SECURITY

Security requirements are fundamental to the grid design. The basic security components are comprised of mechanisms for authentication, authorization, and confidentiality of communication between grid computers. Without this functionality, the integrity and confidentiality of the data processed within the grid would be at risk.

 Grid security requirements

A virtual organization is one of the fundamental concepts in a grid environment today. A virtual organization (VO) is defined as a dynamic group of individuals, groups, or organizations who define the conditions and rules (business objectives and policies) for sharing resources.

1. Integration

The grid security infrastructure is required to integrate with existing security infrastructures across platforms and hosting environments. The overall grid security architecture is required to be implementation agnostic and be extensible to incorporate new security services as they become available.

2. Interoperability

The Grid services that traverse multiple domains and hosting environments need to be able to interact with each other to allow domains to exchange messages (for example, via SOAP/HTTP), allow each party to specify security policy applied to a secure conversation, and provide mechanisms to identify a user from one domain in another domain.

3.  Trust Relationship
A Grid service request can span multiple security domains. The security domains involved to meet a Grid service request require establishing trust with each other. Due to the dynamic nature of a grid environment, it is unfeasible to establish end-to-end trust prior to execution of an application. The issue of trust establishment becomes complicated with transient Grid services.

At a high level the grid security requirements can be defined as follows:
Authentication :

Providing interfaces to plug-in different authentication mechanisms and means to convey the mechanism used.

Delegation :

Providing mechanisms to allow delegation of access rights from requesters to services while ensuring that the access rights delegated are restricted to the tasks intended to be performed within policy restrictions.
Single logon :

This refers to relieving an authenticated entity from re-authentication for a certain period of time when subsequent access to grid resources are requested while taking multiple security domains and identity mappings into account.

Credential life span and renewal 

Ability to refresh requester credentials if a grid application operation takes longer to complete than the life-span of a delegated
credential.
Authorization

Ability to control access to grid components based on authorization policies.
Privacy

Allowing both a service requester and a service provider to define and enforce privacy policies.
Confidentiality

Protect confidentiality of underlying transport and message content and between OGSA-compliant components in either point-to-point or store and forward mechanisms.
Message integrity

Ensuring unauthorized changes made to message content or data can be detected at the recipient end.
Policy exchange :

Allows security context negotiation mechanism between service requesters and service providers based on security policy information.

Secure logging

Provides a foundation for non-repudiation and auditing that enables all services to time-stamp and log various types of information without interruption or information alteration by adverse agents.
Assurance

Provides means to qualify the security assurance level that can be expected of a hosting environment. The security assurance level indicates the types of security services provided by an environment. This information is useful in deciding whether to deploy a service in the environment.
Manageability This requirement mainly deals with various security service management issues such as identity management, policy management, and so on.

Firewall traversal

Ability to traverse firewalls without compromising local control of firewall policy to enable cross-domain grid computing environment.
Securing the OGSA infrastructure   This refers to securing core OGSA components.

Grid Security model

Important Security Terms:

1. Symmetric key encryption
Symmetric key encryption is based on the use of one shared secret key to perform both the encryption and decryption of data. To ensure that the data is only read by the two parties (sender and receiver), the key has to be distributed securely between the two parties and no others. If someone should gain access to the secret key that is used to encrypt the data, they would be able to decrypt the information.

2.  Asymmetric key encryption
Another commonly used cryptography method is called public key cryptography. The RSA public key cryptography system is a prime  example of this. In public key cryptography, an asymmetric key pair (a so-called public key and a private key) is used. The key used for encryption is different from the one used for decryption.

3.  The Certificate Authority
A properly implemented Certificate Authority (CA) has many responsibilities. These should be followed diligently to achieve good security. The primary responsibilities are:
Positively identifying entities requesting certificates
Issuing, removing, and archiving certificates
Protecting the Certificate Authority server
Maintaining a namespace of unique names for certificate owners
Serving signed certificates to those needing to authenticate entities
Logging activity

 

Getting Access to GRID :

In order to build a grid environment using the GSI components, you have to create a set of keys for public key cryptography and request your certificate from the Certificate Authority and a copy of the public key of the CA.

1.  Copy the Certificate Authority’s public key to your grid host with which you set up GSI.

2.  Create your private key and a certificate request.
3.  Send your certificate request to CA by e-mail or another more secure way if you are running a production system and need to positively identify the sender.
4.  CA signs your request to make your certificate and sends it back to you.

Preparation Procedure for GSI

When that procedure has been completed and you have received your signed digital certificate, you will have three important files on your grid host. They are:
The CA’s public key
The grid host’s private key
The grid host’s digital certificate

Authentication and authorization
Imagine a scenario where you need to communicate with another grid computer’s application and you want to ensure that the data from the host is really from the host.  Besides making sure that you can trust the grid host, you want to make sure the grid host that you want to communicate with trusts your grid computer.  After you have authenticated with the remote grid resource, you then have the option of having the grid resource give you access to resources on your behalf. In this case, you can use the authorization function of GSI.

Authentication and Authorization Procedure

Through the steps described below, grid host A (or a user on grid host A) is authenticated and authorized by grid host B. Almost all steps are for authentication, except the last authorization step:
1.  A user or application on A sends its certificate to the host B.
2.  Host B will get the public key for A and will use it to extract the subject from the certificate.
3.  Host B creates a random number and sends it to host A.
4.  Host A receives the number, encrypts it with its private key, and sends the encrypted number to host B.
5.  Host B will decrypt the number and check that the decrypted number is really the one that it sent before. Then host B authenticates that the certificate is really that from the user on host A, because only that user on host A can encrypt the number with its private key.
6.  The certificate is authenticated by host B, and the subject in the certificate is mapped to a local user name. The subject is in the form of Distinguished Name (DN) like “O=Grid/O=Globus/OU=itso.grid.com/CN=your name“, and it is the name that is used by LDAP to distinguish the entries in the directory service. The subject is used to specify the user identity in a grid environment. The user defined by the Distinguished Name is authorized by host B to act as a local user on host B.

There are other security Issues like

1.  Physical security

2.  Operating system security

3.  Grid and firewalls

4.  Host intrusion detection

5. Network intrusion detection

<<Previous

Advertisements
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: