tecnologia dei servizi grid e cloud computing - lezione 005a 0 lezione 5a - 17 novembre 2009 il...
Post on 27-Mar-2015
215 Views
Preview:
TRANSCRIPT
Tecnologia dei Servizi “Grid e cloud computing” - Lezione 005a 1
Lezione 5a - 17 Novembre 2009
Il materiale didattico usato in questo corso è stato mutuato da quello utilizzato da Paolo Veronesi per il corso di Griglie Computazionali per la Laurea Specialistica in Informatica tenuto nell’anno accademico 2008/09 presso l’Università degli Studi di Ferrara.
Paolo Veronesipaolo.veronesi@cnaf.infn.it, pveronesi@unife.ithttp://www.cnaf.infn.it/~pveronesi/unife/
Università degli Studi di Bari – Corso di Laurea Specialistica in Informatica
“Tecnologia dei Servizi “Grid e cloud computing” A.A. 2009/2010
Giorgio Pietro Maggi giorgio.maggi@ba.infn.it, http://www.ba.infn.it/~maggi
Tecnologia dei Servizi “Grid e cloud computing” - Lezione 005a 2
Overview
Globus Toolkit V4.0 Introduction to Security
Fundamental Concepts
Authentication Basic Cryptography Digital Signature Public Key Infrastructures (PKIs) Proxies and Temporary Credentials
Tecnologia dei Servizi “Grid e cloud computing” - Lezione 005a 3
Security• Cross-organizational users• Trust nobody• Authorized access only
Security• Cross-organizational users• Trust nobody• Authorized access only
Information Services• Registry• Notification• Logging/auditing
Information Services• Registry• Notification• Logging/auditing
Execution Management• Job description & submission• Scheduling• Resource provisioning
Execution Management• Job description & submission• Scheduling• Resource provisioning
Data Services• Common access facilities• Efficient & reliable transport• Replication services
Data Services• Common access facilities• Efficient & reliable transport• Replication services
Self-Management• Self-configuration• Self-optimization• Self-healing
Self-Management• Self-configuration• Self-optimization• Self-healing
Resource Management• Discovery• Monitoring• Control
Resource Management• Discovery• Monitoring• Control
OGSAOGSA
OGSA “profiles”OGSA “profiles”
Web services foundation Web services foundation
Tecnologia dei Servizi “Grid e cloud computing” - Lezione 005a 4
SOA Reference Model
WSA
GLOBUS Arch
OASIS SOA RM
GLOBUS
gLite Arch
extensions
gLite
From SOA to Grid middleware
OGSA
…
…
Tecnologia dei Servizi “Grid e cloud computing” - Lezione 005a 5
Globus is Service-Oriented Infrastructure Technology
Software for service-oriented infrastructure Service enable new & existing resources E.g., GRAM on computer, GridFTP on storage system, custom
application service Uniform abstractions & mechanisms
Tools to build applications that exploit service-oriented infrastructure Registries, security, data management, …
Open source & open standards Each empowers the other eg – monitoring across different protocols is hard
Enabler of a rich tool & service ecosystem
Tecnologia dei Servizi “Grid e cloud computing” - Lezione 005a 6
Globus Toolkit V4.0
Major release on April 29th 2005 Precious fifteen months spent on design, development,
and testing 1.8M lines of code Major contributions from five institutions Hundreds of millions of service calls executed over weeks of
continuous operation
Significant improvements over GT3 code base in all dimensions
Tecnologia dei Servizi “Grid e cloud computing” - Lezione 005a 7
Goals for GT4
Usability, reliability, scalability, … Web service components have quality equal or
superior to pre-WS components Documentation at acceptable quality level
Consistency with latest standards (WS-*, WSRF, WS-N, etc.) and Apache platform WS-I Basic (Security) Profile compliant
New components, platforms, languages And links to larger Globus ecosystem
Tecnologia dei Servizi “Grid e cloud computing” - Lezione 005a 8
Griglie Computazionali - Lezione 005 8
Tecnologia dei Servizi “Grid e cloud computing” - Lezione 005a 9
Glossary Principal
An entity: a user, a program, or a machine Credentials
