SlideShare ist ein Scribd-Unternehmen logo

grid authentication

Als PPT, PDF herunterladen
أحلام انصارى
أحلام انصارى
1 von 12
Grid Authentication Technologies Asif Motorwala Abbas Shamji
Agenda • Quick Refresher on PKI • Grid portal integration • Example: grid approach – Cross-certification and PKI Bridges – National PKI context
Two Types of Cryptography • Symmetric key cryptography – A pre-shared secret is used to encrypt the data – Some examples: DES, 3-DES, RC4, etc • Public key cryptography – A pair of mathematically related keys are generated • One of the keys, the Public Key, is freely distributed • The other key, the Private Key, is kept confidential – Given one of the keys, it is computationally very hard to compute the other
Public Key Cryptography – Data encrypted using the public key can only be decrypted by the person with the private key Example: Bob sends secret data to Alice 1. Bob obtains a 1. Alice receives copy of Alice’s the data public key 2. Alice decrypts 2. Bob encrypts the data using the data using the private the public key key that only and sends it she possesses to Alice
A Digital Certificate is: – An object that binds a user’s identity to their public key – An object signed by a Certification Authority (CA) – An object containing some attributes about the person who owns the certificate – An object containing some information about the CA • Useful for relying party to understand campus identity policy – Often published in a campus directory if support for encryption is anticipated
Digital Certificates and Security • Login id and password never flow over the network • Strong cryptography – what does flow over the network is very safe • Enables mutual authentication • Defeats a variety of man in the middle attacks • No (practical) brute-force attacks • Is often easier to use than login/password
DRM Security • The ASCI DRM environment uses a Kerberos implementation of the GSS-API. – As far as tools and APIs go, this is not visible. (That’s the point of GSS- API!) – However, it is NOT interoperable with GSI based versions of the Globus Toolkit – Various differences of Kerberos vs GSI: • The security files created “under the covers” in the system and the services are different. • Different commands to login, logout, etc. • Treatment – We will discuss security using GSI (PKI). – Pat will talk later about how the Kerberos GSS-API changes things in the DRM.
Good Practices For Grid Authentication:- Trust, Private Key Protection and Non-Repudiation • Digital signatures - based on the idea that only the user has access their private key • A user’s private key is generally protected by the workstation’s operating system – Typical protection is no better than for any password that the user lets the operating system store • Hardware tokens can be used for strong private key protection, mobility, and as a component in a non-repudiation strategy
Grid Security Infrastructure (GSI) • Basic Grid security needs – Strong authentication – Ability to encrypt data – Single sign-on • Solution – GSI is based on PKI and certificates are used for authentication – Uses mutual authentication and encryption when needed
PKI Mutual Authentication • Client Authentication 1. Client connects to server and sends user’s certificate 2. Server uses its root key store to validate the user’s certificate 3. Server sends client some random data; client uses private key to encrypt data; server decrypts data validating that client has access to the private key • Server Authentication 1. Server replies sending its digital certificate to the client 2. Client validates the server’s certificate using its trusted root store 3. Client sends some random data to the server; server encrypts the data using its private key; client decrypts data validating that server has access to the private key • Globus uses SSL/TLS to accomplish mutual authentication
Background: Cross-certification • Top section I: UAB I: UVA S: UAB S: UVA – Traditional hierarchical validation example I: UAB I: UVA S: User-2 S: User-1 • Bottom section – Validation using cross I: UAB I: UVA certification example S: UAB S: UVA – UVA signed a certificate I: UAB Cross I: UVA request from the UAB CA S: UVA Certs S: UAB – UAB signed a certificate request from the UVA CA I: UVA I: UAB S: User-1 S: User-2
THANK YOU

Empfohlen

PKI Industry growth in Bangladesh
PKI Industry growth in BangladeshPKI Industry growth in Bangladesh
PKI Industry growth in BangladeshBangladesh Network Operators Group
 
