Security on Grids The Grid Security Infrastructure - PowerPoint PPT Presentation

1 / 18
About This Presentation
Title:

Security on Grids The Grid Security Infrastructure

Description:

A Certificate Authority is an entity that exists only to sign user certificates ... signs. Installing a UI for the NGS. 18. User Authorisation to Access Resource ... – PowerPoint PPT presentation

Number of Views:29
Avg rating:3.0/5.0
Slides: 19
Provided by: gcw
Category:

less

Transcript and Presenter's Notes

Title: Security on Grids The Grid Security Infrastructure


1
Security on Grids The Grid Security
Infrastructure
  • Guy WarnerNeSC Training Team

2
Policy for re-use
  • This presentation can be re-used for academic
    purposes.
  • However if you do so then please let
    training-support_at_nesc.ac.uk know. We need to
    gather statistics of re-use no. of events,
    number of people trained. Thank you!!

3
Acknowledgements
  • Some of the slides in this presentation are based
    on / motivated by
  • The presentation given by Carl Kesselman at the
    GGF Summer School 2004. This presentation may be
    found at
  • http//www.dma.unina.it/murli/GridSummerSchool200
    4/curriculum.htm
  • Lectures given by Richard Sinott and John Watt at
    the University of Glasgow. These lectures may be
    found at
  • http//csperkins.org/teaching/2004-2005/gc5/
  • The presentation given by Simone Campana of CERN
    at First Latinamerican Grid Workshop, Merida,
    Venezuela. This presentation may be found at
  • http//agenda.cern.ch/fullAgenda.php?idaa044965

4
The Problem
  • QuestionHow does a user securely access the
    Resource without having an account on the
    machines in between or even on the Resource?
  • QuestionHow does the Resource know who a user
    is and that they are allowed access?

5
Overview
Security
Authentication
Grid SecurityInfrastructure
Encryption Data Integrity
Authorization
6
Approaches to Security 1
The Poor Security House
7
Approaches to Security 2
The Paranoid Security House
8
Approaches to Security 3
The Realistic Security House
9
Approaches to Grid Security
  • The Poor Security Approach
  • Use unencrypted communications.
  • No or poor (easily guessed) identification means.
  • Private identification (key) left in publicly
    available location.
  • The Paranoid Security Approach
  • Dont use any communications (no network at all).
  • Dont leave computer unattended.
  • The Realistic Security Approach
  • Encrypt all sensitive communications
  • Use difficult to break identification means.
  • Keep identification secure at all times (e.g.
    encrypted on a memory stick).
  • Only allow access to trusted users.

10
The Risks of Poor User Security
  • Launch attacks to other sites
  • Large distributed farms of machines, perfect for
    launching a Distributed Denial of Service attack.
  • Illegal or inappropriate data distribution and
    access sensitive information
  • Massive distributed storage capacity ideal for
    example, for swapping movies.
  • Damage caused by viruses, worms etc.
  • Highly connected infrastructure means worms
    spread faster than on the internet in general.

11
Authentication and Authorization
Mongolian Yak Inspector
  • Authentication
  • Are you who you claim to be?
  • Authorisation
  • Do you have access to the resource you are
    connecting to?

12
The Trust Model
slide based on presentation given by Carl
Kesselman at GGF Summer School 2004
13
Public Private Key
Bob
Alice
Life Savings
Life Savings
Life Savings
14
Public Key Infrastructure (PKI)
  • PKI allows you to know that a given key belongs
    to a given user.
  • PKI builds off of asymmetric encryption
  • Each entity has two keys public and private.
  • Data encrypted with one key can only be decrypted
    with other.
  • The public key is public.
  • The private key is known only to the entity.
  • The public key is given to the world encapsulated
    in a X.509 certificate.

slide based on presentation given by Carl
Kesselman at GGF Summer School 2004
15
Certificates
  • Similar to passport or drivers license Identity
    signed by a trusted party

slide based on presentation given by Carl
Kesselman at GGF Summer School 2004
16
Certificate Authorities
  • A small set of trusted entities known as
    Certificate Authorities (CAs) are established to
    sign certificates
  • A Certificate Authority is an entity that exists
    only to sign user certificates
  • Users authenticate themselves to CA, for example
    by use of their Passport or Identity Card.
  • The CA signs its own certificate which is
    distributed in a secure manner.

slide based on presentation given by Carl
Kesselman at GGF Summer School 2004
17
Delegation and Certificates
  • Delegation The act of giving an organization,
    person or service the right to act on your
    behalf.
  • For example A user delegates their
    authentication to a service to allow programs to
    run on remote sites.

18
User Authorisation to Access Resource
slide based on presentation given by Carl
Kesselman at GGF Summer School 2004
19
User Responsibilities
  • Keep your private key secure.
  • Do not loan your certificate to anyone.
  • Report to your local/regional contact if your
    certificate has been compromised.
  • Do not launch a delegation service for longer
    than your current task needs.

If your certificate or delegated service is used
by someone other than you, it cannot be proven
that it was not you.
20
Summary
Write a Comment
User Comments (0)
About PowerShow.com