Docstoc

lecture3

Document Sample
lecture3 Powered By Docstoc
					 Security Issues in
  Grid Computing

 Reading: Grid Book, Chapter 16:
“Security, Accounting and Assurance”
        By Clifford Neuman
            Security Issues
Traditional systems:
l Protect a system from its users

l Protect data of one user from compromise


In Grid systems:
l Protect applications and data from system

  where computation executes
l Stronger authentication needed (for users

  and code)
l Protect local execution from remote

  systems
l Different admin domains/security policies
                 Organization
l   Authentication
    qPassword-based
    qKerberos authentication
    qSSL authentication
    qCertification authorities
l   Authorization
l   Integrity and Confidentiality
    qSymmetric and asymmetric cryptography
    qPGP (Pretty Good Privacy)
    qSSL
             Organization (cont.)
l   More Security Issues
    qAssurance
    qAccounting
    qAudit
l   More Security Technologies
    qIPSec and IPv6
    qVPN (Virtual Private Networks)
    qFirewalls
    qGSS-API
                 Authentication
l   Process of verifying identity of a participant to
    an operation or request

l   Principal: entity whose identity is verified
    qlocal user OR user logged into remote system

l   Traditional systems: authenticate client to
    protect server
l   Grid systems: mutual authentication required
    qEnsure that resources and data not provided by
     an attacker
       Authentication Methods:
    Password-based Authentication
l   Send unencrypted passwords:
    only suitable when messages can’t be read by
      untrusted processes while on network

l   Instead: Prove knowledge of a password:
    qDon’t send password over network
    qUse password as an encryption key
    qEncrypt a known but non-repeating value
    qSend encrypted value to party verifying
     authentication
    qBoth parties must know password or trust a
     third-party to distribute it
        Authentication Systems:
               Kerberos
l   Authentication and key distribution
    protocol
    qUsed with symmetric encryption systems
     (both sides must share same key)
    qBetter performance than systems using
     public key or asymmetric cryptography
l   Well-suited to frequent authentication
l   Centrally administered
l   Requires trusted, on-line certification
    authority: Key Distribution Center (KDC)
     Using Kerberos to authenticate a
            client and a server
1.   Each client and server register their keys in
     advance with Kerberos authentication server
2.   Client wants to communicate with service
     provider: sends client and service provider names
     to Kerberos authentication server
3.   Kerberos server randomly generates a session key
     that will be used for symmetric encryption
     between client and server
4.   Kerberos server sends session key to client as well
     as a ticket that contains client’s name and
     session key, all encrypted with server’s key
     Kerberos Authentication (cont.)
5.   Client caches encrypted session key and ticket,
     which are valid for some period
     q Reduces number of authentication requests to
       server
6.   Client forwards ticket to service provider AND
     sends server a timestamp encrypted using the
     session key
7.   Server decrypts ticket and extracts session key
8.   Server uses session key to decrypt timestamp and
     checks that timestamp is recent
9.   If client needs to authenticate server, server
     encrypts the timestamp with the session key and
     sends it back to client
       Authentication Systems:
      Secure Sockets Layer (SSL)
l   Widely-deployed: every web browser!

l   Client authenticates identity of the server

l   Send a session key from client to server to
    set up an encrypted communication

l   Server has a certificate that contains its
    public key

l   If client has a certificate, can authenticate
    itself to the server
Using SSL to authenticate a server
1.   Client web browser with SSL contacts web server
     with SSL
2.   Server sends public-key certificate to client
3.   Client uses public key of a trusted Certificate
     Authority (CA) to verify server’s certificate is valid
4.   Client verifies that hostname embedded in
     certificate is hostname of intended server
5.   Client extracts server’s public key from certificate
6.   Client uses server’s public key to encrypt a
     session key for a symmetric cryptosystem
7.   Client sends encrypted session key to server
8.   Server uses its private key to decrypt session key
9.   Client and server communicate using symmetric
     cryptosystem with session key
              Certificates and
      Certification Authorities (CA)
l   Certification mechanism provides binding
    between encryption key and authenticated
    identity
l   Certification authority (CA) is a third party
    that certifies or validates the binding
l   CA issues a certificate and signs it
l   Certificate is a data object that contains:
    qDistinguished name of a principal
    qIn asymmetric cryptographic systems: the
     public key of the principal
    qOptional attributes: authorizations, group
     memeberships, email addresses, alternate
     names
           Certification (cont.)
l   X.509 certificates:most widely used format
    qWeb browsers
    qSecure email services
    qPublic-key-based electronic payment
     systems
l   Validating the binding
    qVerifier must know the CA’s public key
    qUses CA’s public key to validate CA’s
     signature
l   Hierarchy of CAs: each CA certified by
    higher-level CA except for root CA(s)
l   Applications and servers must know public
    key of trusted root CAs
       Data Origin Authentication
l   Provides assurance that a particular
    message, data item or executable
    originated with a particular principal
    qDetermines whether program was modified
     or sent by attacker
          Delegation of Identity
l   Process that grants one principal the
    authority to act as another individual
l   Assume another’s identity to perform
    certain functions


