Security Mechanisms

The European DataGrid Project Team http://www.eu-datagrid.org

Contents
    

Concepts of Cryptography Digital Certificates Security problems (and solution) of the Grid EDG user authentication (practical guide) EDG authorization (overview)

Torino, 5-6/12/02

Security Tutorial - n 2

Security Needs


Authentication


establish the identity of an entity (user, process, host, service, ...)

Confidentiality


a third party cannot understand the communication

Integrity


data is not modified during communication

Non-repudiation


the sender cannot claim he didnt send the data

Authorization


establish the rights of the entity

Torino, 5-6/12/02

Security Tutorial - n 3

Cryptography
K1 K2

M


Encryption

Decryption

Mathematical tool that provides some important building blocks for the implementation of a security infrastructure Terminology


Plaintext: M Cyphertext: C Encryption with key K1 : E

K1(M)

=C

Decryption with key K2 : D K2(C) = M

Algorithms


Symmetric: K1 = K2 Public Key (asymmetric): K1 K2

Torino, 5-6/12/02

Security Tutorial - n 4

Symmetric Algoritms


The same key is used for encryption and decryption



A
ciao 3$r

B
3$r ciao

fast how to distribute the keys? the number of keys is O(n2)

Examples:


A
ciao 3$r

B
3$r ciao

DES 3DES Rijndael (AES) Blowfish

Torino, 5-6/12/02

Security Tutorial - n 5

Public Key Algorithms



Every user has two keys: one private and one public:


it is practically impossible to derive the private key from the public one; a message encrypted by one key can be decripted only by the other one.

A
ciao 3$r

B
3$r ciao

No exchange of secrets is necessary



A
ciao cy7

B
cy7 ciao

the sender cyphers using the public key of the receiver; the receiver decripts using his private key; the number of keys is O(n). Diffie-Helmann (1977) RSA (1978) As keys Bs keys

Examples:


public private

public private

Torino, 5-6/12/02

Security Tutorial - n 6

One-Way Hash Functions



Functions (H) that given as input a variable-length message (M) produce as output a string of fixed length (h)


the length of h must be at least 128 bits (to avoid birthday attacks) given M, it must be easy to calculate H(M) = h given h, it must be difficult to calculate M = H-1(h) given M, it must be difficult to find M such that H(M) = H(M)

1.

2.

3.

Examples:


SNEFRU: hash of 128 or 256 bits; MD4/MD5: hash of 128 bits; SHA (Standard FIPS): hash of 160 bits.

Torino, 5-6/12/02

Security Tutorial - n 7

Digital Signature


A calculates the hash of the message and he encrypts it using his private key: the encrypted hash is the digital signature. A sends the signed message to B. B calculates the hash of the message and verifies it with the one received by A and decyphered with As pubblic key. If the thwo hashes are equal, the message wasnt modified and A cannot repudiate it.

A
ciao ciao
hash (A)

As keys

B
hash (B)

ciao

public private

=?
hash (A)

Torino, 5-6/12/02

Security Tutorial - n 8

Digital Certificates


As digital signature is safe if:

1. 2.

As private key is not compromised B knows As public key

How can B be sure that As public key is really As public key and not someone elses?


A third party guarantees the correspondence between public key and owners identity, by signing a document which contains the owners identity and his public key (Digital Certificate) Both A and B must trust this third party

Two models:


X.509: hierarchical organization; PGP: web of trust.

Torino, 5-6/12/02

Security Tutorial - n 9

PGP web of trust

D F

C E A
 

F knows D and E, who knows A and C, who knows A and B. F is reasonably sure that the key from A is really from A.
Security Tutorial - n 10

Torino, 5-6/12/02

X.509 Certificates
 

The third party is called Certification Authority (CA). An X.509 Certificate contains:


identity of the owner; time of validity; owners public key; info on the Certification Authority; digital signature of the Certification Authority.

Certificates are published in a directory (e.g. LDAP or WWW) managed by the CA CAs periodically publish a list of compromised certificates


Certificate Revocation Lists (CRL) Online Certificate Status Protocol (OCSP).

