



Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
An overview of grid security infrastructure (gsi) used in grid computing. It covers the basics of public-key cryptography, digital signatures, certificates, mutual authentication, and confidential communication. The document also discusses the need for secure communication in the grid, the use of virtual organizations (vos), and the process of acquiring user and host certificates. It further explains the concept of mutual authentication, delegation, and single sign-on.
Typology: Study notes
1 / 6
This page cannot be seen from the preview
Don't miss anything!




Grid Computing
1
Paul A. Farrell
Grid Computing
2
Paul A. Farrell
-^
-^
-^
A public-key system;
-^
Mutual authentication through digital certificates;
-^
Credential delegation and single sign-on.
-^
Need for secure, authenticated communication in the Grid
-^
Need to support security across organizations, but without centralmanagement
-^
Need to support single sign-on, including delegation of credentialsfor computations that involve multiple resources and/or sites
Grid Computing
3
Paul A. Farrell
PKI (CAs andCertificates
SSL/TLS
Proxies and Delegation
PKI forcredentials
Secure SocketsLayer (SSL) forAuthenticationand messageprotection
Proxies and delegation (GSIextensions) for secure singleSign-on
Grid Computing
4
Paul A. Farrell
-^
Two keys, private and public, one to encrypt, one to decrypt
-^
A hash of the message, encrypted with my private key
-^
My public key, digitally signed by the Certificate Authority
IF you trust the CA, AND believe that you have the public key of the CA,THEN you can believe that the public key in the message is mine
-^
If two parties have certificates, and both parties trust the CA that signedthe other’s certificate, then the two parties can prove to each other thatthey are who they say they are
-^
Encrypted communication is NOT the default in GSI. However, thepublic keys can be used to exchange a shared secret key for encryptedmessages if desired
10/16/200610/16/
Grid Computing
5
Paul A. Farrell
Grid security technologies & requirements•^
Must support scalable, dynamic, distributed VO’s
Key attributes of VO’s is that
Participants and resources are governed by classicalorganizations of which they are members
-^
Some VO’s are long-lived, other short lived, so the overhead ofsecurity must be small
VO access must be established and coordinated
Between the local user and the organization
-^
Between the VO and the user
CANNOT assume trust relationships between the classicalorganization and the VO or its external members
Grid Computing
6
Paul A. Farrell
Acquiring certificates^2006
-^
-^
Grid Computing
7
Paul A. Farrell
Acquiring user and host certificates
Grid Computing
8
Paul A. Farrell
grid-cert-request
-^
usercert_request.pem: the request that you need to send to the CA
-^
userkey.pem: contains the private key
-^
usercert.pem, which will be a 0 byte file.
This is not your certificate!
It is merely a placeholder that helps to remind you where to putyour certificate when the CA responds to your request.
10/16/200610/16/
Grid Computing
13
Paul A. Farrell
Mutual Authentication
C e rt if ic a te
A C e rt if ic a te
A
Certificate
B Certificate
B
User A
User B
Cert
A^
Cert
B
A^ and sends it to B
a) Check the validity of CertAuthority based on Digital signatureofCert Authorityb) Extract the public key of A
B send its certificate and A then authenticates it similarly
Grid Computing
14
Paul A. Farrell
Delegation and single sign-on
-^
Grid Computing
15
Paul A. Farrell
Proxy certificate
-^
-^
-^
-^
userID
or /tmp/x509up_u_
username
Grid Computing
16
Paul A. Farrell
Use of proxy certificate
10/16/200610/16/
Grid Computing
17
Paul A. Farrell
Use of proxy certificate
-^
-^
File permissions prevent anyone else from looking at them easily.
-^
Grid Computing
18
Paul A. Farrell
Proxy certificate chain of trust
-^
-^
-^
-^
Grid Computing
19
Paul A. Farrell
Creating a proxy certificate
-^
-^
-^
Grid Computing
20
Paul A. Farrell
GSI system configuration
-^