Università degli Studi di Bari – Corso di Laurea Specialistica in Informatica
“Tecnologia dei Servizi “Grid e cloud computing”
A.A. 2009/2010
Giorgio Pietro Maggi [email protected], http://www.ba.infn.it/~maggi
Lezione 5a - 17 Novembre 2009
Il materiale didattico usato in questo corso è stato mutuato da quello
utilizzato da Paolo Veronesi per il corso di Griglie Computazionali
per la Laurea Specialistica in Informatica tenuto nell’anno
accademico 2008/09 presso l’Università degli Studi di Ferrara.
Paolo Veronesi
[email protected], [email protected]
http://www.cnaf.infn.it/~pveronesi/unife/
Tecnologia dei Servizi “Grid e cloud computing” - Lezione 005a
0
Overview
Globus Toolkit V4.0
 Introduction to Security


Fundamental Concepts
Authentication
 Basic Cryptography
 Digital Signature
 Public Key Infrastructures (PKIs)
 Proxies and Temporary Credentials

Tecnologia dei Servizi “Grid e cloud computing” - Lezione 005a
1
Execution Management
• Job description & submission
• Scheduling
• Resource provisioning
Data Services
• Common access facilities
• Efficient & reliable transport
• Replication services
Resource Management
Self-Management
• Discovery
• Monitoring
• Control
• Self-configuration
• Self-optimization
• Self-healing
OGSA
Information Services
Security
• Registry
• Notification
• Logging/auditing
• Cross-organizational users
• Trust nobody
• Authorized access only
OGSA “profiles”
Web services foundation
Tecnologia dei Servizi “Grid e cloud computing” - Lezione 005a
2
From SOA to Grid middleware
OASIS SOA RM
SOA Reference Model
OGSA
WSA extensions
GLOBUS Arch gLite Arch
GLOBUS
gLite
…
…
Tecnologia dei Servizi “Grid e cloud computing” - Lezione 005a
3
Globus is Service-Oriented
Infrastructure Technology

Software for service-oriented infrastructure




Tools to build applications that exploit service-oriented
infrastructure


Registries, security, data management, …
Open source & open standards



Service enable new & existing resources
E.g., GRAM on computer, GridFTP on storage system, custom
application service
Uniform abstractions & mechanisms
Each empowers the other
eg – monitoring across different protocols is hard
Enabler of a rich tool & service ecosystem
Tecnologia dei Servizi “Grid e cloud computing” - Lezione 005a
4
Globus Toolkit V4.0


Major release on April 29th 2005
Precious fifteen months spent on design, development,
and testing




1.8M lines of code
Major contributions from five institutions
Hundreds of millions of service calls executed over weeks of
continuous operation
Significant improvements over GT3 code base in all
dimensions
Tecnologia dei Servizi “Grid e cloud computing” - Lezione 005a
5
Goals for GT4

Usability, reliability, scalability, …



Consistency with latest standards (WS-*,
WSRF, WS-N, etc.) and Apache platform


Web service components have quality equal or
superior to pre-WS components
Documentation at acceptable quality level
WS-I Basic (Security) Profile compliant
New components, platforms, languages

And links to larger Globus ecosystem
Tecnologia dei Servizi “Grid e cloud computing” - Lezione 005a
6
Griglie Computazionali - Lezione 005
Tecnologia dei Servizi “Grid e cloud computing” - Lezione 005a
7
7
Glossary

Principal


Credentials


Encrypt the message so that only the recipient can understand it
Integrity


Map an entity to some set of privileges
Confidentiality


Verify the identity of the principal
Authorization


Some data providing a proof of identity
Authentication


An entity: a user, a program, or a machine
Ensure that the message has not been altered in the transmission
Non-repudiation

Impossibility of denying the authenticity of a digital signature
Tecnologia dei Servizi “Grid e cloud computing” - Lezione 005a
8
Introduction to Security
Tecnologia dei Servizi “Grid e cloud computing” - Lezione 005a
9
Security is a process

