Grid technology Security issues Andrey Nifatov A hacker.

Slides:

Advertisements

Similar presentations

Introduction of Grid Security

Advertisements

Wei Lu 1, Kate Keahey 2, Tim Freeman 2, Frank Siebenlist 2 1 Indiana University, 2 Argonne National Lab

Experiences with Massive PKI Deployment and Usage Daniel Kouřil, Michal Procházka Masaryk University & CESNET Security and Protection of Information 2009.

Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Security Daniel Mallmann MWSG meeting Amsterdam December 2005.

26 Mai 2004 Séminaire Croisé : Sécurité Informatique Ubiquitaire1 Security Architecture for GRID Applications Séminaire Croisé Sécurité Informatique Ubiquitaire.

Grid Computing, B. Wilkinson, 20045a.1 Security Continued.

High Performance Computing Course Notes Grid Computing.

Grid Security Infrastructure Tutorial Von Welch Distributed Systems Laboratory U. Of Chicago and Argonne National Laboratory.

Lecture 2: Security Rachana Ananthakrishnan Argonne National Lab.

Military Technical Academy Bucharest, 2006 GRID SECURITY INFRASTRUCTURE (GSI) - Globus Toolkit - ADINA RIPOSAN Department of Applied Informatics.

Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.

Encryption and Firewalls Chapter 7. Learning Objectives Understand the role encryption plays in firewall architecture Know how digital certificates work.

Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.

Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.

INFSO-RI Enabling Grids for E-sciencE Security, Authorisation and Authentication Mike Mineter Training, Outreach and Education National.

Military Technical Academy Bucharest, 2006 SECURITY FOR GRID INFRASTRUCTURES - Grid Trust Model - ADINA RIPOSAN Department of Applied Informatics.

Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.

AustrianGrid, LCG & more Reinhard Bischof HPC-Seminar April 8 th 2005.

1 Directory related work in the Global Grid Forum 3rd TF-LSD Meeting in Antalya Peter Gietz

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 10 Authenticating Users By Whitman, Mattord, & Austin© 2008 Course Technology.

Smart Card Single Sign On with Access Gateway Enterprise Edition

Chapter 10: Authentication Guide to Computer Network Security.

Introduction to Secure Messaging The Open Group Messaging Forum April 30, 2003.

An approach to on the fly activation and deactivation of virtualization-based security systems Denis Efremov Pavel Iakovenko

Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.

Gregorio Martínez Pérez University of Murcia PROVIDING SECURITY TO UNIVERSITY ENVIRONMENT COMMUNICATIONS.

Grid Security Issues Shelestov Andrii Space Research Institute NASU-NSAU, Ukraine.

E-Commerce Security Professor: Morteza Anvari Student: Xiaoli Li Student ID: March 10, 2001.

- Raghavi Reddy.  With traditional desktop computing, we run copies of software programs on our own computer. The documents we create are stored on our.

Chapter 23 Internet Authentication Applications Kerberos Overview Initially developed at MIT Software utility available in both the public domain and.

INFSO-RI Enabling Grids for E-sciencE Sofia, 22 March 2007 Security, Authentication and Authorisation Mike Mineter Training, Outreach.

Module 9: Fundamentals of Securing Network Communication.

The Grid System Design Liu Xiangrui Beijing Institute of Technology.

Military Technical Academy Bucharest, 2004 GETTING ACCESS TO THE GRID Authentication, Authorization and Delegation ADINA RIPOSAN Applied Information Technology.

Network Security. 2 SECURITY REQUIREMENTS Privacy (Confidentiality) Data only be accessible by authorized parties Authenticity A host or service be able.

Security, Authorisation and Authentication.

The Distribution Online Vending Pilot Project Demo Testing Certificate Management Kennedy P Subramoney 23 July 2004.

Copyright © cs-tutorial.com. Overview Introduction Architecture Implementation Evaluation.

Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved DISTRIBUTED.

Virtual Workspaces Kate Keahey Argonne National Laboratory.

National Computational Science National Center for Supercomputing Applications National Computational Science Credential Management in the Grid Security.

1 Network Security Lecture 7 Overview of Authentication Systems Waleed Ejaz

Introduction to Grids By: Fetahi Z. Wuhib [CSD2004-Team19]

6/23/2005 R. GARDNER OSG Baseline Services 1 OSG Baseline Services In my talk I’d like to discuss two questions:  What capabilities are we aiming for.

Security fundamentals Topic 5 Using a Public Key Infrastructure.

Authorisation, Authentication and Security Guy Warner NeSC Training Team Induction to Grid Computing and the EGEE Project, Vilnius,

INSA LYON1 Security Policy Configuration Issues in Grid Computing Environments George Angelis, Stefanos Gritzalis, and Costas Lambrinoudakis Presentation.

