Scholarly article on topic 'Authentication in Grid Security Infrastructure-Survey'

Authentication in Grid Security Infrastructure-Survey Academic research paper on "Computer and information sciences"

CC BY-NC-ND
0
0
Share paper
Academic journal
Procedia Engineering
OECD Field of science
Keywords
{"Grid security" / Challenges / Authentication}

Abstract of research paper on Computer and information sciences, author of scientific article — R.Kalai Selvi, V. Kavitha

Abstract Grid Computing is an emerging computing mode which enables the coordinated sharing of widely distributed resources. It provides the ability to perform high throughput computing. Grid computing involves sharing heterogeneous resources based on different platforms, hardware/software architectures and computer Languages located in different places belonging to different administrative domains over a network. The grid security focuses on implementation of safe access for different domains in dynamic grid environment. Today's research focus is towards the protection of privacy and anonymity of grid stakeholders in the service oriented computational grid framework.In grid environment, the four classical security aspects –confidentiality, privacy, authentication and integrity has to be addressed. Scalable encryption and authentication algorithms provide confidentiality and authentication. This paper describes survey of grid computing and enhancement of the level of security in dynamic grid environment in the services of authentication.

Academic research paper on topic "Authentication in Grid Security Infrastructure-Survey"

Available online at www.sciencedirect.com

SciVerse ScienceDirect

Procedia Engineering 38 (2012) 4030 - 4036

International Conference on Modelling, Optimization and Computing(ICMOC2012)

Authentication in Grid Security Infrastructure-Survey

R.Kalai Selvia, Dr.V.Kavithab

aAssociate professor,Dept of CSE,Noorul Islam University,Kumaracoil-629180, Tamilnadu,India bDirector i/c, University College of Engineering,Nagercoil,Anna University of Technology-Tirunelveli,India

Abstract

Grid Computing is an emerging computing mode which enables the coordinated sharing of widely distributed resources. It provides the ability to perform high throughput computing. Grid computing involves sharing heterogeneous resources based on different platforms, hardware/software architectures and computer Languages located in different places belonging to different administrative domains over a network. The grid security focuses on implementation of safe access for different domains in dynamic grid environment. Today's research focus is towards the protection of privacy and anonymity of grid stakeholders in the service oriented computational grid framework.In grid environment, the four classical security aspects -confidentiality, privacy, authentication and integrity has to be addressed. Scalable encryption and authentication algorithms provide confidentiality and authentication. This paper describes survey of grid computing and enhancement of the level of security in dynamic grid environment in the services of authentication.

©2012 Published by Elsevier Ltd. Selection and/or peer-review under responsibility of Noorul Islam

Centre for Higher Education

Keywords: Grid security; Challenges; Authentication.

1. Introduction

The term "the Grid" was coined in the mid 1990s to denote a proposed distributed computing infrastructure for advanced science and engineering. Grid Computing System connects distributed heterogeneous computing resources with high speed networks and integrates them into a transparent environment. Grid is mainly used in large scale distributed high-performance computing and provides the users with remote computing resources. Grid computing is concerned with the sharing and coordinated use of diverse resources in distributed "virtual organizations.

*R. Kalaiselvi. Tel -+91-9444859358 E-Mail Address:kalaiselvir32@gmail.com

1877-7058 © 2012 Published by Elsevier Ltd. doi:10.1016/j.proeng.2012.06.461

The Globus Toolkit (GT) is designed to support the development of distributed computing applications and infrastructures. The GSI (Globus Security Infrastructure), proposed by Foster et al. In 1998, GSI is one of the most famous security architecture. The GSI is based on Public Key Infrastructure (PKI), which performs mutual authentication via X.509 certificates.

Grid means a network of crossed lines forming a series of squares. Grid is a new computational approach which mainly concentrates on solving particular problem in heterogeneous environment by satisfying the needs for the people. Grid concept is defined as the controlled and co-ordinate resource sharing and problem solving in dynamic, multi-institutional virtual organizations. A kind of distributed computing over a network (public or private) based on the principle of virtualization of computing and data resources such as processing, network bandwidth, and storage capacity to provide seamless access to vast IT capabilities. Grid computing is based on an open set of standards (e.g., OGSA)and protocols that enable communication across heterogeneous, geographically dispersed environments.

