edg tutorial security torino

8/4/2019 EDG Tutorial Security Torino

1/37

Security Mechanisms

The European DataGrid Project Team

http://www.eu-datagrid.org


2/37

Security Tutorial - n 2Torino, 5-6/12/02

Contents

Concepts of Cryptography Digital Certificates

Security problems (and solution) of the Grid

EDG user authentication (practical guide)

EDG authorization (overview)


3/37


Security Needs

Authentication establish the identity of an entity (user, process, host, service, ...)

Confidentiality

a third party cannot understand the communication

Integrity data is not modified during communication

Non-repudiation

the sender cannot claim he didnt send the data

Authorization establish the rights of the entity


4/37


Cryptography

Mathematical tool that provides some important building blocks for the

implementation of a security infrastructure Terminology

Plaintext: M

Cyphertext: C

Encryption with key K1 : E K1(M)=C

Decryption with key K2 : D K2(C)=M

Algorithms

Symmetric: K1 = K2

Public Key (asymmetric): K1 K2

K2K1

Encryption DecryptionM C M


5/37


Symmetric Algoritms

The same key is used forencryption and decryption

fast

how to distribute the keys?

the number of keys is O(n2)

Examples:

DES

3DES

Rijndael (AES)

Blowfish

A B

ciao 3$r ciao

A B

ciao 3$r ciao3$r

3$r


6/37


Public Key Algorithms

Every user has two keys: oneprivate and one public: it is practically impossible to

derive the private key fromthe public one;

a message encrypted by onekey can be decripted only bythe other one.

No exchange of secrets isnecessary

the sender cyphers using thepublic key of the receiver;

the receiver decripts using hisprivate key;

the number of keys is O(n).

Examples: Diffie-Helmann (1977)

RSA (1978)

Bs keys

public private

As keys

public private

A B

ciao 3$r ciao

A B

ciao cy7 ciao

3$r

cy7


7/37


One-Way Hash Functions

Functions (H) that given as input a variable-length message(M) produce as output a string of fixed length (h)

the length of hmust be at least 128 bits (to avoid birthdayattacks)

1. given M, it must be easy to calculate H(M) = h

2. given h, it must be difficult to calculateM = H-1(h)

3. given M, it must be difficult to find Msuch that H(M) = H(M)

Examples:

SNEFRU: hash of 128 or 256 bits;

MD4/MD5: hash of 128 bits;

SHA (Standard FIPS): hash of 160 bits.


8/37


Digital Signature

A calculates the hash of themessage and he encrypts it usinghis private key: the encryptedhash is the digital signature.

A sends the signed message toB.

B calculates the hash of themessage and verifies it with theone received by A anddecyphered with As pubblic key.

If the thwo hashes are equal,the message wasnt modified andA cannot repudiate it.

As keys

public private

B

hash (B)

hash (A)

= ?

ciao

A

ciao ciaohash (A)


9/37


Digital Certificates

As digital signature is safe if:1. As private key is not compromised

2. B knows As public key

How can B be sure that As public key is really As public keyand not someone elses?

A third party guarantees the correspondence between public keyand owners identity, by signing a document which contains theowners identity and his public key (Digital Certificate)

Both A and B must trust this third party

Two models:

X.509: hierarchical organization;

PGP: web of trust.


10/37


PGP web of trust

A

B

C

D

E

F

F knows D and E, who knows A and C, who knows A and B.

F is reasonably sure that the key from A is really from A.


11/37


X.509 Certificates

The third party is called Certification Authority (CA). An X.509 Certificate contains:

identity of the owner;

time of validity;

owners public key; info on the Certification Authority;

digital signature of the Certification Authority.

Certificates are published in a directory (e.g. LDAP or WWW)managed by the CA

CAs periodically publish a list of compromised certificates

Certificate Revocation Lists (CRL)

Online Certificate Status Protocol (OCSP).


12/37


Certificate Chains

Per: INFN CA

Firma: INFN CA

Per: Verisign

Firma: Verisign

Per: AltraCA

Firma: Verisign

Per:Leo

Firma:AltraCA

Per:Silvia

Firma:AltraCA

Per:Carlo

Firma:INFNCA

CAs have their owncertificates, too.

ACA can guarantee forother CAs by signing theircertificates

At the top there is a self-signed certificate (rootcertificate).

CA certificate are widelypublicized and so difficult to

forge.