Some data providing a proof of identity Authentication
Verify the identity of the principal Authorization
Map an entity to some set of privileges Confidentiality
Encrypt the message so that only the recipient can understand it Integrity
Ensure that the message has not been altered in the transmission Non-repudiation
Impossibility of denying the authenticity of a digital signature
Tecnologia dei Servizi “Grid e cloud computing” - Lezione 005a 10
Introduction to Security
Tecnologia dei Servizi “Grid e cloud computing” - Lezione 005a 11
Security is a process
A risk is a vulnerability and a threat
Organizations implement controls over their activities to obtain acceptable residual risk
Tecnologia dei Servizi “Grid e cloud computing” - Lezione 005a 12
Risk-based view of the world
Organizations: Sites, VOs and Grids Each has a security process lifecycle Satisfaction jointly and severally
Each organization is captain of its own ship However, constrained to interoperate
Standards aid interoperation
Tecnologia dei Servizi “Grid e cloud computing” - Lezione 005a 13
Secure from Whom and Against What
Secure from whom? From systems administrator? From rogue employee? Mr. H. Acker…?
Secure against what? Denial of Service? Identity theft? Legally sensitive data acquisition? Or even MPs leaving laptops on the Tube…
Tecnologia dei Servizi “Grid e cloud computing” - Lezione 005a 14
Secure for how long? “I recommend overwriting a deleted file seven times:
the first time with all ones, the second time with all zeros, and five times with a cryptographically secure pseudo-random
sequence.
Recent developments at the National Institute of Standards and Technology with electron-tunnelling microscopes suggest even that might not be enough.
Honestly, if your data is sufficiently valuable, assume that it is impossible to erase data completely off magnetic media. Burn or shared media; it's cheaper to buy media new than to lose your secrets…."
-Applied Cryptography 1996, page 229
Tecnologia dei Servizi “Grid e cloud computing” - Lezione 005a 15
Secure Technology vs. Secure System
Secure technology ≠ secure system System using 2048+ bit encryption technology, packet
filtering firewalls, PMIs, PKIs… …. on running laptop in unlocked room … on PC with password on “post-it” on screen/desk We have heard worse than this, naming no names!
Tecnologia dei Servizi “Grid e cloud computing” - Lezione 005a 16
A Quote
“…if you think that technology can solve your security problems then you don’t know enough about the technology, and worse you don’t know what your problems are…”
Bruce Schneier, Secrets and Lies in a Digital Networked World
Tecnologia dei Servizi “Grid e cloud computing” - Lezione 005a 17
Definition: Computer Security
“The protection afforded to an automated information system in order to attain the applicable objectives of preserving
the integrity, availability and confidentiality
of information system resources (includes hardware, software, firmware, information/data, and telecommunications)”
An Introduction to Computer Security The NIST Handbook
Tecnologia dei Servizi “Grid e cloud computing” - Lezione 005a 18
Fundamentals Key terms that are typically associated with security
Authentication Authorisation Audit/accounting Integrity Fabric Management Confidentiality Privacy Trust
All are important for Grids but some applications may have more emphasis on certain concepts than others
Tecnologia dei Servizi “Grid e cloud computing” - Lezione 005a 19
Fundamentals - Authentication the establishment and safe propagation of a user’s identity in
the system e.g. site X can check that user Y is attempting to gain access to
resources does not check what user is allowed to do, only that we know (and can
check!) who they are Masquerading always a danger (and realistic possibility) Need for user guidance on security
Password selection Treatment of certificates Hardware tokens …
Is anonymity required?
