We think you have liked this presentation. If you wish to download it, please recommend it to your friends in any social system. Share buttons are a little bit lower. Thank you!
Presentation is loading. Please wait.
Published bySawyer Boff
Modified about 1 year ago
GRID Security Infrastructure: Overview and problems PKI-COORD Meeting, Amsterdam November 26, 2001 Yuri Demchenko
©2001. Yu.Demchenko. TERENA GRID Security Infrastructure: Overview and problems Slide _2 Outlines Security Issues in Grid computing Grid Security Infrastructure OCR – Online Credential Retrieval Restricted Delegation Certificate Profile DataGRID Security related activity
©2001. Yu.Demchenko. TERENA GRID Security Infrastructure: Overview and problems Slide _3 Security Issues in Grid computing General issues: Traditional systems are user/client/host centric Grid computing is data centric Traditional systems: Protect system from its users Protect data of one user from compromise In Grid systems: Protect applications and data from system where computation execute Stronger/mutual authentication needed (for users and code) u Ensure that resources and data not provided by a attacker Protect local execution from remote systems Different admin domains/Security policies
©2001. Yu.Demchenko. TERENA GRID Security Infrastructure: Overview and problems Slide _4 Security Issues in Grid computing - Components Authentication u Password based u Kerberos based (authentication and key distribution protocol) u SSL authentication u PKI/Cert based Authorisation Integrity and confidentiality u Cryptography Assurance Accounting Audit
©2001. Yu.Demchenko. TERENA GRID Security Infrastructure: Overview and problems Slide _5 Authentication Traditional systems: Authenticate user/client to protect system Grid systems: Mutual authentication required u Ensure that resources and data not provided by a attacker Delegation of Identity u Process that grants one principal the authority to act as another individual u Assume another’s identity to perform certain functions u E.g., in Globus: use gridmap file on a particular resource to map authenticated user user onto another’s account, with corresponding privileges Data origin authentication
©2001. Yu.Demchenko. TERENA GRID Security Infrastructure: Overview and problems Slide _6 Authorisation Traditional systems: Determine whether a particular operation is allowed based on authenticated identity of requester and local information Grid systems: Determine whether access to resource/operation is allowed u Access control list associated with resources, principal or authorised programs Distributed Authorisation u Distributed maintenance of authorisation information u One approach: Embed attributes in certificates –Restricted proxy: authorisation certificate that grants authority to perform operation on behalf of grantor u Alternative: separate authorisation server Use of CAS (Community Authorisation System) for group authorisation
©2001. Yu.Demchenko. TERENA GRID Security Infrastructure: Overview and problems Slide _7 Assurance, Accounting, Audit Assurance u When service is requested, to assure that candidate service provider meets requirements Accounting u Means of tracking, limiting or changing for consumption of resources Audit u Record operations performed by systems and associate actions with principals u Find out what went wrong: typical role of Intrusion Detection Systems
©2001. Yu.Demchenko. TERENA GRID Security Infrastructure: Overview and problems Slide _8 GRID Security Infrastructure (GSI) Current situation: Globus assumes Hierarchical CA architecture with one top-level CA Interdomain authorisation is based on X.509 identity certificates Authentication and Authorisation Mapping of user certificates to user accounts GSI uses proxy credentials to allow for single sign-on and to provide delegated credentials for use by agent and servers u Online Credential Retrieval to create and manage proxy certificates u Next development: impersonation certificate and restricted delegation certificate GSI problems: Thousands of users – thousands of Certs – many of CAs (with different policies) Grid-wide user group and roles are needed u No grid-wide logging or auditing Need for anonymous users Protocol to access personal credential for OCR
©2001. Yu.Demchenko. TERENA GRID Security Infrastructure: Overview and problems Slide _9 GSI Roadmap: Grid Security Requirements A Grid security solution should be based on existing standards wherever possible. Grid authentication requirements: u Single sign on u Delegation u Integration with various local security solutions u User-based trust relationships Grid requirements for communication protection: u Flexible message protection u Supports various reliable communication protocols u Supports independent data units (IDU) Grid authorization requirements: u Authorization by stakeholders u Restricted delegation
©2001. Yu.Demchenko. TERENA GRID Security Infrastructure: Overview and problems Slide _10 GSI authentication requirements Single sign on Users must be able to "log on" (authenticate) just once and then have access to any resource in the Grid that they are authorized to use, without further user intervention. Delegation A user must be able to endow to a program the ability to run on that user's behalf, so that the program is able to access the resources on which the user is authorized. The program should (optionally) also be able to further delegate to another program. Integration with various local security solutions Each site or resource provider may employ any of a variety of local security solutions, including Kerberos, Unix security, etc. The Grid security solution must be able to interoperate with these various local solutions. It cannot require wholesale replacement of local security solutions, but rather must allow mapping into the local environment. User-based trust relationships In order for a user to use resources from multiple providers together, the security system must not require each of the resource providers to cooperate or interact with each other in configuring the security environment. In other words, if a user has the right to use sites A and B, the user should be able to use sites A and B together without requiring the security administrators from sites A and B to interact.