l   E.g., in Globus: use the gridmap file on a
    particular resource to map authenticated
    user onto another’s account, with
    corresponding privileges
        Reminder: Organization
l   Authentication
    qPassword-based
    qKerberos authentication
    qSSL authentication
    qCertification authorities
l   Authorization
l   Integrity and Confidentiality
    qSymmetric and asymmetric cryptography
    qPGP (Pretty Good Privacy)
    qSSL
                  Authorization
l   Process that determines whether a particular
    operation is allowed
l   Traditionally: based on authenticated identity of
    requester and local information
    q Access Control Lists (ACLs)

l   Grids: determine whether access to resource is
    allowed
    q Might have access control lists associated with
      resources, principals or authorized programs
    q User-provided code must also be authenticated
         Distributed Authorization
l   E.g., Distributed Computing Environment
l   Systems still being developed

l   Distributed maintenance of authorization
    information:
    q Group membership
    q Access control lists

l   Need to verify the authenticity of authorization
    (and assurance) information
l   One approach: Embed these attributes in
    certificates
    q Signed by trusted third-party
    q “Privilege attribute certificates”
    Distributed Authorization (cont.)
l   Restricted proxy: authorization certificate
    that grants authority to perform operation
    on behalf of grantor
    qRestricted for access to particular objects
    qOnly when specified restrictions are
     satisfied

l   Alternative: separate authorization server
l   Party providing a service checks with
    server whether a named principal is
    authorized
         Delegation of Authority
l   User or process that is authorized to
    perform an operation can grant authroity
    to perform the operation to another
    process
l   More restricted than identity delegation
l   In Grids:
    qUsed for tasks that run remotely on grid
     that must read or write data stored across
     the network
    qE.g., resource manager allocates a node to
     a job and delegates to job’s initator
     authority to use that node
      Integrity and Confidentiality
l   Protect data during transmission on
    network
    qAnyone connected to an open network may
     observe, insert or possibly remove
     messages
l   Cryptography
    qEncryption: scrambles data in a way that
     varies based on a secret encryption key
    qDecryption: unscramble data using
     corresponding decryption key
    qCiphertext: scrambled data
    qPlaintext: original or unscrambled data
     Encrypted messages provide
      integrity and confidentiality
l   Protect data from eavesdroppers
    qdata encrypted before transmission and
     decrypted afterward

l   Checksums protect data integrity
    qAttach a checksum to data before enryption
    qAfter decryption, receiver verifies checksum
    qDetect modifications of data by someone
     who doesn’t know encryption key
       Symmetric Cryptosystems
l   Examples:DES (data encryption standard),
    triple-DES, idea, blowfish, RC4, RC5
l   Uses same key for encryption & decryption
l   Both parties must share same key
l   With static keys:
    qUser needs different key for every other
     user or service provider
    qService provider maintains key for every
     user
l   Or, use mutually-trusted intermediary to
    generate and distribute session key to both
    parties
    qE.g., Kerberos Key Distribution Center
         Symmetric Encryption
     Key Distribution Using Kerberos
1.   Each client and server register their keys with
     Kerberos authentication server in advance
2.   Client wants to communicate with service
     provider: sends client and service provider names
     to Kerberos authentication server
3.   Kerberos server randomly generates a session key
     that will be used for symmetric encryption
     between client and server
4.   Kerberos server sends session key to client as well
     as a ticket that contains client’s name and
     session key, all encrypted with server’s key
           Key Distribution Using
             Kerberos (cont.)
5.   Client caches encrypted session key and ticket,
     which are valid for some period
     q Reduces number of authentication requests to
       server
6.   Client forwards ticket to service provider AND
     sends server a timestamp encrypted using the
     session key
7.   Server decrypts ticket and extracts session key
8.   Server uses session key to decrypt timestamp,
     checks that it is recent
9.   If client needs to authenticate server, server
     encrypts the timestamp with the session key and
     sends to client
        Asymmetric Cryptography
l   Also Public Key cryptography (PKI)
l   E.g., RSA or DSA (digital signature algorithm)

l   Uses a pair of keys for encryption and decryption
    q Knowledge of one key does not reveal the other

l   Public key: published and available to anyone
l   Private key: secret, known to only one party

