Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cryptographic Aspects of the Grid Security Cryptographic Aspects of the Grid Security Architecture Olivier Chevassut (LBNL)

Published byMaurice Stewart Modified over 8 years ago

Similar presentations

Presentation on theme: "Cryptographic Aspects of the Grid Security Cryptographic Aspects of the Grid Security Architecture Olivier Chevassut (LBNL)"— Presentation transcript:

1 Cryptographic Aspects of the Grid Security Cryptographic Aspects of the Grid Security Architecture Olivier Chevassut (LBNL)

2 Outline Introduction —motivations —research objectives Modern Cryptography First-Generation Web Services Security Second-Generation Web Services Security Peer-to-Peer Security Conclusion

3 Motivation An increasing number of distributed applications need to call functionality from other applications over a network, e.g.An increasing number of distributed applications need to call functionality from other applications over a network, e.g. — Web Services for financial transactions — Web Services for computational Grids An increasing number of these distributed applications have security requirementsAn increasing number of these distributed applications have security requirements — confidentiality of data — protection from hackers — protection from viruses and trojan horses

4 Research Objectives Provide a reliable communication between an initial requestor and a Web Service providerProvide a reliable communication between an initial requestor and a Web Service provider —message-level communication channel connecting the two entities —messages may be operated on by multiple intermediaries that perform actions (e.g, routing) Provide a secure communication between an initial requestor and a Web Service providerProvide a secure communication between an initial requestor and a Web Service provider —support confidentiality, authenticity, and integrity —support authorization and access control —support secure modification of messages operated on by intermediaries

5 Outline Introduction Modern Cryptography —methodologies to design cryptographic algorithms —a provable secure design First-Generation Web Services Security Second-Generation Web Services Security Peer-to-Peer Security Conclusion

6 Design Methodologies Ad hoc or heuristic securityAd hoc or heuristic security —attack-response design not successful —helps avoid known attacks Formal Methods [BAN90]Formal Methods [BAN90] —formal specification tools —successful at finding flaws and redundancy —assurance limited to formal system Provable Security [GM85]Provable Security [GM85] —based on complexity theory —successful at avoiding flaws —useful to validate cryptographic algorithms

7 How the Science of Provable Security Works 1. Specification of a model of computation –instances of players are modeled via oracles –adversary controls all interactions among the oracles –adversary’s capabilities are modeled by queries to the oracles –adversary plays a game against the oracles 2. Definition of the security goals –authentication and secrecy of session keys –Forward-Secrecy (FS) and Denial of Service (DoS), dictionary attacks 3. Statement of the intractability assumptions –computational/decisional Diffie-Hellman (CDH and DDH) 4. Description of the algorithm and its proof of security –proof shows by contradiction that the algorithm achieves the security goals under the intractability assumptions

8 Outline Introduction Modern Cryptography First-Generation Web Services Security —transport-layer security is a pragmatic solution —provably secure key-exchange primitives Second-Generation Web Services Security Peer-to-Peer Security Conclusion

9 Security at the Transport Layer : Architecture Transport Control Protocol (TCP) Hypertext Transfer Protocol (HTTPS) Secure Socket Layer Protocol (SSL) symmetric crypto algorithms key-exchange algorithm

10 Security at the Transport Layer : Components The TCP protocol provides a reliable communication between the requestor and the WS-provider supportingThe TCP protocol provides a reliable communication between the requestor and the WS-provider supporting —reliable delivery of messages —fifo ordered delivery of messages —membership notifications The SSL protocol provides a secure communication between the requestor and the WS-provider supportingThe SSL protocol provides a secure communication between the requestor and the WS-provider supporting —confidentiality, authenticity, and integrity —authorization and access control —security services optional

11 A PKI-based Key-Exchange Cryptographic Algorithm Enable the requester and the Web Services provider to establish a session key skEnable the requester and the Web Services provider to establish a session key sk Achieve data secrecy and integrity using the session key to key the AES and HMAC cryptographic primitivesAchieve data secrecy and integrity using the session key to key the AES and HMAC cryptographic primitives x1x1 x2x2 [gx2][gx2] [gx1][gx1] sk = g x 1 x 2 WS-providerRequester

12 Outline Introduction Modern Cryptography First-Generation Web Services Security Second-Generation Web Services Security —abstract security from the underlying network —SSL-like message-level protocol Peer-to-Peer Security Conclusion

13 Security at the Application Layer : Architecture Simple Object Access Protocol (SOAP) WS-SecureConversation WS-Security