©2001. Yu.Demchenko. TERENA GRID Security Infrastructure: Overview and problems Slide _11 GSI requirements for communication protection Flexible message protection An application must be able to dynamically configure a service protocol to use various levels of message protection, including none, just integrity, or integrity plus confidentiality. The choice may be motivated by factors such as sensitivity of the messages, performance requirements, the parties involved in the communication, and the infrastructure over which the message is transiting. Supports various reliable communication protocols While TCP is the dominant, and widely available, reliable communication protocol for the Internet, the security mechanisms must be usable with a wide assortment of other reliable communication protocols. For example, performance requirements may dictate the use of non-TCP protocols for use within specialized environments. Supports independent data units (IDU) Some applications require "protection of a generic data unit (such as a file or message) in a way which is independent of the protection of any other data unit and independent of any concurrent contact with designated 'receivers' of the data unit" . For example, streaming media, , and unreliable UDP datagrams all require this form of protection.
©2001. Yu.Demchenko. TERENA GRID Security Infrastructure: Overview and problems Slide _12 GSI authorization requirements Authorization by stakeholders Resource owners or stakeholders must be able to control which subjects can access the resource, and under what conditions. Restricted delegation In order to minimize exposure from compromised or misused delegated credentials, it is desirable to have rich support for the restriction of the authorization rights that are delegated.
©2001. Yu.Demchenko. TERENA GRID Security Infrastructure: Overview and problems Slide _13 GSI WG documents (1) Grid Security Infrastructure (GSI) Roadmap - February 2001 An informational draft, providing an overview of GSI and the technical specifications that define GSI u Internet X.509 Public Key Infrastructure Proxy Certificate Profile - July 2001 A technical specification draft of the X.509 certificate extensions required to support proxies, which is used for GSI single sign-on and delegation u GSI Online Credential Retrieval - Requirements - October 2001 A technical specification draft of TLS (SSL) protocol extensions to allow delegation of X.509 Proxy Certificates u Multiple Credentials - Scenarios and Requirements - September 2001 Describes a number of scenarios where entities on Grid require multiple credentials. It details the requirements these scenarios place on the security infrastructure of the Grids u 01.pdfhttp://www.gridforum.org/security/ggf3_ /drafts/draft-ggf-multi-creds-requirements- 01.pdf
©2001. Yu.Demchenko. TERENA GRID Security Infrastructure: Overview and problems Slide _14 GSI WG documents (2) Internet X.509 PKI Impersonation Certificate Profile– February 2001 u Internet X.509 PKI Restricted Delegation Certificate Profile – February 2001 u TLS Delegation Protocol- July 2001 A technical specification draft of TLS (SSL) protocol extensions to allow delegation of X.509 Proxy Certificates u GSS-API Extensions - September 2001 A technical specification draft of GSS-API extensions, which are required for effective Grid programming using GSS-API u Akenti Restriction Language in X509 Proxy Certificates - July 2001 u
©2001. Yu.Demchenko. TERENA GRID Security Infrastructure: Overview and problems Slide _15 Online Credential Retrieval (OCR) Definition: OCR service defines TLS (SSL) protocol extensions to allow delegation of X.509 Proxy Certificates and secure remote access to private credentials Goal: to avoid drawbacks in personal management of credentials by users (private key protection, mobile/remote access, need for multiple credentials) Authentication in GSI is based on proxy credentials u Proxy credential consists of proxy certificate and an associated private key u Proxy certificate is an X.509 certificate that is derived from a standard X.509 end entity (EE) certificate or another proxy certificate and signed with the private key associated with the source certificate u Proxy credential has limited lifetime to limit vulnerability of the EE private key: user create proxy credential once using its private key
©2001. Yu.Demchenko. TERENA GRID Security Infrastructure: Overview and problems Slide _16 OCR Requirements – GGF Draft OCR usage scenarios/operations Credential Initialisation Credential renewal Transparent Credential retrieval Adding Delegation to Existing Protocols Multiple Credentials Requirements to Protocols: Credential Retrieval Protocol, Credential Upload Protocol, Administration Protocol Credential Server Credential Repository