Introduction to Public Key Infrastructure
Introduction to Public Key InfrastructureIntroduction to Public Key Infrastructure
Introduction to Public Key InfrastructureTheo Gravity
 
501 ch 10 understanding cryptography and pki
501 ch 10 understanding cryptography and pki501 ch 10 understanding cryptography and pki
501 ch 10 understanding cryptography and pkigocybersec
 
Pki for dummies
Pki for dummiesPki for dummies
Pki for dummiesAlex de Jong
 
as2 concepts
as2 conceptsas2 concepts
as2 conceptslittlefoxcommunications
 
501 ch 2 understanding iam
501 ch 2 understanding iam501 ch 2 understanding iam
501 ch 2 understanding iamgocybersec
 
Digital certificates and information security
Digital certificates and information securityDigital certificates and information security
Digital certificates and information securityDevam Shah
 
501 ch 8 risk managment tool
501 ch 8 risk managment tool501 ch 8 risk managment tool
501 ch 8 risk managment toolgocybersec
 

Empfohlen

PKI Industry growth in Bangladesh
PKI Industry growth in BangladeshPKI Industry growth in Bangladesh
PKI Industry growth in BangladeshBangladesh Network Operators Group
 
Introduction to Public Key Infrastructure
Introduction to Public Key InfrastructureIntroduction to Public Key Infrastructure
Introduction to Public Key InfrastructureTheo Gravity
 
501 ch 10 understanding cryptography and pki
501 ch 10 understanding cryptography and pki501 ch 10 understanding cryptography and pki
501 ch 10 understanding cryptography and pkigocybersec
 
Pki for dummies
Pki for dummiesPki for dummies
Pki for dummiesAlex de Jong
 
as2 concepts
as2 conceptsas2 concepts
as2 conceptslittlefoxcommunications
 
501 ch 2 understanding iam
501 ch 2 understanding iam501 ch 2 understanding iam
501 ch 2 understanding iamgocybersec
 
Digital certificates and information security
Digital certificates and information securityDigital certificates and information security
Digital certificates and information securityDevam Shah
 
501 ch 8 risk managment tool
501 ch 8 risk managment tool501 ch 8 risk managment tool
501 ch 8 risk managment toolgocybersec
 
501 ch 7 protecting against advanced attacks
501 ch 7 protecting against advanced attacks501 ch 7 protecting against advanced attacks
501 ch 7 protecting against advanced attacksgocybersec
 
501 ch 5 securing hosts and data
501 ch 5 securing hosts and data501 ch 5 securing hosts and data
501 ch 5 securing hosts and datagocybersec
 
Impact of digital certificate in network security
Impact of digital certificate in network securityImpact of digital certificate in network security
Impact of digital certificate in network securityrhassan84
 
Key management
Key managementKey management
Key managementBrandon Byungyong Jo
 
Ssl certificates
Ssl certificatesSsl certificates
Ssl certificatesCollege
 
PKI by Gene Itkis
PKI by Gene ItkisPKI by Gene Itkis
PKI by Gene ItkisInformation Security Awareness Group
 
Essential Guide to Protect Your Data [Key Management Techniques]
Essential Guide to Protect Your Data [Key Management Techniques]Essential Guide to Protect Your Data [Key Management Techniques]
Essential Guide to Protect Your Data [Key Management Techniques]SISA Information Security Pvt.Ltd
 
Digital certificates in e commerce
Digital certificates in e commerceDigital certificates in e commerce
Digital certificates in e commercemahesh tawade
 
Ppt
PptPpt
PptNidhi Bansal
 
Understanding Digital Certificates & Secure Sockets Layer
Understanding Digital Certificates & Secure Sockets LayerUnderstanding Digital Certificates & Secure Sockets Layer
Understanding Digital Certificates & Secure Sockets LayerCheapSSLUSA
 
Burt Kaliski RSA conference 2007
Burt Kaliski RSA conference 2007Burt Kaliski RSA conference 2007
Burt Kaliski RSA conference 2007Information Security Awareness Group
 
