Overview of Security Standards in the Grid CSE 225 High Performance and Computational Grids Spring 2000 Prepared By kwalsh@ucsd.edu

1
Overview of Security Standards in the
GridCSE 225High PerformanceandComputational
GridsSpring 2000Prepared Bykwalsh_at_ucsd.edu
2
Objectives

• Gain familiarity with computer and network
  security standards.
• Gain understanding of security requirements in
  Grid environments.
• Gain understanding of some standards based
  security technologies present in Grid
  environments.
• Learn about various Grid security models and
  system approaches to security.
• Learn about some test bed implementations of
  security enabled Grid projects.

3
(No Transcript)
4
(No Transcript)
5
Security Domains

• Intradomain - internal to a given location or
  single organization. Contained security
  boundary.
• Interdomain - encompasses two or more locations
  or organizations. Agreed on security boundaries
  and protocols between organizations.

6
Security - The Protection of Assets

• Prevention take measure that protect your assets
  from damage
• Detection take measures that allow you to detect
  when an asset has been damaged, and who caused
  the damage.
• Reaction take measures that allow you to recover
  your assets or recover from damage to your assets.

7
Computer Security

• Confidentiality prevention of unauthorized
  disclosure of information.
• Integrity prevention of unauthorized withholding
  of information.
• Availability prevention of unauthorized
  withholding of information or resources.

8
Network Security (1)

• Trusted Networks
• Identification and Authentication
• Discretionary Access Control
• Labels and Mandatory Access Control
• Audit

9
Technology - Cryptography

• DES (Data Encryption Standard)
• DSA (Digital Signature Algorithm)
• RSA (Rivest, Shamir, and Adelman)
• Blowfish
• IDEA (International Data Encryption Algorithm)
• AES (Advanced Encryption Standard)

10
Technology - SSH (1)

• SSH is a packet-based binary protocol that
  implements a transport layer security mechanism.
• Encompasses authentication, key exchange,
  encryption, and integrity.
• TCP/IP is used as the transport usually
• Basically an end to end encrypted tunnel
• SSH logins the most prevalent between domains.

11
Technology - SSH (2)
12
Technology - PGP

• Pretty Good Privacy
• Public Domain
• Popular for email and email of files
• PGP user builds key ring of all public keys he
  has been given.
• When message of file received from contact, can
  decrypt if key is on key ring

13
Shortcomings of PGP in distributed systems

• Reasonable basis for key management among
  friends, but once it passes the bounds of direct
  friends, the credibility becomes strained.
• Example
• Carols key is P1 signed with P2
• Alices key is P2 signed with P4
• Carols key is P1 signed with P5
• What is the last certificate said Carols key is
  P3 signed with P5?

14
Kerberos (1)

• Supports authentication in distributed systems.
• Used for authentication between intelligent
  processes, client to server tasks or workstation
  to other hosts.
• Basis of Kerberos is central server that provides
  authenticated tokens, called tickets.

15
Kerberos (2)Initiating Kerberos Session
16
Kerberos (3)Obtaining a ticket to access file
17
Kerberos (4)Strengths

• No password communicated on the network.
• Cryptographic protection against spoofing.
• Limited period of validity
• Time stamps to prevent replay attacks
• Mutual authentication

18
Kerberos (5)Shortcomings in distributed systems

• Requires continuous availability of a trusted
  ticket granting service.
• Authenticity of servers requires a trusted
  relationship between the ticket granting server
  and every server.
• Requires timely transactions.
• Subverted workstation can save and later replay
  user passwords.
• Does not scale well.

19
Public Key Infrastructure (1)

• PKI consists of software and procedures put in
  place by an organization
• Supports the use of Public Keys for
  authentication and identifying users, services,
  and confirming digital signatures.
• Public keys usually conform to the X.509 standard
  for certificates, and usually are based on the
  RSA public/private key encryption algorithm

20
Public Key Infrastructure (2)Goals

• Application enabler
• Secure Sign-On
• Secure Single Sign Security
• End-User Transparency
• Comprehensive Security

21
Public Key Infrastructure (3)Components and
Services

• Certification Authority
• Certificate repository
• Certificate Revocation
• Key backup and recovery
• Automatic key update
• Key history management
• Cross-certification
• Support for non-repudiation
• Time stamping
• Client software

22
Public Key Infrastructure (4)Current Standards
Activities

• X.509
• PKIX
• X.500
• LDAP
• S/MIME
• IPsec
• TLS

23
Section Break

• Security in Legion and Globus

24
Security in Legion (1)Design Principals

• 1- As in the Hippocratic Oath, do no harm!
• 2- Caveat emptor - let the buyer beware.
• 3- Small is beautiful.

