Security Mechanisms The European DataGrid Project Team .
-
Upload
alexia-simmons -
Category
Documents
-
view
218 -
download
0
Transcript of Security Mechanisms The European DataGrid Project Team .
Security Mechanisms
The European DataGrid Project Team
http://www.eu-datagrid.org
Security Tutorial - n° 2Torino, 5-6/12/02
Contents
Concepts of Cryptography
Digital Certificates
Security problems (and solution) of the Grid
EDG user authentication (practical guide)
EDG authorization (overview)
Security Tutorial - n° 3Torino, 5-6/12/02
Security Needs
Authentication establish the identity of an entity (user, process, host,
service, ...)
Confidentiality a third party cannot understand the communication
Integrity data is not modified during communication
Non-repudiation the sender cannot claim he didn’t send the data
Authorization establish the rights of the entity
Security Tutorial - n° 4Torino, 5-6/12/02
Cryptography
Mathematical tool that provides some important building blocks for the implementation of a security infrastructure
Terminology
Plaintext: M
Cyphertext: C
Encryption with key K1 : E K1(M) = C
Decryption with key K2 : D K2(C) = M
Algorithms
Symmetric: K1 = K2
Public Key (asymmetric): K1 ≠ K2
K2K1
EncryptionEncryption DecryptionDecryptionM C M
Security Tutorial - n° 5Torino, 5-6/12/02
Symmetric Algoritms
The same key is used for encryption and decryption
fast how to distribute the keys? the number of keys is O(n2)
Examples: DES 3DES Rijndael (AES) Blowfish
A B
ciao
3$r ciao
A B
ciao
3$r ciao
3$r
3$r
Security Tutorial - n° 6Torino, 5-6/12/02
Public Key Algorithms Every user has two keys: one
private and one public: it is practically impossible to
derive the private key from the public one;
a message encrypted by one key can be decripted only by the other one.
No exchange of secrets is necessary
the sender cyphers using the public key of the receiver;
the receiver decripts using his private key;
the number of keys is O(n).
Examples: Diffie-Helmann (1977) RSA (1978)
B’s keys
public private
A’s keys
public private
A B
ciao
3$r ciao
A B
ciao
cy7 ciao
3$r
cy7
Security Tutorial - n° 7Torino, 5-6/12/02
One-Way Hash Functions
Functions (H) that given as input a variable-length message (M) produce as output a string of fixed length (h) the length of h must be at least 128 bits (to avoid birthday
attacks)
1. given M, it must be easy to calculate H(M) = h
2. given h, it must be difficult to calculateM = H-1(h)
3. given M, it must be difficult to find M’ such that H(M) = H(M’)
Examples: SNEFRU: hash of 128 or 256 bits; MD4/MD5: hash of 128 bits; SHA (Standard FIPS): hash of 160 bits.
Security Tutorial - n° 8Torino, 5-6/12/02
Digital Signature A calculates the hash of the
message and he encrypts it using his private key: the encrypted hash is the digital signature.
A sends the signed message to B.
B calculates the hash of the message and verifies it with the one received by A and decyphered with A’s pubblic key.
If the thwo hashes are equal, the message wasn’t modified and A cannot repudiate it.
A’s keys
public private
B
hash (B)
hash (A)
= ?
ciao
A
ciao ciaohash (A)
Security Tutorial - n° 9Torino, 5-6/12/02
Digital Certificates
A’s digital signature is safe if:
1. A’s private key is not compromised
2. B knows A’s public key
How can B be sure that A’s public key is really A’s public key and not someone else’s? A third party guarantees the correspondence between public
key and owner’s identity, by signing a document which contains the owner’s identity and his public key (Digital Certificate)
Both A and B must trust this third party
Two models: X.509: hierarchical organization; PGP: “web of trust”.
Security Tutorial - n° 10Torino, 5-6/12/02
PGP “web of trust”
A
B
C
D
E
F
F knows D and E, who knows A and C, who knows A and B.
F is reasonably sure that the key from A is really from A.
Security Tutorial - n° 11Torino, 5-6/12/02
X.509 Certificates
The “third party” is called Certification Authority (CA).
An X.509 Certificate contains: identity of the owner; time of validity; owner’s public key; info on the Certification Authority; digital signature of the Certification Authority.
Certificates are published in a directory (e.g. LDAP or WWW) managed by the CA
CA’s periodically publish a list of compromised certificates
Certificate Revocation Lists (CRL) Online Certificate Status Protocol (OCSP).