Public key Infrastructure (PKI)
Public key Infrastructure (PKI)Public key Infrastructure (PKI)
Public key Infrastructure (PKI)Venkatesh Jambulingam
 
CRYPTOGRAPHY AND NETWORK SECURITY
CRYPTOGRAPHY AND NETWORK SECURITYCRYPTOGRAPHY AND NETWORK SECURITY
CRYPTOGRAPHY AND NETWORK SECURITYKathirvel Ayyaswamy
 
Certification authority
Certification authorityCertification authority
Certification authorityproser tech
 
Key Management and Distribution
Key Management and DistributionKey Management and Distribution
Key Management and DistributionSyed Bahadur Shah
 
Microservices Security: dos and don'ts
Microservices Security: dos and don'tsMicroservices Security: dos and don'ts
Microservices Security: dos and don'tsMinded Security
 
Implementing Public-Key-Infrastructures
Implementing Public-Key-InfrastructuresImplementing Public-Key-Infrastructures
Implementing Public-Key-InfrastructuresOliver Pfaff
 
PKI and Applications
PKI and ApplicationsPKI and Applications
PKI and ApplicationsSvetlin Nakov
 
kerberos
kerberoskerberos
kerberossameer farooq
 
Zero trust Architecture
Zero trust Architecture Zero trust Architecture
Zero trust Architecture AddWeb Solution Pvt. Ltd.
 
Certificates, PKI, and SSL/TLS for infrastructure builders and operators
Certificates, PKI, and SSL/TLS for infrastructure builders and operatorsCertificates, PKI, and SSL/TLS for infrastructure builders and operators
Certificates, PKI, and SSL/TLS for infrastructure builders and operatorsDavid Ochel
 
PKI101 polk
PKI101 polkPKI101 polk
PKI101 polkAvirot Mitamura
 

Weitere ähnliche Inhalte

Was ist angesagt?

501 ch 7 protecting against advanced attacks
501 ch 7 protecting against advanced attacks501 ch 7 protecting against advanced attacks
501 ch 7 protecting against advanced attacksgocybersec
 
501 ch 5 securing hosts and data
501 ch 5 securing hosts and data501 ch 5 securing hosts and data
501 ch 5 securing hosts and datagocybersec
 
Impact of digital certificate in network security
Impact of digital certificate in network securityImpact of digital certificate in network security
Impact of digital certificate in network securityrhassan84
 
Ssl certificates
Ssl certificatesSsl certificates
Ssl certificatesCollege
 
Essential Guide to Protect Your Data [Key Management Techniques]
Essential Guide to Protect Your Data [Key Management Techniques]Essential Guide to Protect Your Data [Key Management Techniques]
Essential Guide to Protect Your Data [Key Management Techniques]SISA Information Security Pvt.Ltd
 
Digital certificates in e commerce
Digital certificates in e commerceDigital certificates in e commerce
Digital certificates in e commercemahesh tawade
 
Understanding Digital Certificates & Secure Sockets Layer
Understanding Digital Certificates & Secure Sockets LayerUnderstanding Digital Certificates & Secure Sockets Layer
Understanding Digital Certificates & Secure Sockets LayerCheapSSLUSA
 
CRYPTOGRAPHY AND NETWORK SECURITY
CRYPTOGRAPHY AND NETWORK SECURITYCRYPTOGRAPHY AND NETWORK SECURITY
CRYPTOGRAPHY AND NETWORK SECURITYKathirvel Ayyaswamy
 
Certification authority
Certification authorityCertification authority
Certification authorityproser tech
 
Key Management and Distribution
Key Management and DistributionKey Management and Distribution
Key Management and DistributionSyed Bahadur Shah
 
Microservices Security: dos and don'ts
Microservices Security: dos and don'tsMicroservices Security: dos and don'ts
Microservices Security: dos and don'tsMinded Security
 
Implementing Public-Key-Infrastructures
Implementing Public-Key-InfrastructuresImplementing Public-Key-Infrastructures
Implementing Public-Key-InfrastructuresOliver Pfaff
 
PKI and Applications
PKI and ApplicationsPKI and Applications
PKI and ApplicationsSvetlin Nakov
 

Was ist angesagt? (20)

501 ch 7 protecting against advanced attacks
501 ch 7 protecting against advanced attacks501 ch 7 protecting against advanced attacks
501 ch 7 protecting against advanced attacks
 
501 ch 5 securing hosts and data
501 ch 5 securing hosts and data501 ch 5 securing hosts and data
501 ch 5 securing hosts and data
 
Impact of digital certificate in network security
Impact of digital certificate in network securityImpact of digital certificate in network security
Impact of digital certificate in network security
 
Key management
Key managementKey management
Key management
 
Ssl certificates
Ssl certificatesSsl certificates
Ssl certificates
 
PKI by Gene Itkis
PKI by Gene ItkisPKI by Gene Itkis
PKI by Gene Itkis
 
Essential Guide to Protect Your Data [Key Management Techniques]
Essential Guide to Protect Your Data [Key Management Techniques]Essential Guide to Protect Your Data [Key Management Techniques]
Essential Guide to Protect Your Data [Key Management Techniques]
 
Digital certificates in e commerce
Digital certificates in e commerceDigital certificates in e commerce
Digital certificates in e commerce
 
Ppt
PptPpt
Ppt
 
Understanding Digital Certificates & Secure Sockets Layer
Understanding Digital Certificates & Secure Sockets LayerUnderstanding Digital Certificates & Secure Sockets Layer
Understanding Digital Certificates & Secure Sockets Layer
 
Burt Kaliski RSA conference 2007
Burt Kaliski RSA conference 2007Burt Kaliski RSA conference 2007
Burt Kaliski RSA conference 2007
 
Public key Infrastructure (PKI)
Public key Infrastructure (PKI)Public key Infrastructure (PKI)
Public key Infrastructure (PKI)
 
CRYPTOGRAPHY AND NETWORK SECURITY
CRYPTOGRAPHY AND NETWORK SECURITYCRYPTOGRAPHY AND NETWORK SECURITY
CRYPTOGRAPHY AND NETWORK SECURITY
 
Certification authority
Certification authorityCertification authority
Certification authority
 
Key Management and Distribution
Key Management and DistributionKey Management and Distribution
Key Management and Distribution
 
Microservices Security: dos and don'ts
Microservices Security: dos and don'tsMicroservices Security: dos and don'ts
Microservices Security: dos and don'ts
 
Implementing Public-Key-Infrastructures
Implementing Public-Key-InfrastructuresImplementing Public-Key-Infrastructures
Implementing Public-Key-Infrastructures
 
PKI and Applications
PKI and ApplicationsPKI and Applications
PKI and Applications
 
kerberos
kerberoskerberos
kerberos
 
Zero trust Architecture
Zero trust Architecture Zero trust Architecture
Zero trust Architecture
 

Ähnlich wie grid authentication

Certificates, PKI, and SSL/TLS for infrastructure builders and operators
Certificates, PKI, and SSL/TLS for infrastructure builders and operatorsCertificates, PKI, and SSL/TLS for infrastructure builders and operators
Certificates, PKI, and SSL/TLS for infrastructure builders and operatorsDavid Ochel
 
Secure electronic transaction
Secure electronic transactionSecure electronic transaction
Secure electronic transactionNishant Pahad
 
Information Security Lesson 9 - Keys - Eric Vanderburg
Information Security Lesson 9 - Keys - Eric VanderburgInformation Security Lesson 9 - Keys - Eric Vanderburg
Information Security Lesson 9 - Keys - Eric VanderburgEric Vanderburg
 
18CS2005 Cryptography and Network Security
18CS2005 Cryptography and Network Security18CS2005 Cryptography and Network Security
18CS2005 Cryptography and Network SecurityKathirvel Ayyaswamy
 