A risk is



a vulnerability
and a threat
Organizations implement controls over their
activities to obtain acceptable residual risk
Tecnologia dei Servizi “Grid e cloud computing” - Lezione 005a
10
Risk-based view of the world

Organizations: Sites, VOs and Grids



Each organization is captain of its own ship


Each has a security process lifecycle
Satisfaction jointly and severally
However, constrained to interoperate
Standards aid interoperation
Tecnologia dei Servizi “Grid e cloud computing” - Lezione 005a
11
Secure from Whom and Against What

Secure from whom?



From systems administrator?
From rogue employee? Mr. H. Acker…?
Secure against what?




Denial of Service?
Identity theft?
Legally sensitive data acquisition?
Or even MPs leaving laptops on the Tube…
Tecnologia dei Servizi “Grid e cloud computing” - Lezione 005a
12
Secure for how long?

“I recommend overwriting a deleted file seven times:





the first time with all ones,
the second time with all zeros,
and five times with a cryptographically secure pseudo-random
sequence.
Recent developments at the National Institute of
Standards and Technology with electron-tunnelling
microscopes suggest even that might not be enough.
Honestly, if your data is sufficiently valuable, assume that
it is impossible to erase data completely off magnetic
media. Burn or shared media; it's cheaper to buy media
new than to lose your secrets…."

-Applied Cryptography 1996, page 229
Tecnologia dei Servizi “Grid e cloud computing” - Lezione 005a
13
Secure Technology vs. Secure System

Secure technology ≠ secure system

System using 2048+ bit encryption technology, packet
filtering firewalls, PMIs, PKIs…



…. on running laptop in unlocked room
… on PC with password on “post-it” on screen/desk
We have heard worse than this, naming no names!
Tecnologia dei Servizi “Grid e cloud computing” - Lezione 005a
14
A Quote

“…if you think that technology can solve your security
problems then you don’t know enough about the technology,
and worse you don’t know what your problems are…”

Bruce Schneier, Secrets and Lies in a Digital Networked
World
Tecnologia dei Servizi “Grid e cloud computing” - Lezione 005a
15
Definition: Computer Security

“The protection afforded to an automated
information system in order to attain the
applicable objectives of preserving




the integrity,
availability
and confidentiality
of information system resources (includes hardware,
software, firmware, information/data, and
telecommunications)”


Tecnologia dei Servizi “Grid e cloud computing” - Lezione 005a
An Introduction to Computer Security
The NIST Handbook
16
Fundamentals

Key terms that are typically associated with security









Authentication
Authorisation
Audit/accounting
Integrity
Fabric Management
Confidentiality
Privacy
Trust
All are important for Grids but some applications may
have more emphasis on certain concepts than others
Tecnologia dei Servizi “Grid e cloud computing” - Lezione 005a
17
Fundamentals - Authentication

the establishment and safe propagation of a user’s
identity in the system

e.g. site X can check that user Y is attempting to gain access to
resources



does not check what user is allowed to do, only that we know (and
can check!) who they are
Masquerading always a danger (and realistic possibility)
Need for user guidance on security






Password selection
Treatment of certificates
Hardware tokens
…
Is anonymity required?
Authentication on the Grid is achieved with Public Key
Infrastructures (PKIs)
Tecnologia dei Servizi “Grid e cloud computing” - Lezione 005a
18
Fundamentals - Authorisation

concerned with controlling access to services based on policy


Can this user invoke this service making use of this data?
Complementary to authentication


Many different contenders for authorisation infrastructures

e.g: some software components related to authorization aspects
developed as open source projects:





Know it is this user, now can we restrict/enforce what they can/cannot do
PERMIS
VOMS
CAS
AKENTI
Authorisation on the Grid must be scalable
Tecnologia dei Servizi “Grid e cloud computing” - Lezione 005a
19
Fundamentals - Auditing