14 Security at the Application Layer : Architecture The SOAP protocol provides a loosely-coupled, language- neutral, platform-independent way of linking applications across the InternetThe SOAP protocol provides a loosely-coupled, language- neutral, platform-independent way of linking applications across the Internet —Remote Procedure calls (RPC SOAP) —Messaging between applications (Document-based SOAP) The WS-Security Specification protect sensitive data byThe WS-Security Specification protect sensitive data by —encrypting and signing them —enclosing them in an XML form in SOAP messages The WS-SecureConversation specification is a security message-level protocol (similar to SSL)The WS-SecureConversation specification is a security message-level protocol (similar to SSL) —use WS-Security to achieve confidentiality, authenticity, integrity —use WS-Policy and WS-Trust specifications to achieve authorization and access control

15 A PKI-based Key-Exchange Cryptographic Algorithm Enable the requester and the Web Services provider to establish a session key skEnable the requester and the Web Services provider to establish a session key sk Achieve data secrecy and integrity using the session key to key the AES and HMAC cryptographic primitivesAchieve data secrecy and integrity using the session key to key the AES and HMAC cryptographic primitives x1x1 x2x2 [g x 2 ] XML-Sig [g x 1 ] XML-Sig sk = g x 1 x 2 WS-providerRequester

16 Security Measurement: Authenticated Key Exchange Theorem of SecurityTheorem of Security Adv ake (t,q s,q h )  n · Succ cma (t’ ) + 2 · q s n. ·q h ·Succ gcdh (t’’ ) t’,t’’  t + q s · n ·T exp (k) The adversary can break the algorithm in two waysThe adversary can break the algorithm in two ways (1) the adversary forges a signature w.r.t some player’s LL-key => it is possible to build a forger (CMA) (2) the adversary is able to guess the bit b involved in the Test-query => it is possible to solve an instance of the GCDH problem

17 A Password-based Key-Exchange Cryptographic Algorithm Enable the requester and the Web Services provider to establish a session key skEnable the requester and the Web Services provider to establish a session key sk Achieve data secrecy and integrity using the session key to key the AES and HMAC cryptographic primitivesAchieve data secrecy and integrity using the session key to key the AES and HMAC cryptographic primitives x1x1 x2x2 [g x 2 ] pw [g x 1 ] pw sk = g x 1 x 2 WS-providerRequester

18 Security Measurement : Dictionary Attacks Ideal-cipher assumptionIdeal-cipher assumption TheoremTheorem Adv ake (T,q s,q e )  2 q s / N + 2 q s · (n-1) · Adv ddh (T’ ) + 2 ·q h ·Succ tgcdh (T’ ) + Cte T’  T + n · (3q s +q e ) ·T exp (k) The theorem shows that the security against dictionary attacks since the advantage of the adversary grows essentially with the ratio of interactions (number of send- queries) to the number of password. The security holds provided that DDH, TGCDH and M-DDH are hard. These terms can be made negligible.

19 Outline Introduction Modern Cryptography First-Generation Web Services Security Second-Generation Web Services Security Peer-to-Peer Security —multicast-transport security is a pragmatic solution —SSL-like group communication protocol Conclusion

20 Security at the Multicast-Transport Layer: Architecture Reliable Multicast Transport Protocol Collaborative Application Secure Group Layer (SGL) Symmetric cryptographic algorithms Group DH key exchange algorithm Access control algorithm

21 The Reliable Multicast Transport Layer Provide SGL with reliable and ordered delivery of messagesProvide SGL with reliable and ordered delivery of messages —data messages are delivered in order - FIFO, partial, and total - at each member of the group Provide SGL with membership notificationsProvide SGL with membership notifications —membership changes delivered in order with respect to data messages Several systems provide a reliable multicast layerSeveral systems provide a reliable multicast layer —e.g., Totem and InterGroup

22 The Secure Group Layer Symmetric crypto algorithms (e.g. Rijndael and HMAC) —implement an authenticated and encrypted channel A group key-exchange cryptographic primitive enables group members to establish a session key A certificate-based access control mechanism makes sure that only the legitimate parties have access to the session key —off-line (does not participate in key exchange)

23 The Group Key-Exchange Algorithm [g, g x 1 ] [gx2,gx1,gx1x2][gx2,gx1,gx1x2] [g x 2 x 3, sk = g x 1 x 2 x 3 x1x1 x2x2 x3x3 Up-flow: U i raises received values to the power of x i and forwards to U i+1 Down-flow: U n processes the last up-flow and broadcasts gx1x3]gx1x3]