Authentication on the Grid is achieved with Public Key Infrastructures (PKIs)
Tecnologia dei Servizi “Grid e cloud computing” - Lezione 005a 20
Fundamentals - Authorisation concerned with controlling access to services based on policy
Can this user invoke this service making use of this data? Complementary to authentication
Know it is this user, now can we restrict/enforce what they can/cannot do
Many different contenders for authorisation infrastructures e.g: some software components related to authorization aspects
developed as open source projects: PERMIS VOMS CAS AKENTI
Authorisation on the Grid must be scalable
Tecnologia dei Servizi “Grid e cloud computing” - Lezione 005a 21
Fundamentals - Auditing Auditing/Accounting
the analysis of records of account (e.g. security event logs) to investigate security events, procedures or the records themselves
Includes logging, intrusion detection and auditing of security in managed computer facilities
well established in theory and practice Grid computing adds the complication that some of the information
required by a local audit system may be distributed elsewhere, or may be obscured by layers of indirection
e.g. Grid service making use of federated data resource where data kept and managed remotely
Need tools to support diagnostics Do we need to log all information? (Can We? More pertinent probably) How long do we keep it for? …
Auditing tools are in development for some authorisation infrastructures
Tecnologia dei Servizi “Grid e cloud computing” - Lezione 005a 22
Fundamentals - Integrity Integrity
Ensuring that data is not modified since it was created, typically of relevance when data is sent over public network
Technical solutions exist to maintain the integrity of data in transit
checksums, PKI support, … Grid also raises more general questions
e.g. provenance maintaining the integrity of chains or groups of related data
Integrity can be checked through the use of digital signatures
Tecnologia dei Servizi “Grid e cloud computing” - Lezione 005a 23
Fundamentals - Fabric Management
Fabric Management consists of the distributed computing, network
resources and associated connections that support Grid applications
impacts Grid security in these ways: an insecure fabric may undermine the security of the Grid
Are all sites fully patched (middleware/OS)? Can we limit damage of virus infected machine across Grid?
Identify it, quarantine it, anti-virus update/patch, re-instate into VO, …
fabric security measures may impede grid operations e.g. firewalls may be configured to block essential Grid
traffic
Tecnologia dei Servizi “Grid e cloud computing” - Lezione 005a 24
Fundamentals - Confidentiality is concerned with ensuring that information is not
made available to unauthorised individuals, services or processes It is usually supported by access control within systems,
and encryption between systems Confidentiality is generally well understood, but the Grid
introduces the new problem of transferring or signalling the intended protection policy when data staged between systems
Authentication and Authorisation infrastructures usually implement confidentiality, so we are already there!
Tecnologia dei Servizi “Grid e cloud computing” - Lezione 005a 25
Fundamentals - Privacy particularly significant for projects processing personal
information, or subject to ethical restrictions e.g. projects dealing with medical, health data
Privacy requirements relate to the use of data, in the context of consent established by the data owner Privacy is therefore distinct from confidentiality, although it may be
supported by confidentiality mechanisms. Grid technology needs a transferable understanding of suitable
policies addressing privacy requirements/constraints Should allow to express how such policies can be
defined, applied, implemented, enforced, …
Tecnologia dei Servizi “Grid e cloud computing” - Lezione 005a 26
Trust characteristic allowing one entity to assume that a second
entity will behave exactly as the first entity expects
Important distinction between ‘trust management’ systems which implement authorisation, and the wider requirements of trust e.g. health applications require the agreement between users and
resources providers of restrictions that cannot be implemented by access control
e.g. restrictions on the export of software, or a guarantee that personal data is deleted after use
therefore a need to understand and represent policy agreements between groups of users and resource providers
such policies may exist inside or outside the system, and are typically not supported by technical mechanisms
Tecnologia dei Servizi “Grid e cloud computing” - Lezione 005a 27
Authentication
Intro Basic Cryptography Digital Signature PKI Proxy
Tecnologia dei Servizi “Grid e cloud computing” - Lezione 005a 28
Who Am I??
I am The President of the United States The Secretary General of the United Nations David Beckham Keith Richards The girl who served your cup of coffee this morning..
All of these people may need to use a computer How can we confirm their identities?
Tecnologia dei Servizi “Grid e cloud computing” - Lezione 005a 29
Who am I??
