1 / 25

Latest relevant Techniques and applications

Distributed Systems. Latest relevant Techniques and applications. Outline. Services: DNSSEC Architecture Models: Grid Network Protocols: IPv6 Design Issues: Security The Future: World Community Grid. Services: DNSSEC. DNS.

mills
Download Presentation

Latest relevant Techniques and applications

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Distributed Systems Latest relevant Techniques and applications

  2. Outline • Services: DNSSEC • Architecture Models: Grid • Network Protocols: IPv6 • Design Issues: Security • The Future: World Community Grid

  3. Services: DNSSEC

  4. DNS • Large distributed database for name-to-ip resolution (ex: DNS Query) • Was not originally designed with security in mind – naturally has security flaws: • Packet interception • DNS cache poisoning / Name chaining • ID guessing [RFC 3833, 2004]

  5. DNSSEC – suite of IETF specifications for securing information provided by DNS and IP. • Authentication of origin • Data integrity • Backwards compatibility [RFC 3833, 2004]

  6. RFC 2065 published in 1997, but problems have existed since then and are still being worked out • Did not scale well for the internet • Backwards compatibility • Who should own TLD root keys • Complexity of deployment • Proposed Standard is currently RFC 4033

  7. Works by digitally signing DNS responses to lookups using public-key cryptography. • DNS records RRSIG, DNSKEY, DS, and NSEC DNS records created. • RRSIG is the digital signature of the response. Verified using the public key found in DNSKEY record. • DS records are for designated signers.

  8. Start with a trusted DNS root. Look up the DS record for TLD to verify the DNSKEY records for that TLD. • Next, check if DS record for site.com exists in the TLD zone, and if so, use that to verify the DNSKEY found in the site.com zone. • Finally, verify RRSIG record found in the A records for www.site.com [RFC 4033, 2005]

  9. Architectural Model: Grid

  10. Grid Architecture • Use idle machine for more efficient use of the resources such as cpu, memory, storage, bandwidth, databases, etc. • Geographically dispersed • Must be provisioned to determine location, availability, and scheduling of resources. [IT Pro, 2004]

  11. Related Terms: Comparison • Utility Computing: Leased like a utility from a company. Expect providers to switch to using grids (Sun, for example) • Cluster computing: machines usually closely coupled and connected through high speed network – generally in the same room. • P2p: considered to be an application that uses grid services for file sharing, whereas the grid can allow for sharing of any resource type.

  12. Cloud computing: Very similar to grid. So similar it’s difficult to pull out the differences and different people state different things… • Overall, many sources mention “on-demand” for cloud computing, whereas grid computing focuses on one problem at a time. [IT Pro, 2004]

  13. Not all applications are efficient on a grid – must have high levels of parallelism in order to be effective and overcome the overhead involved with grid computing.

  14. Network Protocols: IPv6

  15. Defined in 1998 by Internet Engineering Task Force (IETF), RFC 2460 • Main feature is much larger number of addresses • IPv4 uses 32 bits, allowing for 232 addresses, whereas IPv6 uses 128 bits (2128 addresses) • Other changes include network security, improved routing, extensibility, among others. [Geer, 2005]

  16. http://www.fh-wedel.de

  17. Many benefits available from the extensive amount of IP addresses. Ex: • Distributed applications on cell phones • Japanese windshield wipers for taxi cabs • Track devices for warranties, upgrade / repair, emergencies • Smart homes [Geer, 2005]

  18. Main difficulty is making the switch from IPv4 to IPv6. • Difficult to mix the two • Users generally do not feel the push to switch, especially since NAT has become widespread

  19. Design Issues: Security

  20. Secure communications between two machines: • Grid Security Infrastructure (GSI) • Mutual authentication • Public key cryptography • Certificates • Single sign-on [Globus]

  21. In grid computing, we can protect the host by: • Sandboxing • Virtualization • Flexible kernel [Chakrabarti et. al., 2008] • Can we protect the privacy of the grid user?

  22. The Future: World Community Grid (Or Cloud)

  23. World Community Grid • An idea where the grid exists across the internet, and the world is all connected to the grid • Would allow millions of idle processors to be used more efficiently

  24. Will be very difficult to achieve • Security (unknown users connecting to unknown machines) • Network issues • Control

  25. References • RFC 3833: Threat Analysis of the Domain Name System, The Internet Society, August 2004 • RFC 4033: DNS Security Introduction and Requirements, The Internet Society, March 2005 • http://www.globus.org/security/overview.html • http://www.fh-wedel.de • "Grid computing 101: what's all the fuss about?," IT Professional , vol.6, no.2, pp. 25-33, March-April 2004 • D. Geer, “In Brief: IPv6 and Distributed Applications,” IEEE Distributed Systems Online, vol. 6, no.12, December 2005 • Chakrabarti, A.; Damodaran, A.; Sengupta, S., “Grid Computing Security: A Taxonomy,” Security & Privacy, IEEE, vol. 6, no.1, pp.44-51, Jan-Feb. 2008

More Related