Security Tutorial - n° 12Torino, 5-6/12/02
Certificate Chains
Per: INFN CA
Firma: INFN CA
Per: Verisign
Firma: Verisign
Per: AltraCA
Firma: Verisign
Per:Leo
Firma:AltraCA
Per:Silvia
Firma:AltraCA
Per:Carlo
Firma:INFNCA
CA’s have their own certificates, too.
A CA can guarantee for other CA’s by signing their certificates
At the top there is a self-signed certificate (root certificate).
CA certificate are widely publicized and so difficult to forge.
Security Tutorial - n° 13Torino, 5-6/12/02
Security Tutorial - n° 14Torino, 5-6/12/02
The problems of grid security The user population is large and dynamic
the same user will have different credentials and accounts at different sites;
the same user may have a regular account at some site, while at others a dynamically assigned one
Users want to authenticate themselves to the Grid only once (single sign-on)
The resources being used may be valuable.
The data to process may be sensitive (e.g. medical data).
The set of resources required by a process may be large, dynamic, and unpredictable.
Resources may belong to different administrative domains, each with its own specific policies.
Security mechanisms must not override local policies.
Security Tutorial - n° 15Torino, 5-6/12/02
Grid Security Infrastructure (GSI)
Based on an X.509 PKI: every user/host/service has an X.509 certificate; certificates are signed by trusted (by the local sites) CA’s; every Grid transaction is mutually authenticated:
1. user sends his certificate;
2. other end sends user a challenge string;
3. user encodes the challenge string with his private key;
4. the public key is used to decode the challenge.
Private keys must be stored only in protected places, and only in encrypted form.
Security Tutorial - n° 16Torino, 5-6/12/02
X.509 Proxy Certificate
A Proxy is a special type of X.509 certificate, signed by the normal end entity cert (or by another proxy).
It allows process to act on behalf of user, supporting single sign-on and delegation
if there is a need to have agents requesting services on behalf of the user, avoids the need to re-enter the user's pass phrase
the Subject of the proxy contains the Subject of the signing cert
It reduces exposure of user’s private key
It is created by the grid-proxy-init command
The private key of the Proxy is not encrypted: stored in local file protected by file system security: must be
readable only by the owner; proxy lifetime is short (typically 12 h) to minimize security
risks.
Security Tutorial - n° 17Torino, 5-6/12/02
Delegation Proxy creation can be recursive
each time a new private key and new X.509 proxy certificate, signed by the original key
Allows remote process to act on behalf of the user
Avoids sending passwords or private keys across the network
The proxy may be a “Restricted Proxy”: a proxy with a reduced set of privileges (e.g. cannot submit jobs).
Security Tutorial - n° 18Torino, 5-6/12/02
Site A(Kerberos)
Site A(Kerberos)
Site B (Unix)
Site B (Unix)
GSI interface GSI interface
Remote processcreation
requests*
* with mutual authentication
Site C(Kerberos)
Site C(Kerberos)
User
Single sign-on& generation of proxy cred. User Proxy
Proxycredential
Storagesystem
Communication*
GSI-enabledFTP server
AuthorizeMap to local idAccess file
Remote fileaccess
request*
Process
Kerberosticket
Restrictedproxy
Process
Restrictedproxy
Local id
Local id
AuthorizeMap to local idCreate processGenerate credentials
AuthorizeMap to local idCreate process
Generate credentials
Job Execution
from The Globus Toolkit™:Security Services, http://www.globus.org/
from The Globus Toolkit™:Security Services, http://www.globus.org/
Or: retrieval of proxy cred.
from online repository
Security Tutorial - n° 19Torino, 5-6/12/02
Authentication/Authorization
Authentication 16 national certification authorities
+ CrossGrid CA’s policies & procedures mutual trust users identified by certificates
Authorization Based on Virtual Organizations (VO). Management tools for
VO membership lists. 10+2 Virtual Organizations
VO’s
ALICE Earth Obs.
ATLAS Biomedical
BaBar D0
Genomics
Medical Im.