Certificate pinning in android applications
Certificate pinning in android applicationsCertificate pinning in android applications
Certificate pinning in android applicationsArash Ramez
 
Securing Sensitive Data with Azure Key Vault (Tom Kerkhove @ ITProceed)
Securing Sensitive Data with Azure Key Vault (Tom Kerkhove @ ITProceed)Securing Sensitive Data with Azure Key Vault (Tom Kerkhove @ ITProceed)
Securing Sensitive Data with Azure Key Vault (Tom Kerkhove @ ITProceed)Codit
 
ITProceed 2015 - Securing Sensitive Data with Azure Key Vault
ITProceed 2015 - Securing Sensitive Data with Azure Key VaultITProceed 2015 - Securing Sensitive Data with Azure Key Vault
ITProceed 2015 - Securing Sensitive Data with Azure Key VaultTom Kerkhove
 
Public key infrastructure
Public key infrastructurePublic key infrastructure
Public key infrastructureAditya Nama
 
Kerberos Authentication Process In Windows
Kerberos Authentication Process In WindowsKerberos Authentication Process In Windows
Kerberos Authentication Process In Windowsniteshitimpulse
 
Scott Rea - IoT: Taking PKI Where No PKI Has Gone Before
Scott Rea - IoT: Taking PKI Where No PKI Has Gone BeforeScott Rea - IoT: Taking PKI Where No PKI Has Gone Before
Scott Rea - IoT: Taking PKI Where No PKI Has Gone BeforeDigiCert, Inc.
 
Web authentication
Web authenticationWeb authentication
Web authenticationPradeep J V
 
cryptographydiksha.pptx
cryptographydiksha.pptxcryptographydiksha.pptx
cryptographydiksha.pptxDIKSHABORKAR8
 
CS6701 CRYPTOGRAPHY AND NETWORK SECURITY
CS6701 CRYPTOGRAPHY AND NETWORK SECURITYCS6701 CRYPTOGRAPHY AND NETWORK SECURITY
CS6701 CRYPTOGRAPHY AND NETWORK SECURITYKathirvel Ayyaswamy
 
MongoDB .local London 2019: New Encryption Capabilities in MongoDB 4.2: A Dee...
MongoDB .local London 2019: New Encryption Capabilities in MongoDB 4.2: A Dee...MongoDB .local London 2019: New Encryption Capabilities in MongoDB 4.2: A Dee...
MongoDB .local London 2019: New Encryption Capabilities in MongoDB 4.2: A Dee...MongoDB
 
How to write secure code
How to write secure codeHow to write secure code
How to write secure codeFlaskdata.io
 
Single Sign-On, Two Factor & more: Advanced Authentication & Authorization at...
Single Sign-On, Two Factor & more: Advanced Authentication & Authorization at...Single Sign-On, Two Factor & more: Advanced Authentication & Authorization at...
Single Sign-On, Two Factor & more: Advanced Authentication & Authorization at...Shumon Huque
 

Ähnlich wie grid authentication (20)

Certificates, PKI, and SSL/TLS for infrastructure builders and operators
Certificates, PKI, and SSL/TLS for infrastructure builders and operatorsCertificates, PKI, and SSL/TLS for infrastructure builders and operators
Certificates, PKI, and SSL/TLS for infrastructure builders and operators
 
PKI101 polk
PKI101 polkPKI101 polk
PKI101 polk
 
Secure electronic transaction
Secure electronic transactionSecure electronic transaction
Secure electronic transaction
 
Information Security Lesson 9 - Keys - Eric Vanderburg
Information Security Lesson 9 - Keys - Eric VanderburgInformation Security Lesson 9 - Keys - Eric Vanderburg
Information Security Lesson 9 - Keys - Eric Vanderburg
 
