project guide dr. g. sudha sadhasivam asst professor, dept of cse presented by c. geetha jini...
TRANSCRIPT
Project guide
Dr. G. Sudha SadhasivamAsst Professor, Dept of CSE
Presented by
C. Geetha Jini (07MW03)
Objective Grid Security Issues Dynamic VO in Grid Group Communication in Grid Tree Based Group Diffie Hellman Protocol Interval based Rekeying Domain to domain Communication Establishment of Trust Results Conclusion Future Work References
2
To use Tree Based Group Diffie Hellman Protocol to generate and update the group key dynamically.
To compare the performance of individual and interval based rekeying approachs.
Securing domain to domain communication by establishing trust relationship among entities.
Simulating the protocol using GridSim toolkit.
3
The activities that need to be secured in a grid environment are:
Naming and authentication Secure communication – TLS/SSL Trust, policy, and authorization Access control.
4
Virtual organizations (VOs) are collections of diverse and distributed individuals that seek to share and use diverse resources in a coordinated fashion.
Users can join into several VOs, while resource providers also partition their resources to several Vos.
5
Dynamic VO establishment◦ A VO is organized for some goal and disorganized after
the goal is achieved.◦ Users can join into or leave VOs.◦ Resource providers can join into or leave VOs.
Dynamic policy management◦ Resource providers dynamically change their resources
policies.◦ VO managers manage VO users’ rights dynamically.
Interoperability with different host environments
6
7
A binary key tree is formed. Each node v represents a secret (private) key Kv and a blinded (public) key BKv.
BKv = αKv mod p, where α and p are public parameters. Every member holds the secret keys along the key path Assume each member knows the all blinded keys in the key
tree.
0
M1 M2
2
4 6
7
1
53
8 11 12M3
M4 M5
M6
0
1
3
7
K0 = Group Key
8
Kv = (BK2v+1)K2v+2 = (αK2v+1)K2v+2 mod p
vThe secret key of a non-leaf node v can be generated by:
Kv = (BK2v+2)K2v+1 = (αK2v+2)K2v+1 mod p
2v+1 2v+2BK2v+1
BK2v+2
Kv = αK2v+1K2v+2 mod p
The secret key of a leaf node is randomly selected by the corresponding member.
9
E.g., M1 generates the group key via:
0
M1 M2
2
4 6
7
1
53
8 11 12M3
M4 M5
M6
K7, BK8 K3
K3, BK4 K1
K1, BK2 K0 (Group Key)
7
3
1
0
4
2
8
10
Rekeying (renewing the keys of the nodes) is performed at every single join/leave event to ensure backward and forward confidentiality.
A special member called sponsor is elected to be responsible for broadcasting updated blinded keys.
11
M4
0
M8 broadcasts its individual blinded key BK12 on joining.
M4 becomes the sponsor. It rekeys K5, K2 and K0 and broadcasts the blinded keys.
Now everyone can compute the new group key.
1211M4(S)
M8 joins
2
5
M8M1 M2
4 6
7
1
3
8M3
M6
13 14
M7
5
2
0
12
M4 becomes the sponsor. It rekeys the secret keys K2 and K0 and broadcasts the blinded keys.
M1, M2 and M3 compute K0 given BK2. M6 and M7 compute K2 and then K0 given BK5.
5
11 12
M4 M5
0
2
M1 M2
4 6
7
1
3
8M3
M6
13 14
M7
5
12
2
0M5 leaves
5M4(S)
13
Tree T*3
<0,0>
<1,0> <1,1>
<2,0> <2,1>
M2 M5M3
sponsor
<2,0> <2,1>
M6
sponsor
<2,0>
Tree T3
M1
<0,0>
<1,0> <1,1>
<2,1> <2,2><2,3>
M3
M4
M6sponsor
<3,0> <3,1>
M2
<3,6> <3,7>
sponsorM5
14
15
Interval-based rekeying is proposed such that rekeying is performed on a batch of join and leave requests at regular rekey intervals.
Interval-based rekeying improves system performance.
Queue-batch algorithm is used for interval based rekeying.
16
T’ is attached to node 6. M10, the sponsor, will broadcast BK6. M1 rekeys K1. M6 rekeys K2. M1 broadcasts BK1. M6 broadcasts BK2.
0
21
0
M1 M2
2
4 6
7
1
53
8 11 12M3
M4 M5
M6
23 24
M7
M8, M9, M10 joinM2, M7 leave
3 6
8M1(S)
3 6
13 14
M8 M9
T’
27 28M10(S)
17
M8
6
13 14
M9
T’
27 28M10(S)
Group key Secrecy Forward Secrecy Backward Secrecy Key Independence
18
Domain1 d1
Domain2 d2Domain3 d3
Admin
Admin Admin
1
23
4
5
VO1Group2
19
),,( AB
AB
AB
AB udb
1 AB
AB
AB udb
2
2
0,2
2
npu
whereunp
nd
np
pb
AB
AB
AB
AB
),,( ABC
ABC
ABC
ABC udb
BC
AB
AB
AB
ABC
BC
AB
ABC
BC
AB
ABC
ubudu
dbd
bbb
Trust Evaluation
Entity A’s opinion about entity B’s trustworthiness
Combining Trust
If bA > bB; dA < dB and uA < uB,
then opinion OA is over a
threshold presented by OB.
Comparing Trust
20
Initialize the GridSim Package
Create grid entities- users and resources
Build the Network topology (mesh)
Form the group
Entity joins to different domain
Evaluate trustJoins the entity to
groupJoin the entity
to group
Perform rekeying
Initialize the GridSim Package
Create grid entities- users and resources
Build the Network topology (mesh)
Form the group
Entity joins to different domain
Evaluate trustJoins the entity to
groupJoin the entity
to group
Perform rekeying
yesNo
21
Leave = 0 Leave = 5
Leave = 10
22
Leave = 10
23
24
25
26
TGDH is used for securing group communication in grid. Here each member contribute an equal share to the common
group session key. This will enhance the security and avoid the problems with centralized trust and single point failure.
In order to reduce rekeying complexity, interval based approach is carried out.
Simulations are done using GridSim toolkit. Domain to domain communication is enhanced by
establishing a trust relationship.
27
The group key management protocol can be further enhanced by coupling the session based group key with permanent private components of the group members to improve security.
Groups can be formed within a virtual organization based on trust relationships, separate keys can be generated for each group and these keys can be managed hierarchically based on trust.
The proposed system can be tested in a real grid environment using globus.
28
[1] Y. Kim, A. Perrig, and G. Tsudik. Tree-Based Group Key Agreement. ACM Trans. on Information and System Security, 7(1):60–96, Feb 2004.
[2] Distributed and Collaborative Key Agreement Protocols with Authentication and Implementation for Dynamic Peer Groups by Patrick P. C. Lee, John C. S. Lui, and David K. Y. Yau , , Vol. 14, No. 2, April 2006
[3] Grid Security Services Simulator (G3S) – A Simulation Tool for the Design and Analysis of Grid Security Solutions, Syed Naqvi, Michel Riguidel Proceedings of the First International Conference on e-Science and Grid Computing (e-Science’05) 2005 IEEE
[4] http://www.gridbus.org/gridsim[5] Ching Lin, Vijay Varadharajan and Yan Wang, Vineet Pruthi, “Enhancing Grid
Security with Trust Management”, Proceedings of the 2004 IEEE International Conference on Services Computing (SCC’04).
[6] Marty Humphrey, Mary R. Thompson, and Keith R. Jackson, Security for Grids, Proceedings of the IEEE, Vol. 93, No. 3, March 2005
29
THANK YOU
30