CMS Testbed
LHCb Tutorial
CA’s
CERN
CESNET
CNRS (3)
GermanGrid
Grid-Ireland
INFN
NIKHEF
NorduGrid
LIP
Russian DataGrid
DATAGRID-ES
GridPP (UK)
US–DOE Root CA
US-DOE Sub CA
CrossGrid (*)
Security Tutorial - n° 20Torino, 5-6/12/02
EDG AA Overview
User requests a certificate from his CA [yearly]
User registers himself in the EDG LDAP-VO [once]
User generates a proxy certificate (short lifetime) [daily]
Host/service requests a certificate [yearly]
Local site retrieves the trusted CA’s certificates [periodically] and their CRL’s [daily]
Local site generates a gridmap-file from the LDAP database for authorization and mapping [daily]
User contacts a service: they exchange their certificates to authenticate each other; the service bases its authorization decision on the gridmap-file
Security Tutorial - n° 21Torino, 5-6/12/02
Requesting a certificate (batch)
grid-cert-requestA certificate request and private key is being created.[...]Using configuration from /usr/local/grid/globus/etc/globus-user-ssleay.confGenerating a 1024 bit RSA private key[...]A private key and a certificate request has been generated with the subject:/O=Grid/O=CERN/OU=cern.ch/CN=Akos Frohner[...]Your private key is stored in .../.globus/userkey.pemYour request is stored in .../.globus/usercert_request.pemPlease e-mail the certificate request to the CERN CA
cat .../.globus/usercert_request.pem | mail [email protected]
Your certificate will be mailed to you within two working days.
Security Tutorial - n° 22Torino, 5-6/12/02
Requesting a certificate (online)
Online procedure: donwload your CA certificate; fill the online request form; wait for the identity check by the CA; download the certificate.
Protect the certificate.
Export the certificate and make a backup copy.
Security Tutorial - n° 23Torino, 5-6/12/02
Download the INFN CA cert 1/2
http://security.fi.infn.it/CA/
Click on Certificato INFN CA
ignore warning messages about connecting to an unknow site...
Click on Scarica Certificato
Security Tutorial - n° 24Torino, 5-6/12/02
Download the INFN CA cert 2/2
Netscape: select all the three
options
Explorer: save with
extension .der double-click on the file
name and click on Installa certificato
choose the default answer in all the following questions
Verify that the certificate is among the “root certificates”
Explore
r
Netscap
e
Security Tutorial - n° 25Torino, 5-6/12/02
Fill the online request form
http://security.fi.infn.it/CA/
Click on Richiesta certificati
Fill the details of the owner: Nome sezione; Nome e Cognome; E-mail, it must be the official
one, [email protected].
Click on Sottometti Richiesta.
After the identity checks, you’ll receive an e-mail with the instructions for the download.
Security Tutorial - n° 26Torino, 5-6/12/02
Download the certificate
Open the URL in the mail from INFN-CA with the same browser used to submit the request
Verify that the certificate appears in the browser DB
Netscape
Security Tutorial - n° 27Torino, 5-6/12/02
Protect the certificate
Your certificate must be password protected to avoid unauthorized use
Netscape
Security Tutorial - n° 28Torino, 5-6/12/02
Export the certificate
Export the certificate (extension .p12) and save a copy on a floppy (two is better...).The copy can be imported in another browser.
Protect the copy with a good password (it will be asked during the export procedure)
Convert the certificatefor use by the globus toolkit: openssl pkcs12 -nocerts\ –in user.p12 \ –out ~/.globus/userkey.pem openssl pkcs12 –clcerts \ -nokeys \ –out ~/.globus/usercert.pem
Netscap
e
Explore
r
Security Tutorial - n° 29Torino, 5-6/12/02
Registration Users must accept the EDG
usage guidelines and be registered in an EDG VO
If you don’t have your certificate in a browser:
convert the certificateopenssl pkcs12 –export \ –in ~/.globus/usercert.pem \ –inkey ~/.globus/userkey.pem \ –out user.p12 –name ’M. Rossi’
import your certificate in your browser
Sign the usage guidelines open the following URL
and click on “Accept”: https://marianne.in2p3.fr/cgi-bin/datagrid/register/account.pl
Ask an account from your VO administrator.
Security Tutorial - n° 30Torino, 5-6/12/02
Starting a grid session „login”:grid-proxy-initYour identity: /C=IT/O=INFN/CN=M.Rossi/[email protected] GRID pass phrase for this identity: *********Creating proxy ........................................ DoneYour proxy is valid until Fri Nov 29 02:44:51 2002
the proxy is stored in /tmp/x509up_uxxx
You can now use use the grid services.