©2001. Yu.Demchenko. TERENA GRID Security Infrastructure: Overview and problems Slide _17 OCR Related works IETF SACRED WG Many of requirements are similar to OCR’s Difference: u SACRED requirements state that the credential format MUST be opaque to the protocol and the protocol MUST NOT force credentials to be present in cleartext at the server –This requirement disallow X.509 proxy delegation as defined by OCR requirements IETF PKIX WG u OCR performs tasks similar to PKIX online management of credentials (retrieving certificates and certificate revocation lists, online certificate status protocol) u Difference: OCR involves private key that must be kept secret
©2001. Yu.Demchenko. TERENA GRID Security Infrastructure: Overview and problems Slide _18 Internet X.509 PKI Restricted Delegation Certificate Profile – GGF Draft Extension to Impersonation Certificate (IC) u Delegation extension u Restricted rights extension Address trust issues of the unrestricted Impersonation Certificate use in permitting agent to operate on behalf of an end entity in the environment of X.509 based authorisation Describes relation between IC with Restricted Rights and Attribute Certificates (AC) and defined scenario for use of AC u Difference that current secure protocols (used by Grid) pass ICs between entities but ACs have to be searched for by the relying party
©2001. Yu.Demchenko. TERENA GRID Security Infrastructure: Overview and problems Slide _19 GGF Certificate Policy Design WG - Documents Public Key Technology Policy Requirements for Grid Identification - October 11,2000 –http://www.gridcp.es.net/Documents/PKI_Requirements_for_Grid_Id.pdfhttp://www.gridcp.es.net/Documents/PKI_Requirements_for_Grid_Id.pdf u Goals: –develop community policy that allows grid resource managers to accept authentication certificates generated by and or for different Grid –reduce the number of authentication certificates a grid user has to posses in order to authenticate to multiple Grids u Related to efforts within the US Federal Bridge Certification Authority to bridge top- level federal agency PKI certificate policies Grid Certificate Policy version 5 u Defines four certificate policies representing four different assurance levels (Rudimentary, Basic, Medium, and High) for GGF public key digital certificates Next meeting – GGF4, Toronto u To discuss: Grid CP version 5, Repository model, Certificate Profile
©2001. Yu.Demchenko. TERENA GRID Security Infrastructure: Overview and problems Slide _20 DataGRID Security related activity Collect Security requirements from different packages u No official security requirements or policy definitions Started in different Work packages: WP2, WP6, WP7 u But ill coordinated u Few Workshops and devoted meeting Compare GSI to security solutions in other middleware Globus development is not not so open and speedy All new Grid related projects (DataTAG) have special WP on Security
©2001. Yu.Demchenko. TERENA GRID Security Infrastructure: Overview and problems Slide _21 Observation – other GGF problems GGF authority is not clear for individual Grid projects Some GGF developments are coordinated between themselves u Where to place Security issues: Data or Network u Compare to work of IETF Technical problem: contradiction with some similar IETF developments, e.g. u PKIX u SACRED
National Computational Science National Center for Supercomputing Applications National Computational Science GSI Online Credential Retrieval Requirements.
Grid Security. Typical Grid Scenario Users Resources.
Authorisation, Authentication and Security Guy Warner NeSC Training Team Induction to Grid Computing and the EGEE Project, Vilnius,
DGC Paris Community Authorization Service (CAS) and EDG Presentation by the Globus CAS team & Peter Kunszt, WP2.
Chapter 23 Internet Authentication Applications Kerberos Overview Initially developed at MIT Software utility available in both the public domain and.
Lecture 23 Internet Authentication Applications modified from slides of Lawrie Brown.
Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.
Military Technical Academy Bucharest, 2006 SECURITY FOR GRID INFRASTRUCTURES - Grid Trust Model - ADINA RIPOSAN Department of Applied Informatics.
Military Technical Academy Bucharest, 2006 GRID SECURITY INFRASTRUCTURE (GSI) - Globus Toolkit - ADINA RIPOSAN Department of Applied Informatics.