I am John Watt (allegedly) To prove it I have
A Driving Licence I got by passing my test and producing my passport
A Passport I went to the passport office with my Birth certificate
A Birth Certificate I can’t remember getting this!
Tecnologia dei Servizi “Grid e cloud computing” - Lezione 005a 30
Who am I??
Is there a logical chain working here? Note that, generally, the credentials given on the
previous page tend to depend on the one below it. But the DVLA (UK Driving Licence Authority) state on their
website: “Note - Birth certificates are not absolute proof of identity and so
we may ask you to provide other evidence to allow us to check your identity.”
What other evidence? A passport? But that depends on you producing a birth certificate!
A bank account? You need a passport for that!
NO!
Tecnologia dei Servizi “Grid e cloud computing” - Lezione 005a 31
Who am I?? But they do have one thing in common
They are non-local credentials They attempt to define a unique (nationally at least) reference
that will establish your identity
Do we need something similar for the Grid?? First of all, we need to establish how identity can be
proved and securely moved around a network. The Grid community are (in principle) in agreement
about how this should be done But first we need to look at the basics of this system, and it has
to do with an age old problem…
Tecnologia dei Servizi “Grid e cloud computing” - Lezione 005a 32
Cryptography
Mathematical algorithm that provides important building blocks for the implementation of a security infrastructure
Symbology Plaintext: M Cyphertext: C Encryption with key K1 : E K1(M) = C Decryption with key K2 : D K2(C) = M
Algorithms Symmetric: K1 = K2 Asymmetric: K1 ≠ K2
K2K1
EncryptionEncryption DecryptionDecryptionM C M
Tecnologia dei Servizi “Grid e cloud computing” - Lezione 005a 33
Basic Cryptography When I were a lad…
My friend would post an important message through my letterbox…
But we had ‘code wheels’ Rotate the inner wheel by the number of jumps indicated at
the beginning of the message And translate…
3 Y O U S M E L L
3 V L R P J B I I
Tecnologia dei Servizi “Grid e cloud computing” - Lezione 005a 34
Basic Cryptography
What if someone else got hold of the wheel? Our plans for world domination are in ruins Because what makes the wheel work is the extra
information included with the original encrypted message:
Without this number the message will stay encrypted This number is the encryption ‘key’
And is transmitted UNENCRYPTED We could agree this face-to-face, but why not just give the message
then?? What if I was grounded? (happened a lot) Lets look at this at a slightly more mature level…
3 V L R P J B I I
Tecnologia dei Servizi “Grid e cloud computing” - Lezione 005a 35
Symmetric Algoritms The same key is used for encryption and decryption Advantages:
Fast
Disadvantages: how to distribute the keys? the number of keys is O(n2)
Examples: DES 3DES Rijndael (AES) Blowfish Kerberos
Paul John
ciao
3$r ciao
Paul John
ciao
3$r ciao
3$r
3$r
Tecnologia dei Servizi “Grid e cloud computing” - Lezione 005a 36
Basic Cryptography We need some way of transmitting the key so it can’t
be stolen. Can we encrypt the key? No, but we can do something
analogous…
1) Split the key into two parts, one for encryption and one for decryption
2) Make the encryption key PUBLIC for anyone to use, but keep your decryption key PRIVATE
Note that in some implementations the private key may also be used to encrypt and the public key to decrypt (see Digital Signatures)
Tecnologia dei Servizi “Grid e cloud computing” - Lezione 005a 37
Public Key Algorithms Every user has two keys: one private
and one public: it is impossible to derive the private
key from the public one; a message encrypted by one key can
be decrypted only by the other one. No exchange of secrets is necessary
the sender cyphers using the public key of the receiver;
the receiver decripts using his private key;
the number of keys is O(n). Examples:
Diffie-Helmann (1977) RSA (1978)
John keys
public
Paul keys
Paul John
ciao
3$r ciao
Paul John
ciao
cy7 ciao
3$r
cy7
public
Tecnologia dei Servizi “Grid e cloud computing” - Lezione 005a 38
Solved the key transmission problem
We have solved the key transmission problem by only transmitting an encryption key Now anyone who wishes to send you a message uses
your PUBLIC key to encrypt it, safe in the knowledge that the only person who can decrypt it is the holder of the PRIVATE key (i.e. you!)