Auditing/Accounting

the analysis of records of account (e.g. security event logs) to
investigate security events, procedures or the records themselves

Includes logging, intrusion detection and auditing of security in managed
computer facilities
 well established in theory and practice
 Grid computing adds the complication that some of the information
required by a local audit system may be distributed elsewhere, or may be
obscured by layers of indirection
 e.g. Grid service making use of federated data resource where data kept
and managed remotely

Need tools to support diagnostics
 Do we need to log all information? (Can We? More pertinent probably)
 How long do we keep it for?
 …

Auditing tools are in development for some authorisation
infrastructures
Tecnologia dei Servizi “Grid e cloud computing” - Lezione 005a
20
Fundamentals - Integrity

Integrity

Ensuring that data is not modified since it was created,
typically of relevance when data is sent over public
network

Technical solutions exist to maintain the integrity of data in
transit
 checksums, PKI support, …

Grid also raises more general questions
 e.g. provenance
 maintaining the integrity of chains or groups of related data

Integrity can be checked through the use of digital
signatures
Tecnologia dei Servizi “Grid e cloud computing” - Lezione 005a
21
Fundamentals - Fabric Management

Fabric Management

consists of the distributed computing, network
resources and associated connections that support
Grid applications

impacts Grid security in these ways:
 an insecure fabric may undermine the security of the Grid
 Are all sites fully patched (middleware/OS)?
 Can we limit damage of virus infected machine across Grid?
 Identify it, quarantine it, anti-virus update/patch, re-instate
into VO, …
 fabric security measures may impede grid operations
 e.g. firewalls may be configured to block essential Grid
traffic
Tecnologia dei Servizi “Grid e cloud computing” - Lezione 005a
22
Fundamentals - Confidentiality

is concerned with ensuring that information is not
made available to unauthorised individuals, services
or processes

It is usually supported by access control within systems,
and encryption between systems

Confidentiality is generally well understood, but the Grid
introduces the new problem of transferring or signalling the
intended protection policy when data staged between systems

Authentication and Authorisation infrastructures usually implement
confidentiality, so we are already there!
Tecnologia dei Servizi “Grid e cloud computing” - Lezione 005a
23
Fundamentals - Privacy

particularly significant for projects processing personal
information, or subject to ethical restrictions


e.g. projects dealing with medical, health data
Privacy requirements relate to the use of data, in the context
of consent established by the data owner


Privacy is therefore distinct from confidentiality, although it may be
supported by confidentiality mechanisms.
Grid technology needs a transferable understanding of suitable
policies addressing privacy requirements/constraints

Should allow to express how such policies can be




defined,
applied,
implemented,
enforced, …
Tecnologia dei Servizi “Grid e cloud computing” - Lezione 005a
24
Trust

characteristic allowing one entity to assume that a second
entity will behave exactly as the first entity expects

Important distinction between ‘trust management’ systems
which implement authorisation, and the wider requirements
of trust

e.g. health applications require the agreement between users and
resources providers of restrictions that cannot be implemented by
access control


e.g. restrictions on the export of software, or a guarantee that personal
data is deleted after use
therefore a need to understand and represent policy agreements
between groups of users and resource providers

such policies may exist inside or outside the system, and are typically
not supported by technical mechanisms
Tecnologia dei Servizi “Grid e cloud computing” - Lezione 005a
25
Authentication
Intro
 Basic Cryptography
 Digital Signature
 PKI
 Proxy

Tecnologia dei Servizi “Grid e cloud computing” - Lezione 005a
26
Who Am I??

I am






The President of the United States
The Secretary General of the United Nations
David Beckham
Keith Richards
The girl who served your cup of coffee this morning..
All of these people may need to use a computer

How can we confirm their identities?
Tecnologia dei Servizi “Grid e cloud computing” - Lezione 005a
27
Who am I??