18CS2005 Cryptography and Network Security
18CS2005 Cryptography and Network Security18CS2005 Cryptography and Network Security
18CS2005 Cryptography and Network Security
 
authentication.ppt
authentication.pptauthentication.ppt
authentication.ppt
 
Certificate pinning in android applications
Certificate pinning in android applicationsCertificate pinning in android applications
Certificate pinning in android applications
 
Unit08
Unit08Unit08
Unit08
 
Securing Sensitive Data with Azure Key Vault (Tom Kerkhove @ ITProceed)
Securing Sensitive Data with Azure Key Vault (Tom Kerkhove @ ITProceed)Securing Sensitive Data with Azure Key Vault (Tom Kerkhove @ ITProceed)
Securing Sensitive Data with Azure Key Vault (Tom Kerkhove @ ITProceed)
 
ITProceed 2015 - Securing Sensitive Data with Azure Key Vault
ITProceed 2015 - Securing Sensitive Data with Azure Key VaultITProceed 2015 - Securing Sensitive Data with Azure Key Vault
ITProceed 2015 - Securing Sensitive Data with Azure Key Vault
 
Public key infrastructure
Public key infrastructurePublic key infrastructure
Public key infrastructure
 
Kerberos Authentication Process In Windows
Kerberos Authentication Process In WindowsKerberos Authentication Process In Windows
Kerberos Authentication Process In Windows
 
Scott Rea - IoT: Taking PKI Where No PKI Has Gone Before
Scott Rea - IoT: Taking PKI Where No PKI Has Gone BeforeScott Rea - IoT: Taking PKI Where No PKI Has Gone Before
Scott Rea - IoT: Taking PKI Where No PKI Has Gone Before
 
Web authentication
Web authenticationWeb authentication
Web authentication
 
cryptographydiksha.pptx
cryptographydiksha.pptxcryptographydiksha.pptx
cryptographydiksha.pptx
 
CS6701 CRYPTOGRAPHY AND NETWORK SECURITY
CS6701 CRYPTOGRAPHY AND NETWORK SECURITYCS6701 CRYPTOGRAPHY AND NETWORK SECURITY
CS6701 CRYPTOGRAPHY AND NETWORK SECURITY
 
MongoDB .local London 2019: New Encryption Capabilities in MongoDB 4.2: A Dee...
MongoDB .local London 2019: New Encryption Capabilities in MongoDB 4.2: A Dee...MongoDB .local London 2019: New Encryption Capabilities in MongoDB 4.2: A Dee...
MongoDB .local London 2019: New Encryption Capabilities in MongoDB 4.2: A Dee...
 
How to write secure code
How to write secure codeHow to write secure code
How to write secure code
 
Single Sign-On, Two Factor & more: Advanced Authentication & Authorization at...
Single Sign-On, Two Factor & more: Advanced Authentication & Authorization at...Single Sign-On, Two Factor & more: Advanced Authentication & Authorization at...
Single Sign-On, Two Factor & more: Advanced Authentication & Authorization at...
 
The world of encryption
The world of encryptionThe world of encryption
The world of encryption
 

Mehr von أحلام انصارى

An Enhanced Independent Component-Based Human Facial Expression Recognition ...
An Enhanced Independent Component-Based Human Facial Expression Recognition ...An Enhanced Independent Component-Based Human Facial Expression Recognition ...
An Enhanced Independent Component-Based Human Facial Expression Recognition ...أحلام انصارى
 
Intention recognition for dynamic role exchange in haptic
Intention recognition for dynamic role exchange in hapticIntention recognition for dynamic role exchange in haptic
Intention recognition for dynamic role exchange in hapticأحلام انصارى
 
Noise Adaptive Training for Robust Automatic Speech Recognition
Noise Adaptive Training for Robust Automatic Speech RecognitionNoise Adaptive Training for Robust Automatic Speech Recognition
Noise Adaptive Training for Robust Automatic Speech Recognitionأحلام انصارى
 
Human behaviour analysis based on New motion descriptor
Human behaviour analysis based on New motion descriptorHuman behaviour analysis based on New motion descriptor
Human behaviour analysis based on New motion descriptorأحلام انصارى
 