13/37


14/37


Grid Security Infrastructure (GSI)

Based on an X.509 PKI: every user/host/service has an X.509 certificate;

certificates are signed by trusted (by the local sites) CAs;

every Grid transaction is mutually authenticated:1. user sends his certificate;

2. other end sends user a challenge string;3. user encodes the challenge string with his private key;

4. the public key is used to decode the challenge.

Private keys must be stored only in protected places, and only inencrypted form.


15/37


X.509 Proxy Certificate

A Proxy is a special type of X.509 certificate, signed by thenormal end entity cert (or by another proxy).

It allows process to act on behalf of user, supporting singlesign-on and delegation

if there is a need to have agents requesting services on behalf of

the user, avoids the need to re-enter the user's pass phrase the Subject of the proxy contains the Subject of the signing cert

It reduces exposure of users private key

It is created by the grid-proxy-init command

The private key of the Proxy is not encrypted: stored in local file protected by file system security: must be

readable only by the owner;

proxy lifetime is short (typically 12 h) to minimize security risks.


16/37


Delegation

Proxy creation can be recursive each time a new private key and new X.509 proxy certificate, signed by the

original key

Allows remote process to act on behalf of the user

Avoids sending passwords or private keys across the network

The proxy may be a Restricted Proxy: a proxy with a reduced set ofprivileges (e.g. cannot submit jobs).


17/37


Site A(Kerberos)

Site B(Unix)

GSI interface GSI interface

Remote processcreation requests*

* with mutual authentication

Site C(Kerberos)

User

Single sign-on

& generation of proxy cred. User ProxyProxy

credential

Storagesystem

Communication*

GSI-enabledFTP server

AuthorizeMap to local idAccess file

Remote file

access request*

Process

Kerberosticket

Restrictedproxy

Process

Restricted

proxy

Local id

Local id

Authorize

Map to local idCreate processGenerate credentials

Authorize

Map to local idCreate process

Generate credentials

Job Executionfrom The Globus Toolkit:

Security Services,http://www.globus.org/

Or: retrieval of proxy cred.from online repository


18/37


19/37


EDG AA Overview

User requests a certificate from his CA [yearly] User registers himself in the EDG LDAP-VO [once]

User generates a proxy certificate (short lifetime) [daily]

Host/service requests a certificate [yearly]

Local site retrieves the trusted CAs certificates [periodically]and their CRLs [daily]

Local site generates a gridmap-file from the LDAP databasefor authorization and mapping [daily]

User contacts a service: they exchange their certificates toauthenticate each other; the service bases its authorizationdecision on the gridmap-file


20/37


Requesting a certificate (batch)

grid-cert-requestA certificate request and private key is being created.[...]Using configuration from /usr/local/grid/globus/etc/globus-

user-ssleay.confGenerating a 1024 bit RSA private key

[...]

A private key and a certificate request has been generated

with the subject:/O=Grid/O=CERN/OU=cern.ch/CN=Akos Frohner[...]

Your private key is stored in .../.globus/userkey.pemYour request is stored in .../.globus/usercert_request.pemPlease e-mail the certificate request to the CERN CA

cat .../.gl

obus

/usercert_request.pem | mail [email protected]

Your certificate will be mailed to you within two working days.


21/37


Requesting a certificate (online)

Online procedure: donwload your CA certificate;

fill the online request form;

wait for the identity check by the CA;

download the certificate.

Protect the certificate.

Export the certificate and make a backup copy.


22/37


Download the INFN CA cert 1/2

http://security.fi.infn.it/CA/

Click on CertificatoINFN CA

ignore warning messages

about connecting to anunknow site...

Click on ScaricaCertificato


23/37


Download the INFN CA cert 2/2

Netscape: select all the three

options

Explorer:

save with extension .der

double-click on the filename and click onInstalla certificato

choose the defaultanswer in all the followingquestions

Verify that thecertificate is among theroot certificates


24/37


Fill the online request form

http://security.fi.infn.it/CA/

Click on Richiesta certificati

Fill the details of the owner:

Nome sezione;

Nome e Cognome;

E-mail, it must be the officialone,[email protected].

Click on Sottometti Richiesta.

After the identity checks, youllreceive an e-mail with theinstructions for the download.


25/37


Download the certificate

Open the URL in themail from INFN-CAwith the same browserused to submit therequest

Verify that thecertificate appears inthe browser DB


26/37


Protect the certificate

Your certificate must bepassword protected to

avoid unauthorized use


27/37


28/37


Registration

Users must accept the EDG usageguidelines and be registered in anEDG VO

If you dont have your certificatein a browser:

convert the certificate

openssl pkcs12 export \in ~/.globus/usercert.pem \inkey ~/.globus/userkey.pem \out user.p12 name M. Rossi

import your certificate in your browser

Sign the usage guidelines

open the following URLand click on Accept:https://marianne.in2p3.fr/cgi-bin/datagrid/register/account.pl

Ask an account from your VOadministrator.