I am John Watt (allegedly)

To prove it I have

A Driving Licence
 I got by passing my test and producing my passport

A Passport
 I went to the passport office with my Birth certificate

A Birth Certificate
 I can’t remember getting this!
Tecnologia dei Servizi “Grid e cloud computing” - Lezione 005a
28
Who am I??

Is there a logical chain working here?

Note that, generally, the credentials given on the
previous page tend to depend on the one below it.

But the DVLA (UK Driving Licence Authority) state on their
website:
 “Note - Birth certificates are not absolute proof of identity and
so we may ask you to provide other evidence to allow us to
check your identity.”
 What other evidence? A passport?
 But that depends on you producing a birth certificate!
 A bank account?
 You need a passport for that!

NO!
Tecnologia dei Servizi “Grid e cloud computing” - Lezione 005a
29
Who am I??

But they do have one thing in common

They are non-local credentials


They attempt to define a unique (nationally at least)
reference that will establish your identity
Do we need something similar for the Grid??


First of all, we need to establish how identity can be
proved and securely moved around a network.
The Grid community are (in principle) in agreement
about how this should be done

But first we need to look at the basics of this system, and it
has to do with an age old problem…
Tecnologia dei Servizi “Grid e cloud computing” - Lezione 005a
30
Cryptography
K1
M


C
Decryption
M
Mathematical algorithm that provides important building
blocks for the implementation of a security infrastructure
Symbology





Encryption
K2
Plaintext: M
Cyphertext: C
Encryption with key K1 : E K1(M) = C
Decryption with key K2 : D K2(C) = M
Algorithms


Symmetric: K1 = K2
Asymmetric: K1 ≠ K2
Tecnologia dei Servizi “Grid e cloud computing” - Lezione 005a
31
Basic Cryptography

When I were a lad…

My friend would post an important message through
my letterbox…
3 VLR PJBII

But we had ‘code wheels’


Rotate the inner wheel by the number of jumps indicated at
the beginning of the message
And translate…
3 YOU SMELL
Tecnologia dei Servizi “Grid e cloud computing” - Lezione 005a
32
Basic Cryptography

What if someone else got hold of the wheel?




Our plans for world domination are in ruins
Because what makes the wheel work is the extra
information included with the original encrypted
message:
3 VLR PJBII
Without this number the message will stay encrypted
This number is the encryption ‘key’

And is transmitted UNENCRYPTED
 We could agree this face-to-face, but why not just give the
message then?? What if I was grounded? (happened a lot)

Lets look at this at a slightly more mature level…
Tecnologia dei Servizi “Grid e cloud computing” - Lezione 005a
33
Symmetric Algoritms


The same key is used for encryption and decryption
Advantages:


Disadvantages:



Fast
how to distribute the keys?
the number of keys is O(n2)
Examples:





DES
3DES
Rijndael (AES)
Blowfish
Kerberos
Tecnologia dei Servizi “Grid e cloud computing” - Lezione 005a
Paul
ciao
John
3$r
Paul
ciao
3$r
ciao
John
3$r
3$r
ciao
34
Basic Cryptography

We need some way of transmitting the key so it
can’t be stolen.

Can we encrypt the key? No, but we can do
something analogous…

1) Split the key into two parts, one for encryption and
one for decryption
2) Make the encryption key PUBLIC for anyone to
use, but keep your decryption key PRIVATE


Note that in some implementations the private key may also
be used to encrypt and the public key to decrypt (see Digital
Signatures)
Tecnologia dei Servizi “Grid e cloud computing” - Lezione 005a
35
Public Key Algorithms

Every user has two keys: one
private and one public:



No exchange of secrets is
necessary




it is impossible to derive the private
key from the public one;
a message encrypted by one key
can be decrypted only by the other
one.
the sender cyphers using the
public key of the receiver;
the receiver decripts using his
private key;
the number of keys is O(n).
Paul
John
ciao
3$r
Paul
3$r
ciao
John
ciao
cy7
Paul keys
public
cy7
ciao
John keys
public
Examples:


Diffie-Helmann (1977)
RSA (1978)
Tecnologia dei Servizi “Grid e cloud computing” - Lezione 005a
36
Solved the key transmission problem

We have solved the key transmission problem
by only transmitting an encryption key

Now anyone who wishes to send you a message
uses your PUBLIC key to encrypt it, safe in the
knowledge that the only person who can decrypt it is
the holder of the PRIVATE key (i.e. you!)

