own private key • Uses message key to decrypt original message • Verifies the correctness of message using digest
Digital Signatures • Does not require encryption of original message • Message digest • Computationally infeasible for another message to produce the same digest • Encrypted • Attached to message • Can detect if message was altered during transmission • Provides a digital signature
Summary • Security Issues : Trust and Reputation • Authentication • Password-based • Kerberos authentication • SSL authentication • Certification authorities • Authorization • Integrity and Confidentiality • Symmetric and asymmetric cryptography • PGP (Pretty Good Privacy) • SSL