29/37


Starting a grid session

login:grid-proxy-initYour identity:/C=IT/O=INFN/CN=M.Rossi/[email protected] GRID pass phrase for this identity: *********Creating proxy ........................................DoneYour proxy is valid until Fri Nov 29 02:44:51 2002

the proxy is stored in /tmp/x509up_uxxx

You can now use use the grid services.

logout:grid-proxy-destroy


30/37


Proxy certificate structure

openssl

x509-te

xt -n

oout -in

/tmp

/x509up_u

504Data:Version: 3 (0x2)Serial Number: 981 (0x3d5)Signature Algorithm: md5WithRSAEncryptionIssuer: C=IT,O=INFN,CN=M.Rossi/[email protected]

Validity

Not Before: Nov 28 14:14:57 2002 GMTNot After : Nov 29 02:19:57 2002 GMTSubject: C=IT,O=INFN,CN=M.Rossi/[email protected],CN=proxySubject Public Key Info:Public Key Algorithm: rsaEncryptionRSA Public Key: (512 bit)

Modulus (512 bit):......................................

Exponent: 65537 (0x10001)Signature Algorithm: md5WithRSAEncryption

......................................


31/37


Authorization: the present Based on VO LDAP servers

Each VO manages an LDAP Directory

Only groups provided, no roles

Secure web interface for EDG AUP signing

Mapping X509 credentials user at local site

Each site periodically generates (mkgridmap) a grid-mapfile(mapping DN username).

Dynamic mapping available (gridmapdir).

Mapping customizable by the local site managers.


32/37


grid-mapfile generationo=testbed,dc=eu-datagrid,dc=org

CN=

Franz Elmer

ou=People

CN=John Smith

mkgridmap grid-mapfile

VOVO

DirectoryDirectoryAuthorizationAuthorization

DirectoryDirectory

CN=Mario Rossi

o=xyz,dc=eu-datagrid,

dc=org

CN=Franz ElmerCN=John Smith

AuthenticationCertificate



ou=People ou=Testbed1 ou=???

localusers ban list


33/37


Authorization: the future

Virtual OrganizationM

embership Service (VOMS)

Grants authorization data to users at VO level

Each VO has its own VOMS

Local Centre Authorization Service (LCAS)

Handles authorization requests to local fabric

Local Credential Mapping Service (LCMAPS)

Provides local credentials needed for jobs in fabric

Grid ACL (GACL) library

Provides DN based ACLs


34/37


VOMS Operations

Authentication

Request

AuthDB

C=IT/O=INFN/L=CNAF

/CN=Pinco Palla

/CN=proxy

Users

attribute

s

Users

attributes

1. Mutual authentication Client-Server

2. Client sends request to Server

3. Server checks correctness ofrequest

4. Server sends back the requiredinfo, signed by itself

5. Client repeats process forother VOMSs

6. Client creates a proxycertificate containing all theinfo received into a (noncritical) extension


35/37


36/37


EDG gatekeeper

TLS auth

LCAS (so)

assist_gridmap

Jobmanager-*

Gatekeeper

TLS auth

LCAS client

apply creds*

Jobmanager-*

GatekeeperLCAS

ACL

timeslot

gridmap

config

LCMAPS clntLCMAPS

role2uid

role2afs

config

* Andstorein jobrepository

IdYes/no

Id

credlist

NOW EDG1.4,EDG2.x

By Martijn Steenbakkers (EDG WP4)


37/37


Further Information

Grid EDG CAs: http://marianne.in2p3.fr/datagrid/ca

EDG Security Requirements: http://edms.cern.ch/document/340234

GGF Security Area: http://www.gridforum.org/security/

Grid Security Infrastructure (GSI): http://www.globus.org/security/Background

Bruce Schneier,Applied Cryptography: Protocols, Algorithms andSource Code in C, John Wiley & Sons.

Generic Security Services Application Programming Interface(GSSAPI): http://www.faqs.org/faqs/kerberos-faq/general/section-84.html

S. Tuecke et al., Internet X.509 Public Key Infrastructure ProxyCertificate Profile, draft-ietf-pkix-proxy-03.

edg tutorial security torino

Documents