KEK GRID CA updates Takashi Sasaki Computing Research Center KEK.

Globus and PlanetLab Resource Management Solutions Compared M. Ripeanu, M. Bowman, J. Chase, I. Foster, M. Milenkovic Presented by Dionysis Logothetis.

DTI Mission – 29 June LCG Security Ian Neilson LCG Security Officer Grid Deployment Group CERN.

1 AHM, 2–4 Sept 2003 e-Science Centre GRID Authorization Framework for CCLRC Data Portal Ananta Manandhar.

Security, Authorisation and Authentication Mike Mineter, Guy Warner Training, Outreach and Education National e-Science Centre

WLCG Authentication & Authorisation LHCOPN/LHCONE Rome, 29 April 2014 David Kelsey STFC/RAL.

CPT 123 Internet Skills Class Notes Internet Security Session B.

The Globus Toolkit The Globus project was started by Ian Foster and Carl Kesselman from Argonne National Labs and USC respectively. The Globus toolkit.

SSH. 2 SSH – Secure Shell SSH is a cryptographic protocol – Implemented in software originally for remote login applications – One most popular software.

EMI is partially funded by the European Commission under Grant Agreement RI Common Authentication Library Daniel Kouril, for the CaNL PT EGI CF.

IP Security (IPSec) Matt Hermanson. What is IPSec? It is an extension to the Internet Protocol (IP) suite that creates an encrypted and secure conversation.

Academia Sinica Grid Computing Certification Authority F2F interview (Malaysia )

EGEE-II INFSO-RI Enabling Grids for E-sciencE Authentication, Authorisation and Security Mike Mineter, National e-Science Centre.

INFSO-RI Enabling Grids for E-sciencE Sofia, 17 March 2009 Security, Authentication and Authorisation Mike Mineter Training, Outreach.

Chapter 40 Internet Security.

Gonçalo Borges, Mário David, Jorge Gomes

Unit 27: Network Operating Systems

Message Digest Cryptographic checksum One-way function Relevance

Grid Security M. Jouvin / C. Loomis (LAL-Orsay)

Introduction to Network Security

Presentation transcript:

Grid technology Security issues Andrey Nifatov A hacker

Terms Globus is a US government-funded project that provides software tools that allow you to build grids and grid-based applications. Grid is a distributed computational tool that allows you to use geographically distributed resources for single computational project. * “Grid computing : A practical guide to technology and applications”

Virtual Organization The wide spectrum of problems, are associated with resource sharing for virtual organization VOs “share geographically distributed recourses, assuming the absence of global controller, and an existing trust relationship”

Virtual Organization VO can be large or small, static or dynamic They may be only created to solve specific problem

Virtual Organization

Differences between Grids and the older distributed tools Grid supports varied systems Grid could involve almost unlimited number of computational resources (the Internet) Security was considered a primary focus

Grid architecture Includes protocols and interfaces that provide access to the resources Includes core protocols from the Internet model. IP,DNS,BGP,IGRP Defines protocols that are necessary to control sharing of local resources Includes protocols that provide system oriented capabilities Includes protocols that are targeted toward a specific application

Globus uses Certificate Authority All grid resources need to be signed by a CA. Registrant Authority works together with CA. The RA approves or rejects request for certificate and forwards information to CA.

Certificate Authority Before CA can sign certificates for others, it must sign and issue certificates for itself. CA randomly generates its own key pair CA protects its private key CA creates its own certificate its info CA signs its certificate with its private key

Certificate Authority Thus, its private key is sensitive to attacks from hackers. The most famous way to protect involves special hardware which doesn’t have network connection. The private key is stored inside the hardware and never leaves it. The hardware could support a smart card processor, if this is not very expensive tool. If this is not the case, dedicated hardware CA may be involved. A hacker

Grid certificate Provides identity Contains your information Contains your public key Will be used to decrypt the SSL session ID Has unique Distinguished Name (DN) Also called X.509

Remote delegation: Grid proxy Acts as yourself: Submits a request to the foreign host on your behalf. Also called remote delegation Store proxy’s private key on the remote machine

Conclusion Supercomputers are expensive and specializedSupercomputers are expensive and specialized Grid computers solve problems by using multiple computes instead of a single computer.Grid computers solve problems by using multiple computes instead of a single computer. This shift produces a dramatic increase in the speed and decrease in the cost.This shift produces a dramatic increase in the speed and decrease in the cost. However, it is also a shift from an environment that is secure by definition to one that is public and secured like the Internet. Thus, security issues were considered a primary focus on the way to developing this tool.However, it is also a shift from an environment that is secure by definition to one that is public and secured like the Internet. Thus, security issues were considered a primary focus on the way to developing this tool. A hacker