Torino, 5-6/12/02

Security Tutorial - n 11

Certificate Chains

Per: Verisign Firma: Verisign Per: INFN CA Firma: INFN CA

CAs have their own certificates, too. A CA can guarantee for other CAs by signing their certificates At the top there is a selfsigned certificate (root certificate). CA certificate are widely publicized and so difficult to forge.


Per: AltraCA Firma: Verisign

Per:Carlo Firma:INFNCA

Per:Silvia Firma:AltraCA

Per:Leo Firma:AltraCA

Torino, 5-6/12/02

Security Tutorial - n 12

The problems of grid security



The user population is large and dynamic



the same user will have different credentials and accounts at different sites; the same user may have a regular account at some site, while at others a dynamically assigned one

Users want to authenticate themselves to the Grid only once (single sign-on) The resources being used may be valuable. The data to process may be sensitive (e.g. medical data). The set of resources required by a process may be large, dynamic, and unpredictable. Resources may belong to different administrative domains, each with its own specific policies. Security mechanisms must not override local policies.
Security Tutorial - n 13

  

Torino, 5-6/12/02

Grid Security Infrastructure (GSI)



Based on an X.509 PKI:



every user/host/service has an X.509 certificate; certificates are signed by trusted (by the local sites) CAs; every Grid transaction is mutually authenticated:
1. user sends his certificate; 2. other end sends user a challenge string; 3. user encodes the challenge string with his private key; 4. the public key is used to decode the challenge.

Private keys must be stored only in protected places, and only in encrypted form.

Torino, 5-6/12/02

Security Tutorial - n 14

X.509 Proxy Certificate



A Proxy is a special type of X.509 certificate, signed by the normal end entity cert (or by another proxy). It allows process to act on behalf of user, supporting single sign-on and delegation


if there is a need to have agents requesting services on behalf of the user, avoids the need to re-enter the user's pass phrase


the Subject of the proxy contains the Subject of the signing cert

  

It reduces exposure of users private key It is created by the grid-proxy-init command The private key of the Proxy is not encrypted:


stored in local file protected by file system security: must be readable only by the owner; proxy lifetime is short (typically 12 h) to minimize security risks.

Torino, 5-6/12/02

Security Tutorial - n 15

Delegation


Proxy creation can be recursive



each time a new private key and new X.509 proxy certificate, signed by the original key

  

Allows remote process to act on behalf of the user Avoids sending passwords or private keys across the network The proxy may be a Restricted Proxy: a proxy with a reduced set of privileges (e.g. cannot submit jobs).

Torino, 5-6/12/02

Security Tutorial - n 16

Job Execution
User
Single sign-on & generation of proxy cred. Or: retrieval of proxy cred. from online repository User Proxy
Proxy credential

from The Globus Toolkit: Security Services, http://www.globus.org/

Remote process creation requests*

Authorize GSI interface Map to local id Create process Generate credentials

Site A (Kerberos) Process

Kerberos ticket

GSI interface

Authorize Map to local id Create process Generate credentials

Site B (Unix)

Local id Restricted proxy

Communication* Remote file access request* Site C (Kerberos)

GSI-enabled FTP server
Authorize Map to local id Access file

Process
Local id Restricted proxy

* with mutual authentication

Storage system

Torino, 5-6/12/02

Security Tutorial - n 17

Authentication/Authorization


Authentication


CAs CERN CESNET CNRS (3) GermanGrid Grid-Ireland INFN NIKHEF NorduGrid LIP VOs ALICE ATLAS BaBar Genomics CMS LHCb Earth Obs. Biomedical D0 Medical Im. Testbed Tutorial Russian DataGrid DATAGRID-ES GridPP (UK) USDOE Root CA US-DOE Sub CA CrossGrid (*)

16 national certification authorities + CrossGrid CAs policies & procedures mutual trust users identified by certificates

Authorization


Based on Virtual Organizations (VO). Management tools for VO membership lists. 10+2 Virtual Organizations

Torino, 5-6/12/02

Security Tutorial - n 18

EDG AA Overview
    

User requests a certificate from his CA [yearly] User registers himself in the EDG LDAP-VO [once] User generates a proxy certificate (short lifetime) [daily] Host/service requests a certificate [yearly] Local site retrieves the trusted CAs certificates [periodically] and their CRLs [daily] Local site generates a gridmap-file from the LDAP database for authorization and mapping [daily] User contacts a service: they exchange their certificates to authenticate each other; the service bases its authorization decision on the gridmap-file