Recognizing Human-Object Interactions in Still Images by Modeling the Mutual ...
Recognizing Human-Object Interactions in Still Images by Modeling the Mutual ...Recognizing Human-Object Interactions in Still Images by Modeling the Mutual ...
Recognizing Human-Object Interactions in Still Images by Modeling the Mutual ...أحلام انصارى
 
Multimodal Biometric Human Recognition for Perceptual Human–Computer Interaction
Multimodal Biometric Human Recognition for Perceptual Human–Computer InteractionMultimodal Biometric Human Recognition for Perceptual Human–Computer Interaction
Multimodal Biometric Human Recognition for Perceptual Human–Computer Interactionأحلام انصارى
 
Html5 offers 5 times better ways to hijack the website
Html5 offers 5 times better ways to hijack the website Html5 offers 5 times better ways to hijack the website
Html5 offers 5 times better ways to hijack the website أحلام انصارى
 
Operating system vulnerability and control
Operating system vulnerability and control Operating system vulnerability and control
Operating system vulnerability and control أحلام انصارى
 

Mehr von أحلام انصارى (20)

An Enhanced Independent Component-Based Human Facial Expression Recognition ...
An Enhanced Independent Component-Based Human Facial Expression Recognition ...An Enhanced Independent Component-Based Human Facial Expression Recognition ...
An Enhanced Independent Component-Based Human Facial Expression Recognition ...
 
Intention recognition for dynamic role exchange in haptic
Intention recognition for dynamic role exchange in hapticIntention recognition for dynamic role exchange in haptic
Intention recognition for dynamic role exchange in haptic
 
Noise Adaptive Training for Robust Automatic Speech Recognition
Noise Adaptive Training for Robust Automatic Speech RecognitionNoise Adaptive Training for Robust Automatic Speech Recognition
Noise Adaptive Training for Robust Automatic Speech Recognition
 
Human behaviour analysis based on New motion descriptor
Human behaviour analysis based on New motion descriptorHuman behaviour analysis based on New motion descriptor
Human behaviour analysis based on New motion descriptor
 
Recognizing Human-Object Interactions in Still Images by Modeling the Mutual ...
Recognizing Human-Object Interactions in Still Images by Modeling the Mutual ...Recognizing Human-Object Interactions in Still Images by Modeling the Mutual ...
Recognizing Human-Object Interactions in Still Images by Modeling the Mutual ...
 
Multimodal Biometric Human Recognition for Perceptual Human–Computer Interaction
Multimodal Biometric Human Recognition for Perceptual Human–Computer InteractionMultimodal Biometric Human Recognition for Perceptual Human–Computer Interaction
Multimodal Biometric Human Recognition for Perceptual Human–Computer Interaction
 
Security issues in cloud database
Security issues in cloud database Security issues in cloud database
Security issues in cloud database
 
Html5 offers 5 times better ways to hijack the website
Html5 offers 5 times better ways to hijack the website Html5 offers 5 times better ways to hijack the website
Html5 offers 5 times better ways to hijack the website
 
Honey pot in cloud computing
Honey pot in cloud computingHoney pot in cloud computing
Honey pot in cloud computing
 
Security As A Service In Cloud(SECaaS)
Security As A Service In Cloud(SECaaS)Security As A Service In Cloud(SECaaS)
Security As A Service In Cloud(SECaaS)
 
Dos presentation by ahlam shakeel
Dos presentation by ahlam shakeelDos presentation by ahlam shakeel
Dos presentation by ahlam shakeel
 
Soa
SoaSoa
Soa
 
Rbac
RbacRbac
Rbac
 
Password craking techniques
Password craking techniques Password craking techniques
Password craking techniques
 
Operating system vulnerability and control
Operating system vulnerability and control Operating system vulnerability and control
Operating system vulnerability and control
 
Network ssecurity toolkit
Network ssecurity toolkitNetwork ssecurity toolkit
Network ssecurity toolkit
 