The public and private keys are broken apart according to a complex mathematical formula that means it would take months/years to crack messages without the private key.
Tends to outlive credentials issued (e.g. credit cards)
Tecnologia dei Servizi “Grid e cloud computing” - Lezione 005a 39
Symmetric vs. Asymmetric Symmetric encryption only guarantees privacy
The message is still encrypted, but there is no evidence of who encrypted it, nor any guarantee the data has not been tampered with.
Asymmetric encryption can be used to authenticate By encrypting a message with someone’s public key, you
can be sure ONLY they will be able to read it.
And… Some level of integrity may be provided (digital
signatures)
Tecnologia dei Servizi “Grid e cloud computing” - Lezione 005a 40
Authentication
Intro Basic Cryptography Digital Signature PKI Proxy
Tecnologia dei Servizi “Grid e cloud computing” - Lezione 005a 41
One-Way Hash Functions Functions (H) that given as input a variable-length message
(M) produce as output a string of fixed length (h) the length of h must be at least 256 bits given M, it must be easy to calculate H(M) = h given h, it must be difficult to calculate
M = H-1(h) given M, it must be difficult to find M’ such that H(M) = H(M’)
Examples: SNEFRU: hash of 128 or 256 bits; MD4/MD5: hash of 128 bits; now MD6! SHA (Standard FIPS): hash of 160 bits.
Tecnologia dei Servizi “Grid e cloud computing” - Lezione 005a 42
Ex
$cat prova1testo di prova
$ md5sum prova1909adc30dcc15239ac640b52d33a12b2 prova1
$ cat prova2testo di prove
$ md5sum prova2c89ee15b2f056edfbef2dcb62b2249aa prova2
$ ls -l /bin/ls-rwxr-xr-x 1 root root 67700 Dec 9 2005 /bin/ls
$ md5sum /bin/ls2636c546ce5ca69687f5dfc74cc3175e /bin/ls
Tecnologia dei Servizi “Grid e cloud computing” - Lezione 005a 43
Digital Signature Paul calculates the hash of the
message Paul encrypts the hash using his
private key: the encrypted hash is the digital signature.
Paul sends the signed message to John.
John calculates the hash of the message and verifies it with the one received by A and decyphered with A’s public key.
If hashes equal: message wasn’t modified; Paul cannot repudiate it.
John
This is some
message
Digital Signature
Paul
This is some
message
Digital Signature
This is some
message
Digital Signature
Hash(A)
Paul keys
public private
Hash(B)
Hash(A)
= ?
Tecnologia dei Servizi “Grid e cloud computing” - Lezione 005a 44
Digital Certificates Paul’s digital signature is safe if:
Paul’s private key is not compromised John knows Paul’s public key
How can John be sure that Paul’s public key is really Paul’s public key and not someone else’s? A third party guarantees the correspondence between
public key and owner’s identity. Both A and B must trust this third party
Two models: X.509: hierarchical organization; PGP: “web of trust”.
Tecnologia dei Servizi “Grid e cloud computing” - Lezione 005a 45
A
B
C
D
E
F
• F knows D and E, who knows A and C, who knows A and B.
• F is reasonably sure that the key from A is really from A.