l   Advantage: can disseminate public key freely
l   Disadvantage: significantly worse
    performance than symmetric encryption
    q Because of performance, rarely used in isolation
    q Used in combination with symmetric encryption
     Using Asymmetric Encryption to
       Exchange a Symmetric Key
1.   Sender generates a symmetric session key
     and an associated checksum
2.   Sender encrypts key and checksum using
     recipient’s public key and sends them to
     recipient
3.   Recipient decrypts key and checksum
     using its private key
4.   Recipient verifies checksum is correct and
     extracts session key
5.   Communication proceeds using symmetric
     encryption with the session key
    Using Asymmetric Encryption to
    Exchange Symmetric Key (cont.)
l   Pay asymmetric performance penalty at
    startup but not on every block transferred
l   Relies on each party knowing public keys
    or relying on trusted third party (CA) to
    verify public keys
l   Otherwise, attacker could replace public
    key with different public key that has a
    private key known by attacker
            Encryption with
       PGP (Pretty Good Privacy)
l   Provides integrity, authentication and
    confidentiality for email and data files
l   Sender:
    qComputes a message digest (similar to a
     checksum)
    qEncrypts original message using symmetric
     cryptography with a message key
    qEncrypts the message digest with
     asymmetric cryptography using the private
     key of the sender
       Ø Provides a digital signature (integrity)
    qEncrypts the message key with asymmetric
     cryptography using recipient’s public key
PGP (Pretty Good Privacy) (cont.)
l   Recipient:
    qDecrypts message digest using public key
     of sender
    qDecrypts message key using its own
     private key
    qUses message key to decrypt original
     message
    qVerifies the correctness of message using
     digest
             Digital Signatures
l   Does not require encryption of original
    message
l   Message digest
    qComputationally infeasible for another
     message to produce the same digest
    qEncrypted
    qAttached to message
    qCan detect if message was altered during
     transmission
l   Provides a digital signature
        Reminder: Organization
l   More Security Issues
    qAssurance
    qAccounting
    qAudit
l   More Security Technologies
    qIPSec and IPv6
    qVPN (Virtual Private Networks)
    qFirewalls
    qGSS-API
    More Security Issues: Assurance
l   Service requester has requirements for:
     q performance, security, reliability
l   Does candidate service provider meet these
    requirements?

l   Form of authorization (“accreditation”) used to
    validate service provider

l   Grid example: check assurance credentials when
    selecting nodes for computation:
     q Do they meet performance, reliability, or security
       requirements?

l   Assurance schemes: not widely deployed
More Security Issues: Accounting
l   Means of tracking, limiting or charging for
    consumption of resources
l   Critical for fair allocation of resources
l   Tied in with authorization

l   In the grid: accounting is critical
    q Need a means of payment
        Ø Correctly charge user at time a resource is consumed
    q Need an incentive to make resources available

l   Grids require a distributed mechanism to maintain
    quotas across systems
    q Prevent users from exceeding resource limits by
      spreading use across machines

l   Grid accounting schemes still being developed
      More Security Issues: Audit
l   Record operations performed by a system and
    associate actions with principals
    q Problems: Find out what went wrong
    q Security breaches: Intrusion detection
l   In a grid: audit mechanism must be distributed

l   Intrusion Detection
    q Need log of events for later or concurrent analysis
    q Protect confidentiality of audit data
        Ø Vulnerable to modification, deletion or denial of service

l   Grid applications will affect intrusion detection
    algorithms
    q Normal grid activities may look similar to certain
      network attacks
      More Security Technologies:
            IPSec and IPv6
l   Transport layer protection for
    confidentiality and integrity

l   When communication established between
    two network hosts:
    qUse key distribution to exchange key for
     symmetric encryption
l   Key distribution may use Kerberos, PKI, …

l   Keys are associated with hosts, not with
    applications or users
      More Security Technologies:
    Virtual Private Networks (VPNs)
l   Use transport-layer confidentiality and integrity
l   Share physical infrastructure of internet
l   Communication only between participating nodes
l   Protected from disclosure to/modification by nodes
    that are not participants

l   Used when impractical to integrate security at
    application layer
l   Since they operate at tranport layer, cannot:
    q Authenticate end users
    q Understand application-level objects that need
      protection
    q Support security policies that distinguish users &
      application objects
      More Security Technologies:
              Firewalls
l   Provide a barrier at boundary of organization’s
    network
    q Only specifically authorized communication may pass
      through
    q Prevent many attacks on hosts within organization

l   In grids: less useful
    q Grid applications will often require communication
      through firewall

l   Need to integrate IPSec and VPN technologies at
    network boundaries with firewalls
    q Messages on internal network remain unprotected
    q Encrypt/decrypt messages as they leave/enter VPN
      at the firewall
      More Security Technologies:
               GSS-API
l   Generic Security Services Application
    Programming Interface

l   Facilitates integration of security at
    application layer

l   Applications make calls to authentication,
    confidentiality and integrity services
    qCalls are independent of underlying security
     services

				
DOCUMENT INFO
Description: distributed grid,cloud computing