Grid Computing, B. Wilkinson, 20045a.1 Security Continued.

Slides:

Advertisements

Similar presentations

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.

Advertisements

Experiences with Massive PKI Deployment and Usage Daniel Kouřil, Michal Procházka Masaryk University & CESNET Security and Protection of Information 2009.

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.

CP3397 ECommerce.

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

1 Lecture 17: SSL/TLS history, architecture basic handshake session initiation/resumption key computation negotiating cipher suites application: SET.

Cryptography and Network Security

Grid Security Infrastructure Tutorial Von Welch Distributed Systems Laboratory U. Of Chicago and Argonne National Laboratory.

Lecture 2: Security Rachana Ananthakrishnan Argonne National Lab.

1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.

Lecture 23 Internet Authentication Applications

Grid Security. Typical Grid Scenario Users Resources.

Mar 19, 2002Mårten Trolin1 This lecture On the assignment Certificates and key management SSL/TLS –Introduction –Phases –Commands.

Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.

Security+ Guide to Network Security Fundamentals, Third Edition Chapter 12 Applying Cryptography.

WAP Public Key Infrastructure CSCI – Independent Study Fall 2002 Jaleel Syed Presentation No 5.

Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.

16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.

Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.

Principles of Information Security, 2nd edition1 Cryptography.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.

An Introduction to Security Concepts and Public Key Infrastructure (PKI) Mary Thompson.

Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.

Use of Kerberos-Issued Certificates at Fermilab Kerberos  PKI Translation Matt Crawford & Dane Skow Fermilab.

CN1276 Server Kemtis Kunanuraksapong MSIS with Distinction MCTS, MCDST, MCP, A+

CERTIFICATES “a document containing a certified statement, especially as to the truth of something ”

Elias M. Awad Third Edition ELECTRONIC COMMERCE From Vision to Fulfillment 13-1© 2007 Prentice-Hall, Inc ELC 200 Day 23.

INTRODUCTION Why Signatures? A uthenticates who created a document Adds formality and finality In many cases, required by law or rule Digital Signatures.

Chapter 14 Encryption: A Matter Of Trust. Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic.

AQA Computing A2 © Nelson Thornes 2009 Section Unit 3 Section 6.4: Internet Security Digital Signatures and Certificates.

Securing Data at the Application Layer Planning Authenticity and Integrity of Transmitted Data Planning Encryption of Transmitted Data.

SSL and https for Secure Web Communication CSCI 5857: Encoding and Encryption.

Masud Hasan Secue VS Hushmail Project 2.

_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications1.

Security Keys, Signatures, Encryption. Slides by Jyrki Nummenmaa ‘

SSL / TLS in ITDS Arun Vishwanathan 23 rd Dec 2003.

E-Commerce Security Technologies : Theft of credit card numbers Denial of service attacks (System not availability ) Consumer privacy (Confidentiality.

Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.

E-commerce What are the relationships among: – Client (i.e. you) – Server – Bank – Certification authority Other things to consider: – How to set up your.

E-Commerce Security Professor: Morteza Anvari Student: Xiaoli Li Student ID: March 10, 2001.

Security Protocols and E-commerce University of Palestine Eng. Wisam Zaqoot April 2010 ITSS 4201 Internet Insurance and Information Hiding.

Unit 1: Protection and Security for Grid Computing Part 2

Configuring Directory Certificate Services Lesson 13.

Chapter 23 Internet Authentication Applications Kerberos Overview Initially developed at MIT Software utility available in both the public domain and.

Certificate-Based Operations. Module Objectives By the end of this module participants will be able to: Define how cryptography is used to secure information.

Types of Electronic Infection

Digital Envelopes, Secure Socket Layer and Digital Certificates By: Anthony and James.

Internet Security. 2 PGP is a security technology which allows us to send that is authenticated and/or encrypted. Authentication confirms the identity.

1 SSL - Secure Sockets Layer The Internet Engineering Task Force (IETF) standard called Transport Layer Security (TLS) is based on SSL.

1. 2 Overview In Exchange security is managed by assigning permissions in Active Directory Exchange objects are secured with DACL and ACEs Permissions.

X.509 Topics PGP S/MIME Kerberos. Directory Authentication Framework X.509 is part of the ISO X.500 directory standard. used by S/MIME, SSL, IPSec, and.

Security fundamentals Topic 5 Using a Public Key Infrastructure.

Network Security Continued. Digital Signature You want to sign a document. Three conditions. – 1. The receiver can verify the identity of the sender.

Mar 28, 2003Mårten Trolin1 This lecture Certificates and key management Non-interactive protocols –PGP SSL/TLS –Introduction –Phases –Commands.

Fall 2006CS 395: Computer Security1 Key Management.

Using SSL – Secure Socket Layer

Pooja programmer,cse department

The Secure Sockets Layer (SSL) Protocol

Cryptography and Network Security

Presentation transcript:

Grid Computing, B. Wilkinson, 20045a.1 Security Continued

Grid Computing, B. Wilkinson, 20045a.2 Public Key Cryptography Double Encryption Hello. This is my message that must be kept secret 12ga;jey ck027jc;L; sajckjyfras biiop[pa23 54mghdas Receiver’s public key Receiver’s private Key Original data Transmitted data Original data Sender Receiver Sender’s public key Sender’s private Key Slow but secure.