Torino, 5-6/12/02

Security Tutorial - n 19

Requesting a certificate (batch)



grid-cert-request
A certificate request and private key is being created. [...] Using configuration from /usr/local/grid/globus/etc/globususer-ssleay.conf Generating a 1024 bit RSA private key [...] A private key and a certificate request has been generated with the subject: /O=Grid/O=CERN/OU=cern.ch/CN=Akos Frohner [...] Your private key is stored in .../.globus/userkey.pem Your request is stored in .../.globus/usercert_request.pem Please e-mail the certificate request to the CERN CA

cat .../.globus/usercert_request.pem | mail cernglobus-ca@cern.ch Your certificate will be mailed to you within two working days.

Torino, 5-6/12/02

Security Tutorial - n 20

Requesting a certificate (online)



Online procedure:


donwload your CA certificate; fill the online request form; wait for the identity check by the CA; download the certificate.

 

Protect the certificate. Export the certificate and make a backup copy.

Torino, 5-6/12/02

Security Tutorial - n 21

Download the INFN CA cert



1/2

http://security.fi.infn.it /CA/ Click on Certificato INFN CA



ignore warning messages about connecting to an unknow site...

Click on Scarica Certificato

Torino, 5-6/12/02

Security Tutorial - n 22

Download the INFN CA cert



2/2

Netscape:


select all the three options

Explorer:


save with extension .der double-click on the file name and click on Installa certificato choose the default answer in all the following questions

Verify that the certificate is among the root certificates

Torino, 5-6/12/02

Security Tutorial - n 23

Fill the online request form

  

http://security.fi.infn.it/CA/ Click on Richiesta certificati Fill the details of the owner:



Nome sezione; Nome e Cognome; E-mail, it must be the official one, Nome.Cognome@sezione.infn.it.

 

Click on Sottometti Richiesta. After the identity checks, youll receive an e-mail with the instructions for the download.

Torino, 5-6/12/02

Security Tutorial - n 24

Download the certificate



Open the URL in the mail from INFN-CA with the same browser used to submit the request Verify that the certificate appears in the browser DB

Torino, 5-6/12/02

Security Tutorial - n 25

Protect the certificate



Your certificate must be password protected to avoid unauthorized use

Torino, 5-6/12/02

Security Tutorial - n 26

Export the certificate



Export the certificate (extension .p12) and save a copy on a floppy (two is better...).The copy can be imported in another browser. Protect the copy with a good password (it will be asked during the export procedure) Convert the certificate for use by the globus toolkit: openssl pkcs12 -nocerts\ in user.p12 \ out ~/.globus/userkey.pem openssl pkcs12 clcerts \ -nokeys \ out ~/.globus/usercert.pem

Torino, 5-6/12/02

Security Tutorial - n 27

Registration


Users must accept the EDG usage guidelines and be registered in an EDG VO If you dont have your certificate in a browser:


convert the certificate

openssl pkcs12 export \ in ~/.globus/usercert.pem \ inkey ~/.globus/userkey.pem \ out user.p12 name M. Rossi


import your certificate in your browser

Sign the usage guidelines



open the following URL and click on Accept: https://marianne.in2p3.fr/cgibin/datagrid/register/account.pl

Ask an account from your VO administrator.

Security Tutorial - n 28

Torino, 5-6/12/02

Starting a grid session



login: grid-proxy-init

Your identity: /C=IT/O=INFN/CN=M.Rossi/Email=M.Rossi@infn.it Enter GRID pass phrase for this identity: ********* Creating proxy ........................................ Done Your proxy is valid until Fri Nov 29 02:44:51 2002


the proxy is stored in /tmp/x509up_uxxx

 

You can now use use the grid services. logout: grid-proxy-destroy

Torino, 5-6/12/02

Security Tutorial - n 29

Proxy certificate structure



openssl x509 -text -noout -in /tmp/x509up_u504

Data: Version: 3 (0x2) Serial Number: 981 (0x3d5) Signature Algorithm: md5WithRSAEncryption Issuer: C=IT,O=INFN,CN=M.Rossi/Email=M.Rossi@infn.it Validity Not Before: Nov 28 14:14:57 2002 GMT Not After : Nov 29 02:19:57 2002 GMT Subject: C=IT,O=INFN,CN=M.Rossi/Email=M.Rossi@infn.it, CN=proxy Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (512 bit) Modulus (512 bit): ...................................... Exponent: 65537 (0x10001) Signature Algorithm: md5WithRSAEncryption ......................................