The grid is one such technology providing solution to the industry expectation by the way of resource sharing and allocation. Based on the user's needs it provides resources at minimum overhead. And it performs virtual organization to solve a particular task. The concept of Virtual Organization is the key to grid computing. The dynamic grouping of individuals ,multiple groups or organizations that defined the conditions and rules for sharing are called virtual organizations(VO).The interaction between the VOs require high level of security than normal authentication, encryption and authorization.

2. Grid Security

Security is defined in the resource layer of the grid architecture. The resources being used may be valuable and the problems being solved or tasks being attempted sensitive. The security problem in grid environment are complex. Because resources are located in different administrative domains with each resource potential having its own policies and procedures.

The security service is a processing or communication service provided by a system to give a specific kind of protection to system resources. Security services implement security policies and are implemented by security mechanisms. Security concerns are complicated by the fact that there are different requirements by users, resource owners, developers who are creating (or) adapting their current products & tools to take advantages of the grid technology.

2.1 Grid Security Infrastructure

Based on public key encryption, X.509 certificates and Secure Socket Layer(SSL)communication protocol are used for grid authentication.Extensions to these standards have been added for single sign-on and delegation. The Globus toolkit uses GSI for enabling secure authentication and communication for participants in the grid.

Building security architecture to enable, dynamic, scalable and distributed Virtual Organizations

by protecting resources of resource providers and interest of end users through

• Authentication

• Confidentiality/Privacy

• Integrity

Authentication mechanism helps to establish proof of identities. The authentication process ensures that the origin of an electronic message or document is currently identified. Authentication service is concerned with assuring that the communication is authentic. The function of authentication service is to

assure that the recipient that the message is from the source that it claim to be from. The principle of confidentiality specifies that only the sender and the receiver should be able to access the contents of a message.ie the protection of data from the unauthorized disclosure. Integrity gives the assurance that the data received are not modified /deleted/updated/replayed.

2.2. GSS-API

Grid security service-Application Program Interface(GSS-API)is used to acquire, forward &verify authentication credentials. The grid computing data exchange must be protected using secure communication channel. The security Infrastructure used for securing grid is the Grid Security Infrastructure(GSI).The grid security Taxonomy mainly characterized into 3 groups. Architecture, Infrastructure & Management. GSI enabling secure authentication & communication over an open network provides a number of services for grid including mutual authentication &single sign-on.

GSI based on public key encryption is X.509 certificates & the SSL communication protocols. Security is a standard released by OASIS (Organization for the Advancement of Structured Information Standard).There are mainly 3 levels of security namely

• SSL -Secure Socket Layer

• MLS -Message Level Security

• TLS-Transport level security.

TLS Protocol defines a protocol to provide privacy and data integrity between two communicating applications. It is layered on top of a reliable transport protocol such as TCP. The Light Weight Directory Access Protocol (LDAP) builds on TCP to define a query response protocol for querying the state of a remote data base. Grid Security Service (GSS)-Application Program Interface (API) is used to acquire, forward, & verify authentication credentials and to provide transport layer integrity & privacy within these SDKS & servers, enabling substitutions of alternative security services at the connectivity layer.

The WS-Security core specification defines the application of XML encryption & XML digital signatures to provide end -to end messaging, integrity, ¿¿confidentiality without supporting the communication protocol. GSI-define extensions for SSL/TLS& X.509 have been defined to allow single sign-on (proxy-certificate) &delegation. All these protocols are defined in resource layer which initiate and control local resources. Some of the standard protocols and mechanisms used in grid computing systems.

• Public Key Infrastructure (PKI).

• SSL.

• Kerberos.

• IP Security.

An infrastructure which supports the public key based authentication & encryption is called PKI. It has a concept called certificate. Certificates are credentials of the specific user containing the user details which is signed by the CA. Different types of certificates are available .The most popular & commonly used certificate format is called X.509 format. A typical X.509 certificate consists of the following information.

• Versioning

• User's information

• Signature algorithm

• Validity of the certificate.

• Public Key Information.

The grid computing data exchange must be protected using secure communication channel (SSL/TLS).Secure exchange mechanism is known as WS-Security. The security infrastructure used for securing grid is known as Grid Security Infrastructure (GSI).GSI provides the capabilities for single sign-on, heterogeneous platform, Integration, secure resource access/authentication.