PGP “web of trust”
Tecnologia dei Servizi “Grid e cloud computing” - Lezione 005a 46
Public Key Infrastructures (PKIs)
PKIs provide a mechanism for privacy, integrity and authentication using public keys Implemented with DIGITAL CERTIFICATES
Your UNIQUE virtualised identity
Issued by a CERTIFICATE AUTHORITY Entity which administers certificates and issues them correctly
X.509 (1988) is the standard for PKI certificates Binds a globally unique X500 distinguished name to a public key
In reality, CAs tend to choose any name they want Legal disclaimer, liability transfer. A mess, but not critical
Web browser compatible
Tecnologia dei Servizi “Grid e cloud computing” - Lezione 005a 47
• An X.509 Certificate contains:
– owner’s public key;
– identity of the owner;
– info on the CA;
– time of validity;
– Serial number; – digital signature of the CA
Public keyPublic key
Subject:C=CH, O=CERN, Subject:C=CH, O=CERN, OU=GRID, CN=Andrea Sciaba 8968OU=GRID, CN=Andrea Sciaba 8968
Issuer: C=CH, O=CERN, OU=GRID, Issuer: C=CH, O=CERN, OU=GRID, CN=CERN CACN=CERN CA
Expiration date: Aug 26 08:08:14 Expiration date: Aug 26 08:08:14 2005 GMT2005 GMT
Serial number: 625 (0x271)Serial number: 625 (0x271)
CA Digital signatureCA Digital signature
Structure of a X.509 certificate
X.509 Certificates
Tecnologia dei Servizi “Grid e cloud computing” - Lezione 005a 48
Certificate Authorities A Certificate Authority (CA) is a third party that
signs certificates and ensures that the subject name and public key actually belong to that person How?
The old fashioned way… Example… The INFN Certificate Authority
Initial contact – application (online) Credential verification (IN PERSON)
Go to CA or Regional Authority (RA) Issue – download (online)
INFN CA requires the application and issuing terminals to be the same ( this is where the PRIVATE key of your certificate is)
Tecnologia dei Servizi “Grid e cloud computing” - Lezione 005a 49
Certificate Authorities
A CA may delegate Regional Operators to confirm people’s identities Saves me having to travel from Bologna to Firenze if I
want a certificate
CA records a piece of personal identification for their records Passport, Driving Licence, Staff/Student Matric Card
CA extends an existing ID infrastructure
Tecnologia dei Servizi “Grid e cloud computing” - Lezione 005a 50
Certificate Authorities
A CA also is in charge of revoking certificates CA publishes a Certificate Revocation List
Download to your browser Shows all invalid certificates in the organisation
A CA MUST be explicitly trusted by the system Trusted Root CAs list in Windows Certificate cannot be used until the CA’s root
certificate has been accepted as trusted Accepted very much like Software Licences i.e. nearly always!
Tecnologia dei Servizi “Grid e cloud computing” - Lezione 005a 51
Certificate Authenticity CAs confirm the certificate’s authenticity by
digitally signing it CA computes a hash of the certificate using an agreed
(non-secret) algorithm CA encrypts this hash with their private key and
appends to bottom of certificate Recipient computes their own hash of the info Recipient decrypts the hash the CA sent (with the CA’s
public key) and compares with their own Proves the CA signed the info and the info hasn’t been
tampered with Encryption of the info is optional (for privacy)
Tecnologia dei Servizi “Grid e cloud computing” - Lezione 005a 52
A problem
Are there any pitfalls to digital certificates? Can we alter their contents?
No, the CA signed the certificate thus ensuring its integrity
Can we spoof? You will need your own CA, and if the application doesn’t trust
it, your certificates won’t work. So no.
What can we do? STEAL IT!
Someone who holds your digital certificate (and private key) may safely assume your identity on the Grid
This problem isn’t going away. How can we deal with this?
Tecnologia dei Servizi “Grid e cloud computing” - Lezione 005a 53
Certificate Revocation Lists list of serial numbers of the certificates
which have been revoked are no longer valid and should not be relied upon by any system user
CRLs are usually signed by the issuing CA and therefore carry a digital signature
Type of revocations: Non reversible:a certificate is irreversibly revoked Reversible: the certificate is on hold;
this reversible status can be used to notice the temporary invalidity of the certificate, for instance when the user is not sure if the private key has been lost.
Tecnologia dei Servizi “Grid e cloud computing” - Lezione 005a 54
PKI basics
PKI provides, among other services, an authentication protocol relying on asymmetric encryption.