Torino, 5-6/12/02

Security Tutorial - n 30

Authorization: the present



Based on VO LDAP servers



Each VO manages an LDAP Directory Only groups provided, no roles Secure web interface for EDG AUP signing

Mapping X509 credentials



user at local site

Each site periodically generates (mkgridmap) a grid-mapfile (mapping DN username). Dynamic mapping available (gridmapdir). Mapping customizable by the local site managers.

Torino, 5-6/12/02

Security Tutorial - n 31

grid-mapfile generation
o=xyz, dc=eu-datagrid, dc=org o=testbed, dc=eu-datagrid, dc=org

ou=People

ou=Testbed1

ou=???

ou=People

CN=Mario Rossi

CN=John Smith

CN=Franz Elmer

VO Directory

CN=John Smith

CN=Franz Elmer

Authentication Certificate

Authentication Certificate

Authentication Certificate

Authorization Directory

mkgridmap

grid-mapfile

local users

ban list

Torino, 5-6/12/02

Security Tutorial - n 32

Authorization: the future



Virtual Organization Membership Service (VOMS)



Grants authorization data to users at VO level Each VO has its own VOMS

Local Centre Authorization Service (LCAS)



Handles authorization requests to local fabric

Local Credential Mapping Service (LCMAPS)



Provides local credentials needed for jobs in fabric

Grid ACL (GACL) library



Provides DN based ACLs

Torino, 5-6/12/02

Security Tutorial - n 33

VOMS Operations
1.
Authentication

Mutual authentication ClientServer Client sends request to Server Server checks correctness of request Server sends back the required info, signed by itself Client repeats process for other VOMSs Client creates a proxy certificate containing all the info received into a (non critical) extension

2.
Request

3.
Users attribute s

4. 5.

C=IT/O=INFN Users attribute /L=CNAF s /CN=Pinco Palla /CN=proxy

Auth DB

6.

Torino, 5-6/12/02

Security Tutorial - n 34

LCAS / LCMAPS


LCAS


Handles authorization requests to local fabric Authorization decisions based on proxy user certificate and job specification Supports gridmap-file mechanism Plug-in framework (hooks for external authorization plug-ins)

LCMAPS


Provides local credentials needed for jobs in fabric

 

Accepts requests validated by LCAS Returns, if any, local credentials already assigned to user or generates new ones.

Replaces gridmap(dir), but keeps functionality

Torino, 5-6/12/02

Security Tutorial - n 35

EDG gatekeeper
NOW EDG1.4, EDG2.x

Gatekeeper
TLS auth

Gatekeeper
TLS auth Id

LCAS
config

ACL
timeslot gridmap

Yes/no

LCAS (so)

LCAS client LCMAPS clnt

assist_gridmap

apply creds * Jobmanager-*

Id LCMAPS
config credlist role2uid role2afs

Jobmanager-*

By Martijn Steenbakkers (EDG WP4)

Torino, 5-6/12/02

* And store in job repository

Security Tutorial - n 36

Further Information
Grid
   

EDG CAs: http://marianne.in2p3.fr/datagrid/ca EDG Security Requirements: http://edms.cern.ch/document/340234 GGF Security Area: http://www.gridforum.org/security/ Grid Security Infrastructure (GSI): http://www.globus.org/security/

Background


Bruce Schneier,Applied Cryptography: Protocols, Algorithms and Source Code in C, John Wiley & Sons. Generic Security Services Application Programming Interface (GSSAPI): http://www.faqs.org/faqs/kerberos-faq/general/section84.html S. Tuecke et al., Internet X.509 Public Key Infrastructure Proxy Certificate Profile, draft-ietf-pkix-proxy-03.

Torino, 5-6/12/02

Security Tutorial - n 37