LATEST RELEVANT TECHNIQUES AND APPLICATIONS

Distributed Systems

Outline

Services: DNSSEC Architecture Models: Grid Network Protocols: IPv6 Design Issues: Security The Future: World Community Grid

Services: DNSSEC

DNS

Large distributed database for name-to-ip resolution (ex: DNS Query)

Was not originally designed with security in mind – naturally has security flaws: Packet interception DNS cache poisoning / Name chaining ID guessing [RFC 3833, 2004]

DNSSEC – suite of IETF specifications for securing information provided by DNS and IP. Authentication of origin Data integrity Backwards compatibility [RFC 3833,

2004]

RFC 2065 published in 1997, but problems have existed since then and are still being worked out Did not scale well for the internet Backwards compatibility Who should own TLD root keys Complexity of deployment

Proposed Standard is currently RFC 4033

Works by digitally signing DNS responses to lookups using public-key cryptography.

DNS records RRSIG, DNSKEY, DS, and NSEC DNS records created.

RRSIG is the digital signature of the response. Verified using the public key found in DNSKEY record.

DS records are for designated signers.

Start with a trusted DNS root. Look up the DS record for TLD to verify the DNSKEY records for that TLD.

Next, check if DS record for site.com exists in the TLD zone, and if so, use that to verify the DNSKEY found in the site.com zone.

Finally, verify RRSIG record found in the A records for www.site.com [RFC 4033, 2005]

Architectural Model: Grid

Grid Architecture

Use idle machine for more efficient use of the resources such as cpu, memory, storage, bandwidth, databases, etc.

Geographically dispersed Must be provisioned to determine

location, availability, and scheduling of resources. [IT Pro, 2004]

Related Terms: Comparison

Utility Computing: Leased like a utility from a company. Expect providers to switch to using grids (Sun, for example)

Cluster computing: machines usually closely coupled and connected through high speed network – generally in the same room.

P2p: considered to be an application that uses grid services for file sharing, whereas the grid can allow for sharing of any resource type.

Cloud computing: Very similar to grid. So similar it’s difficult to pull out the differences and different people state different things… Overall, many sources mention “on-

demand” for cloud computing, whereas grid computing focuses on one problem at a time. [IT Pro, 2004]

Not all applications are efficient on a grid – must have high levels of parallelism in order to be effective and overcome the overhead involved with grid computing.

Network Protocols: IPv6

Defined in 1998 by Internet Engineering Task Force (IETF), RFC 2460

Main feature is much larger number of addresses IPv4 uses 32 bits, allowing for 232

addresses, whereas IPv6 uses 128 bits (2128 addresses)

Other changes include network security, improved routing, extensibility, among others. [Geer, 2005]

http://www.fh-wedel.de

Many benefits available from the extensive amount of IP addresses. Ex: Distributed applications on cell phones Japanese windshield wipers for taxi cabs Track devices for warranties, upgrade /

repair, emergencies Smart homes [Geer, 2005]

Main difficulty is making the switch from IPv4 to IPv6. Difficult to mix the two Users generally do not feel the push to

switch, especially since NAT has become widespread

Design Issues: Security

Secure communications between two machines: Grid Security Infrastructure (GSI)

Mutual authentication Public key cryptography Certificates Single sign-on [Globus]

In grid computing, we can protect the host by: Sandboxing Virtualization Flexible kernel [Chakrabarti et. al., 2008]

Can we protect the privacy of the grid user?

The Future: World Community Grid (Or Cloud)

World Community Grid

An idea where the grid exists across the internet, and the world is all connected to the grid

Would allow millions of idle processors to be used more efficiently

Will be very difficult to achieve Security (unknown users connecting

to unknown machines) Network issues Control

References

RFC 3833: Threat Analysis of the Domain Name System, The Internet Society, August 2004

RFC 4033: DNS Security Introduction and Requirements, The Internet Society, March 2005

http://www.globus.org/security/overview.html http://www.fh-wedel.de "Grid computing 101: what's all the fuss about?," IT

Professional , vol.6, no.2, pp. 25-33, March-April 2004 D. Geer, “In Brief: IPv6 and Distributed Applications,” IEEE

Distributed Systems Online, vol. 6, no.12, December 2005 Chakrabarti, A.; Damodaran, A.; Sengupta, S., “Grid

Computing Security: A Taxonomy,” Security & Privacy, IEEE, vol. 6, no.1, pp.44-51, Jan-Feb. 2008