GT 4 Security Goals & Plans Sam Meder
1 Grid School Module 4: Grid Security. 2 Typical Grid Scenario Users Resources.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 22 – Internet Authentication.
3-Nov-00D.P.Kelsey, HEPiX, JLAB1 Certificates for DataGRID David Kelsey CLRC/RAL, UK
Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 23: Internet Authentication Applications.
Security Issues in Grid Computing Reading: Grid Book, Chapter 16: “Security, Accounting and Assurance” By Clifford Neuman.
E-Science Security Roadmap Grid Security Task Force From original presentation by Howard Chivers, University of York Brief content: Seek feedback on.
Grid Security Issues Shelestov Andrii Space Research Institute NASU-NSAU, Ukraine.
Abdelilah Essiari Gary Hoo Keith Jackson William Johnston Srilekha Mudumbai Mary Thompson Akenti - Certificate-based Access Control for Widely Distributed.
Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.
Grid Security Infrastructure Tutorial Von Welch Distributed Systems Laboratory U. Of Chicago and Argonne National Laboratory.
1 Directory related work in the Global Grid Forum 3rd TF-LSD Meeting in Antalya Peter Gietz
Policy Based Dynamic Negotiation for Grid Services Authorization Infolunch, L3S Research Center Hannover, 29 th Jun Ionut Constandache Daniel Olmedilla.
Security fundamentals Topic 5 Using a Public Key Infrastructure.
Security Protocols Sathish Vadhiyar Sources / Credits: Kerberos web pages and documents contained / pointed.
Grid Security 1. Grid security is a crucial component Need for secure communication between grid elements Authenticated ( verify entities are who they.
Grid Computing, B. Wilkinson, 20045a.1 Security Continued.
Slides for Grid Computing: Techniques and Applications by Barry Wilkinson, Chapman & Hall/CRC press, © Chapter 1, pp For educational use only.
Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.
Donkey Project Introduction and ideas around February 21, 2003 Yuri Demchenko.
The Community Authorisation Service – CAS Dr Steven Newhouse Technical Director London e-Science Centre Department of Computing, Imperial College London.
Proxy Certificate Profile Douglas E. Engert Argonne National Laboratory 12/14/2001 COPYRIGHT STATUS: Documents authored by Argonne National.
70-294: MCSE Guide to Microsoft Windows Server 2003 Active Directory Chapter 9: Active Directory Authentication and Security.
Generic AAA model in Grids IRTF - AAAARCH meeting IETF 52 – Dec 14 th Salt Lake City Leon Gommans Advanced Internet Research Group.
MyProxy: A Multi-Purpose Grid Authentication Service Jim Basney Senior Research Scientist NCSA
Access Control Methodologies Chapter 2. Basics of Access Control Access control is a collection of methods and components –Supports confidentiality (protects.
Security, Accounting, and Assurance Mahdi N. Bojnordi 2004
WLCG Authentication & Authorisation LHCOPN/LHCONE Rome, 29 April 2014 David Kelsey STFC/RAL.
User Authentication fundamental security building block basis of access control & user accountability is the process of verifying an identity claimed.
Russ Housley IETF Chair Founder, Vigil Security, LLC 8 June 2009 NIST Key Management Workshop Key Management in Internet Security Protocols.
11 DESIGNING A PUBLIC KEY INFRASTRUCTURE Chapter 9.
Kerberos and PKI Cooperation Daniel Kouřil, Luděk Matyska, Michal Procházka Masaryk University AFS & Kerberos Best Practices Workshop 2006.
Manish Mehta, CS 590L Authentication Services in Open Grid Services by Manish Mehta April 27, 2004.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Cryptography and Network Security Chapter 14 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
Resource PKI: Certificate Policy & Certification Practice Statement Dr. Stephen Kent Chief Scientist - Information Security.
VOMS Attribute Authorities Michael Helm ESnet/LBNL 23 Feb 2007.
Helsinki Institute of Physics (HIP) Liberty Alliance Overview of the Liberty Alliance Architecture Helsinki Institute of Physics (HIP), May 9 th.
National Center for Supercomputing Applications Integrating MyProxy with Site Authentication Jim Basney Senior Research Scientist National Center for Supercomputing.
Network Security - G. Steffen. User Authentication fundamental security building block basis of access control & user accountability is the process.
© 2017 SlidePlayer.com Inc. All rights reserved.