Abstract
Security in computational Grids is mainly based on Grid Security Infrastructure (GSI) for authentication and Virtual Organization Membership Service for authorization. Although these mechanisms provide the required level of security, they lack in performance due to their dependence on public key cryptography. In our proposed security architecture we use a Kerberos-based approach (symmetric cryptography) to establish common secrets between grid services (exposed as web services) and clients. The architecture does not nullify GSI and VOMS, but allows a full mapping of GSI-VOMS to Kerberos credentials. The security architecture was designed to meet the specific quality of service (QoS) for nearly real-time control of distributed instruments that belong to different organizations by minimizing the impact of security processing. It is based on GSI and VOMS certificates for the initial login, translates them into Kerberos credentials for authentication and provides message level security implementing the OASIS Kerberos Token Profile. The security performance of our implementation, as shown in our measurements, outperforms the one when X509 Token Profile is used.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
R. Alfieri et al., “VOMS, an authorization system for virtual organizations”, Presented at the 1st European Across Grids Conf., Santiago de Compostela, Spain, Feb. 14, 2003.
R. Alfieri, R Cecchini, V. Ciaschini, F. Spataro, L. Dell’Agnello, A. Frohner, K. Lorentey, “From gridmap-file to VOMS: managing authorization in a Grid environment”, Future Generation Computer Systems, Vol. 21, no. 4, pp. 549–558. Apr. 2005.
Apache AXIS – http://ws.apache.org/axis/
Apache WSS4J – http://www.ws.apache.org/wss4j.
C. Coarfa, P. Druschel and D.S. Wallach, “Performance analysis of TLS web servers”, 9th Network and Systems Security Symposium, pp. 553–558, 2002.
I. Foster, C. Kesselman, S. Tuecke: “The anatomy of the grid: enabling scalable virtual organizations”, International Journal of Supercomputer Applications, Vol. 15, no. 3, pp. 200–222, 2001.
GRIDCC Project web site – www.gridcc.org
Heimdal Kerberos Server – http://www.pdc.kth.se/heimdal/.
IETF RFC 1510 – The Kerberos Network Authentication Service (V5).
IETF RFC 1508 – Generic Security Service Application Program Interface.
IETF RFC 2459 – Internet X.509 Public Key Infrastructure Certificate and CRL Profile.
IETF RFC 3820 – Internet X.509 Public Key Infrastructure (PKI) Proxy Certificate Profile.
IETF RFC 4556 – Public Key Cryptography for Initial Authentication in Kerberos (PKINIT).
A. Moralis, A. Lenis, M. Grammatikou, S. Papavassiliou, V. Maglaris, “A distributed Kerberized access architecture for real time grids”, 4th International Workshop on Security in Information Systems WOSIS, 2006.
R. Needham, M. Schroeder, “Using encryption for authentication in large networks of computers”, Communications of the ACM, Vol. 21, no. 12, pp. 993–999, Dec. 1978.
Oasis WS Security Standards – http://www.oasis-open.org/specs/index.php#wssv1.1
Open Grid Forum – http://nfdump.sourceforge.net/.
L. Pearlman, V. Welch, I. Foster, K. Kesselman, S. Tuecke, “A community authorization service for group collaboration”, IEEE Workshop on Policies for Distributed Systems and Networks, 2002.
The European Policy Management Authority for Grid Authentication in e-Science – http://www.eugridpma.org/
W3C Web Services Activity – http://www.w3.org/2002/ws/
WS Security Kerberos Token Profile – http://www.oasis-open.org/committees/download. php/16788/wss-v1.1-spec-os-KerberosTokenProfile.pdf
WS-Security X509 Token Profile – http://www.oasis-open.org/committees/download. php/16785/wss-v1.1-spec-os-x509TokenProfile.pdf
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer Science+Business Media, LLC
About this paper
Cite this paper
Moralis, A., Pouli, V., Grammatikou, M., Papavassiliou, S., Maglaris, V. (2009). Improving the Security Performance in Computer Grids. In: Davoli, F., Meyer, N., Pugliese, R., Zappatore, S. (eds) Grid Enabled Remote Instrumentation. Signals and Communication Technology. Springer, New York, NY. https://doi.org/10.1007/978-0-387-09663-6_24
Download citation
DOI: https://doi.org/10.1007/978-0-387-09663-6_24
Publisher Name: Springer, New York, NY
Print ISBN: 978-0-387-09662-9
Online ISBN: 978-0-387-09663-6
eBook Packages: EngineeringEngineering (R0)