24 Security Measurement: Authenticated Key Exchange (AKE) TheoremTheorem Adv ake (t,Q,q s,q h )  2 · n · Succ cma (t’ ) + 2 · Q ·( n s ) ·s ·q h ·Succ gcdh (t’’ ) t’,t’’  t + (Q+q s ) · n ·T exp (k) The adversary can break the protocol in two waysThe adversary can break the protocol in two ways (1) the adversary forges a signature w.r.t some player ’s LL-key => it is possible to build a forger (CMA) (2) the adversary is able to guess the bit b involved in the Test-query => it is possible to come up with an algo that solves an instance of the GCDH problem

25 The Access Control Algorithm in SGL : a user join 1. Authorization: The user requests its permission from TTP and obtains a membership authorization certificate 2. Join multicast group: 2.1.The user submits a join request 2.2. Secure Group Layer gets a membership change notification 3. Access control: 3.1. The user broadcasts its certificate 3.2. U gc checks the user’s permission and, if authorized, initiates group DH key exchange 4. Deliver secure membership: When the group DH key exchange is done, Secure Group Layer delivers the secure membership notification to the application Secure Group Layer Authorization TTP Reliable multicast transport Reliable multicast transport Reliable multicast transport UserGroup ControllerApplication 1 1 2.1 3.13.2 4 4 2.2 4

Download ppt "Cryptographic Aspects of the Grid Security Cryptographic Aspects of the Grid Security Architecture Olivier Chevassut (LBNL)"

Similar presentations

TCC 2006 Research on Password-Authenticated Group Key Exchange Jeong Ok Kwon, Ik Rae Jeong, and Dong Hoon Lee (CIST, Korea Univ.) Kouchi Sakurai (Kyushu.

TCC 2006 Research on Password-Authenticated Group Key Exchange Jeong Ok Kwon, Ik Rae Jeong, and Dong Hoon Lee (CIST, Korea Univ.) Kouchi Sakurai (Kyushu.
Cryptography and Network Security

Cryptography and Network Security
SSL CS772 Fall 2011. Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.

SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.
Unifying the conceptual levels of network security through use of patterns Ph.D Dissertation Proposal Candidate: Ajoy Kumar, Advisor: Dr Eduardo B. Fernandez.

Unifying the conceptual levels of network security through use of patterns Ph.D Dissertation Proposal Candidate: Ajoy Kumar, Advisor: Dr Eduardo B. Fernandez.
Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)

Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)
7-1 Chapter 7 – Web Security Use your mentality Wake up to reality —From the song, I've Got You under My Skin“ by Cole Porter.

7-1 Chapter 7 – Web Security Use your mentality Wake up to reality —From the song, "I've Got You under My Skin“ by Cole Porter.
Module 5: TLS and SSL 1. Overview Transport Layer Security Overview Secure Socket Layer Overview SSL Termination SSL in the Hosted Environment Load Balanced.

Module 5: TLS and SSL 1. Overview Transport Layer Security Overview Secure Socket Layer Overview SSL Termination SSL in the Hosted Environment Load Balanced.
Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.

Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.
SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.

SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.
1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.

1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.
Lect. 18: Cryptographic Protocols. 2 1.Cryptographic Protocols 2.Special Signatures 3.Secret Sharing and Threshold Cryptography 4.Zero-knowledge Proofs.

Lect. 18: Cryptographic Protocols. 2 1.Cryptographic Protocols 2.Special Signatures 3.Secret Sharing and Threshold Cryptography 4.Zero-knowledge Proofs.
1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.

1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.
SOA and Web Services. SOA Architecture Explaination Transport protocols - communicate between a service and a requester. Messaging layer - enables the.

SOA and Web Services. SOA Architecture Explaination Transport protocols - communicate between a service and a requester. Messaging layer - enables the.
Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.

Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
Latest techniques and Applications in Interprocess Communication and Coordination Xiaoou Zhang.

Latest techniques and Applications in Interprocess Communication and Coordination Xiaoou Zhang.
Security Overview Hofstra University University College for Continuing Education - Advanced Java Programming Lecturer: Engin Yalt May 24, 2006.

Security Overview Hofstra University University College for Continuing Education - Advanced Java Programming Lecturer: Engin Yalt May 24, 2006.
Core Web Service Security Patterns

Core Web Service Security Patterns
Cryptography and Network Security Chapter 17

Cryptography and Network Security Chapter 17
CSCE 790: Computer Network Security Chin-Tser Huang University of South Carolina.

CSCE 790: Computer Network Security Chin-Tser Huang University of South Carolina.

Similar presentations

Ads by Google