The public and private keys are broken apart
according to a complex mathematical formula that
means it would take months/years to crack messages
without the private key.

Tends to outlive credentials issued (e.g. credit cards)
Tecnologia dei Servizi “Grid e cloud computing” - Lezione 005a
37
Symmetric vs. Asymmetric

Symmetric encryption only guarantees privacy


Asymmetric encryption can be used to authenticate


The message is still encrypted, but there is no evidence
of who encrypted it, nor any guarantee the data has not
been tampered with.
By encrypting a message with someone’s public key, you
can be sure ONLY they will be able to read it.
And…

Some level of integrity may be provided (digital
signatures)
Tecnologia dei Servizi “Grid e cloud computing” - Lezione 005a
38
Authentication
Intro
 Basic Cryptography
 Digital Signature
 PKI
 Proxy

Tecnologia dei Servizi “Grid e cloud computing” - Lezione 005a
39
One-Way Hash Functions

Functions (H) that given as input a variable-length message
(M) produce as output a string of fixed length (h)





the length of h must be at least 256 bits
given M, it must be easy to calculate H(M) = h
given h, it must be difficult to calculate
M = H-1(h)
given M, it must be difficult to find M’ such that H(M) = H(M’)
Examples:



SNEFRU: hash of 128 or 256 bits;
MD4/MD5: hash of 128 bits; now MD6!
SHA (Standard FIPS): hash of 160 bits.
Tecnologia dei Servizi “Grid e cloud computing” - Lezione 005a
40
Ex
$cat prova1
testo di prova
$ md5sum prova1
909adc30dcc15239ac640b52d33a12b2
prova1
$ cat prova2
testo di prove
$ md5sum prova2
c89ee15b2f056edfbef2dcb62b2249aa
prova2
$ ls -l /bin/ls
-rwxr-xr-x
1 root
root
67700 Dec
9
2005 /bin/ls
$ md5sum /bin/ls
2636c546ce5ca69687f5dfc74cc3175e
Tecnologia dei Servizi “Grid e cloud computing” - Lezione 005a
/bin/ls
41
Digital Signature





Paul calculates the hash of the
message
Paul encrypts the hash using his
private key: the encrypted hash is the
digital signature.
Paul sends the signed message to
John.
John calculates the hash of the
message and verifies it with the one
received by A and decyphered with
A’s public key.
If hashes equal: message wasn’t
modified; Paul cannot repudiate it.
Paul keys
Paul
This is some
Hash(A)
message
Digital Signature
Tecnologia dei Servizi “Grid e cloud computing” - Lezione 005a
message
Digital Signature
John
Hash(B)
=?
Hash(A)
public
This is some
This is some
message
Digital Signature
private
42
Digital Certificates

Paul’s digital signature is safe if:



How can John be sure that Paul’s public key is
really Paul’s public key and not someone else’s?