Image forgery and security
Image forgery and securityImage forgery and security
Image forgery and security
 
Image based authentication
Image based authenticationImage based authentication
Image based authentication
 
Dmz
Dmz Dmz
Dmz
 
Cryptography
Cryptography Cryptography
Cryptography
 

grid authentication

  • 1. Grid Authentication Technologies Asif Motorwala Abbas Shamji
  • 2. Agenda • Quick Refresher on PKI • Grid portal integration • Example: grid approach – Cross-certification and PKI Bridges – National PKI context
  • 3. Two Types of Cryptography • Symmetric key cryptography – A pre-shared secret is used to encrypt the data – Some examples: DES, 3-DES, RC4, etc • Public key cryptography – A pair of mathematically related keys are generated • One of the keys, the Public Key, is freely distributed • The other key, the Private Key, is kept confidential – Given one of the keys, it is computationally very hard to compute the other
  • 4. Public Key Cryptography – Data encrypted using the public key can only be decrypted by the person with the private key Example: Bob sends secret data to Alice 1. Bob obtains a 1. Alice receives copy of Alice’s the data public key 2. Alice decrypts 2. Bob encrypts the data using the data using the private the public key key that only and sends it she possesses to Alice
  • 5. A Digital Certificate is: – An object that binds a user’s identity to their public key – An object signed by a Certification Authority (CA) – An object containing some attributes about the person who owns the certificate – An object containing some information about the CA • Useful for relying party to understand campus identity policy – Often published in a campus directory if support for encryption is anticipated
  • 6. Digital Certificates and Security • Login id and password never flow over the network • Strong cryptography – what does flow over the network is very safe • Enables mutual authentication • Defeats a variety of man in the middle attacks • No (practical) brute-force attacks • Is often easier to use than login/password
  • 7. DRM Security • The ASCI DRM environment uses a Kerberos implementation of the GSS-API. – As far as tools and APIs go, this is not visible. (That’s the point of GSS- API!) – However, it is NOT interoperable with GSI based versions of the Globus Toolkit – Various differences of Kerberos vs GSI: • The security files created “under the covers” in the system and the services are different. • Different commands to login, logout, etc. • Treatment – We will discuss security using GSI (PKI). – Pat will talk later about how the Kerberos GSS-API changes things in the DRM.
  • 8. Good Practices For Grid Authentication:- Trust, Private Key Protection and Non-Repudiation • Digital signatures - based on the idea that only the user has access their private key • A user’s private key is generally protected by the workstation’s operating system – Typical protection is no better than for any password that the user lets the operating system store • Hardware tokens can be used for strong private key protection, mobility, and as a component in a non-repudiation strategy
  • 9. Grid Security Infrastructure (GSI) • Basic Grid security needs – Strong authentication – Ability to encrypt data – Single sign-on • Solution – GSI is based on PKI and certificates are used for authentication – Uses mutual authentication and encryption when needed
  • 10. PKI Mutual Authentication • Client Authentication 1. Client connects to server and sends user’s certificate 2. Server uses its root key store to validate the user’s certificate 3. Server sends client some random data; client uses private key to encrypt data; server decrypts data validating that client has access to the private key • Server Authentication 1. Server replies sending its digital certificate to the client 2. Client validates the server’s certificate using its trusted root store 3. Client sends some random data to the server; server encrypts the data using its private key; client decrypts data validating that server has access to the private key • Globus uses SSL/TLS to accomplish mutual authentication
  • 11. Background: Cross-certification • Top section I: UAB I: UVA S: UAB S: UVA – Traditional hierarchical validation example I: UAB I: UVA S: User-2 S: User-1 • Bottom section – Validation using cross I: UAB I: UVA certification example S: UAB S: UVA – UVA signed a certificate I: UAB Cross I: UVA request from the UAB CA S: UVA Certs S: UAB – UAB signed a certificate request from the UVA CA I: UVA I: UAB S: User-1 S: User-2