25
Security in LegionStandards

• X.509 ?
• Keberos ?

26
Security in LegionLegion Security Model
27
Security in Legion (2)Basic Concepts

• Every object provides certain known member
  functions - MayI, CanI, Iam, and Delegate. (Can
  be defaulted to NIL.)
• Two objects associated with each operation a
  responsible agent (RA) and a calling agent (CA)
• Every invocation of member function is performed
  in the context of a certificate which contains
  the Legion Object ID. Certificate digitally
  signed by maker

28
Security in Legion
29
Security in Legion

• Legion users responsible for own security.
• Object might trust that the CA is correct.
• Policies defined by objects themselves.
• Every class defines a special member function,
  MayI.
• MayI defines the security objects for a class.
• Every member function invocation permitted only
  if MayI sanctions it.

30
Security in LegionAutomatic invocation of
outgoing calls
31
Security in Legion

• Authentication aided by use of Legion
  certificates - based on public-key cryptography
  by default. Must know private key to
  authenticate.
• MayI functions can code their own authentication
  protocols
• Every Legion object required to supply special
  member function Iam for authentication purposes.

32
Security in Legion

• Login establishes user identity and creates
  responsibility agent for user.
• Login is building block for authentication and
  delegation.
• Object can delegate new certificate to delegate
  rights.
• Delegation policy defined by object.

33
Security in LegionFuture Work

• Legion does not specify any particular
  encryption. Future standardization?
• Legion eschews distinguished trusted objects -
  centralized key management server
• Composition of a security policy

34
Security in Globus (1)Standards

• Standards subscribed to
• Generic Security Services (GSS) RFC 2078
• Secure Socket Layer (SSL)
• SSleay
• Public Key Cryptography based on X.509
  certificates
• Kerberos

35
Security in Globus (2)
36
Security in Globus (3)Security Requirements

• Single sign-on
• Protection of credentials
• Interoperability with local security solutions
• Exportability
• Uniform credentials/certification infrastructure
• Support for secure group communication
• Support for multiple implementations

37
Layered Architecture
Applications
High-level Services and Tools
GlobusView
Testbed Status
DUROC
globusrun
MPI
Nimrod/G
MPI-IO
CC
Core Services
GRAM
Nexus
Metacomputing Directory Service
Globus Security Interface
Heartbeat Monitor
Gloperf
GASS
38
Security in Globus (4)

• assumes grid consists of multiple trust domains
• assumes resource pool and user population are
  large and dynamic
• interoperate with local security solutions -
  local security policies differ
• authentication exportable - cannot directly or
  indirectly require use of bulk privacy

39
Security in Globus (5)

• uniform credentials/certification - a user will
  be associated differently with site it has access
  to single logon - number of processes used in a
  computation will be dynamic access control

40
Security in Globus (8)
41
Security in Globus (6)Grid Security
Infrastructure

• GSI provides authentication and data integrity
  (data signing, not encryption) services for Unix
  and Windows client/server programs
• Can utilize an X.509 PKI
• GSI library is layered on top of the SSLeay
• Performs the X.509 certificate handling and SSL
  protocol.

42
CREDENTIAL
Single sign-onvia grid-id
Assignment of credentials to user proxies
Globus Credential
Mutual user-resource authentication
Site 2
Mapping to local ids
Authenticated interprocess communication
GSSAPI multiple low-level mechanisms
Certificate
43
Security in Globus (7)
44
(No Transcript)
45
Summary

• Computer security is machine access centric
• Network security is network access centric
• Grid security is application centric
• Inter-domain communications based upon common
  security standards such as PKI.
• Metacomputing approach that embrace security
  standards will be more widely adopted.

46
(No Transcript)
47
(No Transcript)