The security focuses on implementation of safe access for different domains in dynamic grid environment. A scalable encryption and authentication algorithm provides confidentiality and authentication. A service that enhances the security of the data processing systems and the information transfers of an organization.

In grid security, web service security involves achieving end-to-end message security between the initial senders of the message to the final receiver of the message .These messages may go through many intermediaries on the way. This message security is a combination of different level of security requirements including end-point authentication and authorization, message integrity, message confidentiality, privacy, trust and federation among collaborators.In general, the end-to-end security can be achieved by

• A web service end point can ask the requester to submit the necessary claims.

• A requester can send the message along with proof of the claim, which is normally called "Security tokens" such as user name /password, Kerberos tickets, and X509 certificates.

• If the requester does not have the required claims ,the requester can obtain the claims from other trusted agency and pass these claims along with the message .These trusted authorities are called "security token services"

WS-Security standard defines a SOAP header with a number of security assertions and metainformation. This provides quality of protection through message integrity and message confidentiality. Security standard defines a SOAP header with a number of security assertions and meta-information. This provides quality of protection through message integrity and message confidentiality.

3.Grid security challenges

Grid Computing has made significant landmarks in field of high-performance computing, there are still a number of challenges that need to be addressed to provide seamless computing environment. One of the main challenges is the heterogeneity that results from the vast range of technologies, both software and hardware, encompassed by the Grid. Another challenge involves the handling of Grid resources that are administrative control of different organizations. It follows that the availability and performance of Grid resources are unpredictable as requests from within an administrative domain may gain more priority over requests from outside. Thus dynamic nature of Grid environment poses yet another challenge. In short, we can collect some of the expectations in the following list:

• Enabling efficient and optimal resource usage.

• Share inter-organization resources efficiently.

• Secure user authentication and authorization.

• Security of stored data and programs.

• Secure Communication.

• Centralized or semi-centralized control.

• Auditing.

• Enforcement of Quality of Service (QOS) and Service Level Agreements (SLA) Interoperability of different grids.

• Support for transactional processes. 4. Related Works

Fosteretal. present a comprehensive introduction to the issues involved in grid computing and the Open Grid Services Architecture (OGSA) model. Some approaches to handle the issue of interoperability of local security solutions with global grid security policies are proposed. Coming to the password-based methods aspect, Sanyal et al. present some novel ideas about how to implement grid security, without appreciable performance degradation in grids. A suitable alternative to the computationally expensive encryption was suggested. Methods like spatial split-distribution of key information, Chaffing and Winnowing are used in their schemes. The shortcomings of their schemes are that they cannot provide adequate performance for authentication and the Chaffing and Winnowing protocols they used is not optimized.

In 1992 Bellovin and Merritt of Bell Labs published a family of methods called Encrypted Key Exchange (EKE). These methods provide key exchange with mutual authentication based on weak secrets. On the implementation side, Steiner et al. added a refined password-based Diffie-Hellman Key Exchange method to TLS. Methods for Authenticated Key Exchange (AKE) was first presented by Bellovin and Merritt, and proved secure by Bresson, Chevassut and Point cheval. Fang et al. discusses an implementation of an Authentication rendered on message primitives defined in the WS-Trust and WS-Secure Conversation specifications.

According to Rongxing Lu, Zhenfu Cao, Zhenchuan Chai, in " A simple user authentication scheme for grid computing" huge number of password-based user authentication strategies are nominated for unriddling the authentication issue. A fresh password based user authentication scheme established on the elliptic curve cryptosystem was also suggested. The Password based simple user authentication scheme for grid computing comprises of three phases: the registration phase, the authentication phase and the password change phase.

The fall back of password based user authentication scheme is because they are grounded on smart card and never render powerful mutual authentication. The scheme based on the elliptic curve cryptosystem is simple, because it never motive neither symmetric encryption algorithm nor verification table. There is no assurance that the grid can be prevent from attacks like Replay attack, On-Line Password Guessing Attack, Off-Line Password Guessing attack and so on.