„logout”:grid-proxy-destroy
Security Tutorial - n° 31Torino, 5-6/12/02
Proxy certificate structure
openssl x509 -text -noout -in /tmp/x509up_u504 Data: Version: 3 (0x2) Serial Number: 981 (0x3d5) Signature Algorithm: md5WithRSAEncryption Issuer: C=IT,O=INFN,CN=M.Rossi/[email protected] Validity Not Before: Nov 28 14:14:57 2002 GMT Not After : Nov 29 02:19:57 2002 GMT Subject: C=IT,O=INFN,CN=M.Rossi/[email protected], CN=proxy Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (512 bit) Modulus (512 bit): ...................................... Exponent: 65537 (0x10001) Signature Algorithm: md5WithRSAEncryption ......................................
Security Tutorial - n° 32Torino, 5-6/12/02
Authorization: the present Based on VO LDAP servers
Each VO manages an LDAP Directory Only groups provided, no roles Secure web interface for EDG AUP signing
Mapping X509 credentials user at local site Each site periodically generates (mkgridmap) a “grid-
mapfile” (mapping DN username). Dynamic mapping available (gridmapdir). Mapping customizable by the local site managers.
Security Tutorial - n° 33Torino, 5-6/12/02
grid-mapfile generationo=testbed,dc=eu-datagrid, dc=org
CN=Franz Elmer
ou=People
CN=John Smith
mkgridmap
grid-mapfile
VOVODirectoryDirectory
““AuthorizatioAuthorizationn
Directory”Directory”
CN=Mario Rossi
o=xyz,dc=eu-datagrid, dc=org
CN=Franz ElmerCN=John Smith
Authentication Certificate
Authentication Certificate
Authentication Certificate
ou=People
ou=Testbed1
ou=???
local users ban list
Security Tutorial - n° 34Torino, 5-6/12/02
Authorization: the future Virtual Organization Membership Service (VOMS)
Grants authorization data to users at VO level Each VO has its own VOMS
Local Centre Authorization Service (LCAS) Handles authorization requests to local fabric
Local Credential Mapping Service (LCMAPS) Provides local credentials needed for jobs in fabric
Grid ACL (GACL) library Provides DN based ACL’s
Security Tutorial - n° 35Torino, 5-6/12/02
VOMS Operations
Authentication
Request
AuthDB
C=IT/O=INFN /L=CNAF/CN=Pinco Palla/CN=proxy
User’sattribu
tes
User’sattribut
es
1. Mutual authentication Client-Server
2. Client sends request to Server
3. Server checks correctness of request
4. Server sends back the required info, signed by itself
5. Client repeats process for other VOMS’s
6. Client creates a proxy certificate containing all the info received into a (non critical) extension
Security Tutorial - n° 36Torino, 5-6/12/02
LCAS / LCMAPS LCAS
Handles authorization requests to local fabric Authorization decisions based on proxy user certificate and
job specification Supports gridmap-file mechanism Plug-in framework (hooks for external authorization plug-ins)
LCMAPS Provides local credentials needed for jobs in fabric
Accepts requests validated by LCAS Returns, if any, local credentials already assigned to user or
generates new ones.
Replaces gridmap(dir), but keeps functionality
Security Tutorial - n° 37Torino, 5-6/12/02
EDG gatekeeper
TLS auth
LCAS (so)
assist_gridmap
Jobmanager-*
Gatekeeper
TLS auth
LCAS client
apply creds *
Jobmanager-*
Gatekeeper LCAS
ACL
timeslot
gridmap
config
LCMAPS clntLCMAPS
role2uid
role2afs
config
* And store in job repository
Id
Yes/no
Id
credlist
NOW EDG1.4, EDG2.x
By Martijn Steenbakkers (EDG WP4)
Security Tutorial - n° 38Torino, 5-6/12/02
Further Information
Grid
EDG CAs: http://marianne.in2p3.fr/datagrid/ca
EDG Security Requirements: http://edms.cern.ch/document/340234
GGF Security Area: http://www.gridforum.org/security/
Grid Security Infrastructure (GSI): http://www.globus.org/security/
Background
Bruce Schneier,Applied Cryptography: Protocols, Algorithms and Source Code in C, John Wiley & Sons.
Generic Security Services Application Programming Interface (GSSAPI): http://www.faqs.org/faqs/kerberos-faq/general/section-84.html
S. Tuecke et al., Internet X.509 Public Key Infrastructure Proxy Certificate Profile, draft-ietf-pkix-proxy-03.