Paul’s private key is not compromised
John knows Paul’s public key
A third party guarantees the correspondence between
public key and owner’s identity.
Both A and B must trust this third party
Two models:


X.509: hierarchical organization;
PGP: “web of trust”.
Tecnologia dei Servizi “Grid e cloud computing” - Lezione 005a
43
PGP “web of trust”
D
B
F
C
E
A
• F knows D and E, who knows A and C, who knows A and B.
• F is reasonably sure that the key from A is really from A.
Tecnologia dei Servizi “Grid e cloud computing” - Lezione 005a
44
Public Key Infrastructures (PKIs)

PKIs provide a mechanism for privacy, integrity and
authentication using public keys

Implemented with DIGITAL CERTIFICATES


Issued by a CERTIFICATE AUTHORITY


Your UNIQUE virtualised identity
Entity which administers certificates and issues them correctly
X.509 (1988) is the standard for PKI certificates

Binds a globally unique X500 distinguished name to a public key
 In reality, CAs tend to choose any name they want
 Legal disclaimer, liability transfer. A mess, but not critical

Web browser compatible
Tecnologia dei Servizi “Grid e cloud computing” - Lezione 005a
45
X.509 Certificates
• An X.509 Certificate contains:
– owner’s public key;
Structure of a X.509 certificate
Public key
– identity of the owner;
Subject:C=CH, O=CERN,
OU=GRID, CN=Andrea Sciaba 8968
– info on the CA;
Issuer: C=CH, O=CERN, OU=GRID,
CN=CERN CA
– time of validity;
Expiration date: Aug 26 08:08:14
2005 GMT
Serial number: 625 (0x271)
– Serial number;
CA Digital signature
– digital signature of the CA
Tecnologia dei Servizi “Grid e cloud computing” - Lezione 005a
46
Certificate Authorities

A Certificate Authority (CA) is a third party that
signs certificates and ensures that the subject
name and public key actually belong to that
person

How?


The old fashioned way…
Example… The INFN Certificate Authority
 Initial contact – application (online)
 Credential verification (IN PERSON)
 Go to CA or Regional Authority (RA)
 Issue – download (online)
 INFN CA requires the application and issuing terminals to
be the same ( this is where the PRIVATE key of your
certificate is)
Tecnologia dei Servizi “Grid e cloud computing” - Lezione 005a
47
Certificate Authorities

A CA may delegate Regional Operators to confirm
people’s identities


CA records a piece of personal identification for
their records


Saves me having to travel from Bologna to Firenze if I
want a certificate
Passport, Driving Licence, Staff/Student Matric Card
CA extends an existing ID infrastructure
Tecnologia dei Servizi “Grid e cloud computing” - Lezione 005a
48
Certificate Authorities

A CA also is in charge of revoking certificates

CA publishes a Certificate Revocation List



Download to your browser
Shows all invalid certificates in the organisation
A CA MUST be explicitly trusted by the system


Trusted Root CAs list in Windows
Certificate cannot be used until the CA’s root
certificate has been accepted as trusted

Accepted very much like Software Licences i.e. nearly
always!
Tecnologia dei Servizi “Grid e cloud computing” - Lezione 005a
49
Certificate Authenticity

CAs confirm the certificate’s authenticity by
digitally signing it




CA computes a hash of the certificate using an agreed
(non-secret) algorithm
CA encrypts this hash with their private key and
appends to bottom of certificate
Recipient computes their own hash of the info
Recipient decrypts the hash the CA sent (with the CA’s
public key) and compares with their own

Proves the CA signed the info and the info hasn’t been
tampered with
 Encryption of the info is optional (for privacy)
Tecnologia dei Servizi “Grid e cloud computing” - Lezione 005a
50
A problem

Are there any pitfalls to digital certificates?

Can we alter their contents?


Can we spoof?


No, the CA signed the certificate thus ensuring its integrity
You will need your own CA, and if the application doesn’t
trust it, your certificates won’t work. So no.
What can we do?

STEAL IT!