One of the keys is kept private, the other is made public. Public keys are distributed using certificates which are digitally signed by trusted authorities
““An intro to An intro to PKI and few PKI and few deploy hints”deploy hints”
““Py75c%bn&*)9|Py75c%bn&*)9|fDe^bDzjF@g5=&fDe^bDzjF@g5=&nmdFgegMs”nmdFgegMs”
““An intro to An intro to PKI and few PKI and few deploy hints”deploy hints”
Clear-text InputClear-text Input Clear-text OutputClear-text OutputCipher-textCipher-text
Different keysDifferent keys
EncryptionEncryption DecryptionDecryption
Tecnologia dei Servizi “Grid e cloud computing” - Lezione 005a 55
AliceAlice
pubpub
DSDS
CertCert
PKI: Obtaining a Certificate
PrivPriv pubpub
Certification Server
User generatesUser generatesa key paira key pair
Certificate is sent Certificate is sent to the userto the user
Public key is Public key is submitted to CA submitted to CA for certificationfor certification
AliceAlice
pubpub
DSDS
CertCert
User identity verified,User identity verified,Digital signature added,Digital signature added,Certificate producedCertificate produced
Tecnologia dei Servizi “Grid e cloud computing” - Lezione 005a 56
AliceAlice
pubpub
DSDS
CertCert
PKI: Authentication with Certificates
PrivPriv
Bob verifies the Bob verifies the digital signature digital signature on the certificateon the certificate
Certificate is sent Certificate is sent for authenticationfor authentication
He can trust that the public key really belongs to Alice, but is it Alice standing if front of him ?
AliceAlice
pubpub
DSDS
CertCert
AliceAlice BobBob
Bob challenges Alice to encrypt
for him a random phrase he generated
I Like FlowersI Like Flowers
&erD4%@fT%&erD4%@fT%
AliceAlice
pubpub
DSDS
CertCert
I Like FlowersI Like Flowers
&erD4%@fT%&erD4%@fT%
?? I Like FlowersI Like Flowers
&erD4%@fT%&erD4%@fT%
Encrypt using private keyEncrypt using private keyDecrypt using public key Decrypt using public key
in certificate and in certificate and comparecompare
Tecnologia dei Servizi “Grid e cloud computing” - Lezione 005a 57
Authentication
Intro Basic Cryptography Digital Signature PKI Proxy
Tecnologia dei Servizi “Grid e cloud computing” - Lezione 005a 58
X.509 Proxy Certificate Extension to X.509 Identity Certificates
signed by the normal end entity cert (or by another proxy)
Enables single sign-on Support
Delegation Mutual authentication
Has a limited lifetime minimized risk of “compromised credentials”
Tecnologia dei Servizi “Grid e cloud computing” - Lezione 005a 59
Creating a proxy Command: grid-proxy-init
User enters pass phrase, which is used to decrypt private key Private key is used to sign a proxy certificate with its own, new
public/private key pair. User’s private key not exposed after proxy has been signed
User certificate file
Private Key(Encrypted)Pass
Phrase
User Proxycertificate file
Proxy placed in /tmp the private key of the Proxy is not encrypted: stored in local file: must be readable only by the owner; proxy lifetime is short (typically 12 h) to minimize security risks.
NOTE: No network traffic!
Tecnologia dei Servizi “Grid e cloud computing” - Lezione 005a 60
Delegation and limited proxy Proxy credential
the combination of a proxy certificate and its corresponding private key Delegation = remote creation of a (second level) proxy credential
New key pair generated remotely on server Client signs proxy cert and returns it
Allows remote process to authenticate on behalf of the user Remote process “impersonates” the user
The client can elect to delegate a “limited proxy” Each service decides whether it will allow authentication with a limited
proxy Job manager service requires a full proxy GridFTP server allows either full or limited proxy to be used
Tecnologia dei Servizi “Grid e cloud computing” - Lezione 005a 61
CONCLUSION
Security is a combination of technical implementation and sociological behaviour
There can be no overall security policy for the Grid – integrate existing site policies
The establishment of identity on the Grid (authentication) is achieved through the use of PKI Certificates and Proxies
top related