Grid Computing, B. Wilkinson, 20045a.3 Question Why is single encryption with receiver’s public key/single decryption with receiver’s private key (slide 5-19) not sufficient? Answer

Grid Computing, B. Wilkinson, 20045a.4 Public Key and Secret Key Cryptography Public Key and Secret Key Cryptography generally used together. Public key Cryptography with Certificates and a Certificate Authority (CA) used to establish a secure authenticated connection between parties. Then: –Secret key passed between parties. –Secret key cryptography used to encrypt data, which is much faster than public key cryptography.

Grid Computing, B. Wilkinson, 20045a.5 Use of Public Key Infrastructure (PKI) Several network protocols have embedded public key and/or secret key cryptographic algorithms. Most notable is SSL (described in slides5), which can be added on top of protocols such as http (i.e. https), FTP (sftp), and telnet.

Grid Computing, B. Wilkinson, 20045a.6 Others include: For secure - S/MIME (Secure Multipurpose Internet Mail Extensions) developed by RSA Data Security Inc, see: For secure e-commerce - SET (Secure Electronic Transaction), developed jointly by Visa, Mastercard, IBM, and other companies, for secure credit card transactions over the Internet, see:

Grid Computing, B. Wilkinson, 20045a.7 Certificate Authorities Commercial Certificate Authorities exist, such as: –VeriSign Inc. –Entrust Technologies Inc., Web browsers have built-in recognition such trusted CAs, allowing SSL and other secure connections.

Grid Computing, B. Wilkinson, 20045a.8 General Public Key Infrastructure From: “Deploying a Public Key Infrastructure,” IBM Redbook, SG

Grid Computing, B. Wilkinson, 20045a.9 Certificate Repository Used to store: –Issued certificates –Revoked certificates (CRLs - Certificate Revocation List) –Might be accessed through LDAP (Lightweight Directory Access Protocol)

Grid Computing, B. Wilkinson, 20045a.10 Registration Authority Acts for CA for some management functions (see IBM Redbooks). Not strictly necessary as CA could do all functions.

Grid Computing, B. Wilkinson, 20045a.11 CA’s own certificate CA needs it own certificate identify itself First it generates key pair. It protect its private key. (This is vitally important!) It then creates a certificate and signs it with its private key: CA’s public key Certificate CA’s digital signature CA’s X-500 name

Grid Computing, B. Wilkinson, 20045a.12 Requesting a certificate from a CA Usually the requesting client generates a public/private key pair and then submits an unsigned certificate to the CA. The certificate returned signed by the CA contains the public key.

Grid Computing, B. Wilkinson, 20045a.13 Question Why usually does the CA not generate the public/private key pair for the requester? Answer Because it would require the private key to be sent to the requester. If the requester generates the private key, it is more secure as it does not leave requester.

Grid Computing, B. Wilkinson, 20045a.14 Using a signed certificate to send a secure message One can attached it to your message. Alternatively, the message is sent without a certificate and the receiver has to retrieve the certificate from a public place. Either way, the receiver checks the signature. It has to be CA it can trust.

Grid Computing, B. Wilkinson, 20045a.15 Certificate Lifetime Certificates have a limited lifetime for security purposes, i. e. certificates are issued with an expiration date. Have a renewal process but user will normally have same public/private key pair.

Grid Computing, B. Wilkinson, 20045a.16 Certificate Authority for Grid Computing Usually a certificate authority is created for the specific grid computing environment. Globus has “simple” implementation called simpleCA.

Grid Computing, B. Wilkinson, 20045a.17 Grid Users After Certificate Authority established for the grid, users have to register with grid CA. This was done for each account provided at WCU, so users did not have to do anything. In general, users joining a grid from geographically dispersed locations must communicate with the CA system administrator to verify their identity and to get a certificate. Communication often done by .

Grid Computing, B. Wilkinson, 20045a.18 Grid Security Infrastructure From: “Introduction to Grid Computing with Globus,” IBM Redbooks, SG , Fig Globus Interaction with Certificate Authority This step done by or a more a secure way.

Grid Computing, B. Wilkinson, 20045a.19 Grid Computers Computers added to a grid (donors) preferably need their identity verified in a similar fashion. Computers registered with certificate authority - only those machines will be allowed to participate in the grid activities. Computers might be used under a certain access rights.

Grid Computing, B. Wilkinson, 20045a.20 GSI Authentication/Authorization Functions Communicating from Host A to Host B From host A to host B: –Host A send its certificate to Host B –Host B gets Host A’s public key and name using CA’s public key. –Host B creates a random number and sends it to Host A. –Host A encrypts random number with its private key and sends it to host B. –Host B decrypts number and checks number. If correct, Host B authenticates host A’s certificate.

Grid Computing, B. Wilkinson, 20045a.21 From: “Introduction to Grid Computing with Globus,” IBM Redbooks, SG , Fig. 3-4.

Grid Computing, B. Wilkinson, 20045a.22 Proxies Proxy needed to delegate authority to another host, say host C through host B, where the proxy will act on your behalf. Rather a large number of steps.

Grid Computing, B. Wilkinson, 20045a.23 From: “Introduction to Grid Computing with Globus,” IBM Redbooks, SG , Fig. 3-5.

Grid Computing, B. Wilkinson, 20045a.24 Proxies used to authenticate users and run user programs on grid. Proxy created with grid-proxy-int command. We shall see a use of this in assignment 3. Next task is assignment 2.