Someone who holds your digital certificate (and private key)
may safely assume your identity on the Grid
This problem isn’t going away. How can we deal with this?
Tecnologia dei Servizi “Grid e cloud computing” - Lezione 005a
51
Certificate Revocation Lists

list of serial numbers of the certificates



which have been revoked
are no longer valid
and should not be relied upon by any system user

CRLs are usually signed by the issuing CA and therefore
carry a digital signature

Type of revocations:


Non reversible:a certificate is irreversibly revoked
Reversible: the certificate is on hold;

this reversible status can be used to notice the temporary invalidity of the
certificate, for instance when the user is not sure if the private key has
been lost.
Tecnologia dei Servizi “Grid e cloud computing” - Lezione 005a
52
PKI basics


PKI provides, among other services, an authentication
protocol relying on asymmetric encryption.
One of the keys is kept private, the other is made public.
Public keys are distributed using certificates which are
digitally signed by trusted authorities
Clear-text Input
Cipher-text
“An intro to
PKI and few
deploy hints”
Clear-text Output
“Py75c%bn&*)9|f
[email protected]=&
nmdFgegMs”
Encryption
“An intro to
PKI and few
deploy hints”
Decryption
Different keys
Tecnologia dei Servizi “Grid e cloud computing” - Lezione 005a
53
PKI: Obtaining a Certificate
User generates
a key pair
Public key is
submitted to CA
for certification
User identity verified,
Digital signature added,
Certificate produced
Alice
Priv
pub
pub
DS
Cert
Certificate is sent
to the user
Tecnologia dei Servizi “Grid e cloud computing” - Lezione 005a
Certification Server
54
PKI: Authentication with Certificates
Certificate is sent
for authentication
Alice
Bob
Alice
Alice
pub
pub
DS
DS
Cert
Cert
&[email protected]%
&[email protected]%
Priv
I Like Flowers
Encrypt using private key
?
Decrypt using public key
in certificate and compare
Tecnologia dei Servizi “Grid e cloud computing” - Lezione 005a
I Like Flowers
Bob verifies the
digital signature
on the certificate
He can trust that the public
key really belongs to Alice,
but is it Alice standing if
front of him ?
Bob challenges
Alice to encrypt
for him a random
phrase he
generated
55
Authentication
Intro
 Basic Cryptography
 Digital Signature
 PKI
 Proxy

Tecnologia dei Servizi “Grid e cloud computing” - Lezione 005a
56
X.509 Proxy Certificate

Extension to X.509 Identity Certificates

signed by the normal end entity cert (or by another
proxy)
Enables single sign-on
 Support




Delegation
Mutual authentication
Has a limited lifetime

minimized risk of “compromised credentials”
Tecnologia dei Servizi “Grid e cloud computing” - Lezione 005a
57
Creating a proxy

Command: grid-proxy-init



User enters pass phrase, which is used to decrypt private key
Private key is used to sign a proxy certificate with its own, new
public/private key pair.
User’s private key not exposed after proxy has been signed
User
certificate file
Pass
Phrase

Proxy placed in /tmp




Private Key
(Encrypted)
User Proxy
certificate file
the private key of the Proxy is not encrypted:
stored in local file: must be readable only by the owner;
proxy lifetime is short (typically 12 h) to minimize security risks.
NOTE: No network traffic!
Tecnologia dei Servizi “Grid e cloud computing” - Lezione 005a
58
Delegation and limited proxy

Proxy credential


Delegation = remote creation of a (second level) proxy credential



New key pair generated remotely on server
Client signs proxy cert and returns it
Allows remote process to authenticate on behalf of the user


the combination of a proxy certificate and its corresponding private key
Remote process “impersonates” the user
The client can elect to delegate a “limited proxy”



Each service decides whether it will allow authentication with a limited
proxy
Job manager service requires a full proxy
GridFTP server allows either full or limited proxy to be used
Tecnologia dei Servizi “Grid e cloud computing” - Lezione 005a
59
CONCLUSION

Security is a combination of technical
implementation and sociological behaviour

There can be no overall security policy for the
Grid – integrate existing site policies

The establishment of identity on the Grid
(authentication) is achieved through the use of
PKI Certificates and Proxies
Tecnologia dei Servizi “Grid e cloud computing” - Lezione 005a
60
Descargar

Lezione 001 6 Aprile 2009 - Istituto Nazionale di Fisica