According to Qinghua Li and Guohong Cao in "Multicast Authentication in Smart Grid with One-Time Signature" multicast has been projected to be useful in numerous Smart Grid applications like demand-response, wide area protection, in-substation protection, and various operation and control. Because the multicast messages are corresponding to critical control, authentication is obligatory to protect message forgery attacks, established on these requirements, we found that heavy signing light verification(HSLV) and Light Signing Heavy Verification (LSHV) is a promising solution, due to its short authentication delay and low computation cost. HSLV with LSHV are aligned to produce a new scheme Tunable Signing and Verification (TSV) that attains a flexible tradeoff between the two. The most straightforward solution to multicast authentication is to use public key cryptography (PKC) based digital signatures like RSA. Even so, these signatures have so much computation cost for Smart Grid because most field devices and home appliances are resource-constrained and they might not be able to sign or verify a message within the time constraint. Hybrid approaches have been proposed to minimize

the computation cost. These approaches merge PKC with efficient one-way functions. Despite, generating one digital signature for each message, they produce one signature for multiple messages, and the verification of the signature authenticates all those messages. Therefore, the cost of PKC-based signing and verification is amortized over multiple messages. In these types of approaches, nonetheless, a message (before being authenticated) should be buffered by the sender or receiver till the last message that shares the same signature is available. Thus, the authentication delay may be long, and couldn't meet the time requirement of Smart Grid applications.The drawback of both the scheme is that it has much lower storage requirement and its signing cost and the verification costs are high. This scheme that increase the storage cost by a factor of 8 and reduce the signature size by 40% compared with existing schemes. Thus, our scheme is not appropriate for Grid applications because the receivers have limited storage or where data communication is frequent and short.

According to Chong-Yen Lee, Tsang-Yean Lee, Homer Wu, Hau-Dong Tsui, Heng Sheng Chen in "Secure Site Authentication and Message Transmission Based on Grid Environment", Grid computing architecture was defined to be a complete physical layer. Data transfer in network should be insecure. In this study, encryption and decryption algorithms of a site authentication and its message are formulated and enforced in each grid node to make sure secure transmitted information. If the site information is built in supervisor node then it may receive data sent from other grid nodes in safety as well. Message processing is kept in secure for most systems when these algorithms are installed in all nodes. This scheme aimed a dynamic supervising model. The demerit of this scheme is the key is a mix of the location of the format code and one of its values. Different values of the format code make different combination of tables and data. The location of the format code and different combination of format code should be known before the decryption is carried on. These processes are not much sophisticated to reach cryptanalysis. Via implementing algorithms, message receiving and sending are insecure through network transmission.

5. Conclusion

This paper introduces the grid computing concepts and four classical security aspects such as confidentiality, privacy, authentication and integrity in the dynamic grid environment and also challenges in grid security is addressed . Various types of authentication algorithms and their approach in grid security infrastructure is discussed.

References

[1] Multicast Authentication in Smart Grid With One-Time Signature, Qinghua Li, Student Member, IEEE, Guohong Cao, Fellow, IEEE.

[2] Secure Site Authentication and Message Transmission Based on Grid Environment

Chong-Yen Lee, Tsang-Yean Lee, Homer Wu, Hau-Dong Tsui, Heng Sheng Chen, 2009 Fifth International Joint Conference on INC, IMS and IDC.

[3] A Simple User Authentication Scheme for Grid Computing

Rongxing Lu, Zhenfu Cao, Zhenchuan Chai, and Xiaohui Liang, International Journal of Network Security, Vol.7, No.2, PP.202-206, Sept. 2008.

[4] Secure Electronic Commerce: Building the Infrastructure for Digital Signatures and Encryption, 2nd ed. Englewood Cliffs, NJ: Prentice Hall. Ford, W., & Baum, M.S. (2001).

[5]Understanding Digital Signatures: Establishing Trust over the Internet and Other Networks. New York: Computing McGraw-Grant, G.L.

[6]Cryptography and Number Theory for Digital Cash Grabbe, J.O.

[7]Kahn on Codes: Secrets of the New Cryptology. New York: Macmillan Kahn.

[8]Cryptography: The Science of Secret Writing. New York: Dover Publications. Smith, L.D.

[9]Classical and Contemporary Cryptology. Upper Saddle River, NJ: Pearson Prentice-Hall. Spillman, R.J.

[10]Introduction to Cryptography with Coding Theory, 2nd ed. Upper Saddle River, NJ: Pearson Prentice Hall. Trappe, W., & Washington, L.C. (2006).

[1 l]Malicious Cryptography: Exposing Cryptovirology. New York: John Wiley & Sons. Young, A., & Yung, M. (2004).