Security on Grid Roberto Barbera Univ. of Catania and INFN SEE-GRID tutorial, Istanbul, 09-10.12.2004 Security on Grid Roberto Barbera Univ. of Catania and INFN

Overview Glossary Encryption Certificates Grid Security Symmetric algorithms Asymmetric algorithms: PKI Certificates Digital Signatures X509 certificates Grid Security Basic concepts Grid Security Infrastructure Proxy certificates Command line interfaces SEE-GRID tutorial, Istanbul, 09-10.12.2004 - 2

Overview Glossary Encryption Certificates Grid Security Symmetric algorithms Asymmetric algorithms: PKI Certificates Digital Signatures X509 certificates Grid Security Basic concepts Grid Security Infrastructure Proxy certificates Command line interfaces SEE-GRID tutorial, Istanbul, 09-10.12.2004 - 3

Glossary Principal Credentials Authentication Authorization An entity: a user, a program, or a machine Credentials Some data providing a proof of identity Authentication Verify the identity of the principal Authorization Map an entity to some set of privileges Confidentiality Encrypt the message so that only the recipient can understand it Integrity Ensure that the message has not been altered in the transmission Non-repudiation Impossibility of denying the authenticity of a digital signature SEE-GRID tutorial, Istanbul, 09-10.12.2004 - 4

Overview Glossary Encryption Certificates Grid Security Symmetric algorithms Asymmetric algorithms: PKI Certificates Digital Signatures X509 certificates Grid Security Basic concepts Grid Security Infrastructure Proxy certificates Command line interfaces SEE-GRID tutorial, Istanbul, 09-10.12.2004 - 5

Cryptography K1 Encryption Decryption M C M Mathematical algorithm that provides important building blocks for the implementation of a security infrastructure Symbology Plaintext: M Cyphertext: C Encryption with key K1 : E K1(M) = C Decryption with key K2 : D K2(C) = M Algorithms Symmetric: K1 = K2 Asymmetric: K1 ≠ K2 Symmetric Algorithms If the algorithm operates on the plaintex one bit (or byte) at a time it is called stream cipher, if it operates on blocks of bits, it is called block cipher. SEE-GRID tutorial, Istanbul, 09-10.12.2004 - 6

Public Key Infrastructure Provides authentication, integrity, confidentiality, non-repudiation Asymmetric encryption Digital signatures A hash derived from the message and encrypted with the signer’s private key Signature checked decrypting with the signer’s public key Allows key exchange in an insecure medium using a trust mode Keys trusted only if signed by a trusted third party (Certification Authority) A CA certifies that a key belongs to a given principal Certificate Public key + principal information + CA signature X.509 format most used PKI used by SSL, PGP, WS security, S/MIME, etc. Encrypted text Private Key Public Key Clear text message SEE-GRID tutorial, Istanbul, 09-10.12.2004 - 7

Symmetric Algoritms The same key is used for encryption and decryption Advantages: Fast Disadvantages: how to distribute the keys? the number of keys is O(n2) Examples: DES 3DES Rijndael (AES) Blowfish Kerberos A B ciao 3$r The lengths of the key vary from 56 bits (DES), now obsolete, to 256 bits. As computing power increases, the lengths of the key must be increased too, to avoid brute force attacks (i.e. trying all the possible keys until the right one is found). SEE-GRID tutorial, Istanbul, 09-10.12.2004 - 8

Public Key Algorithms Every user has two keys: one private and one public: it is impossible to derive the private key from the public one; a message encrypted by one key can be decripted only by the other one. No exchange of secrets is necessary the sender cyphers using the public key of the receiver; the receiver decripts using his private key; the number of keys is O(n). Examples: Diffie-Helmann (1977) RSA (1978) A B ciao 3$r cy7 The lengths of the keys, at the moment, varies from 512 bits (insecure) to 2048 bits. As the keys are much longer respect to those for symmetric algorithms, this kind of algorithms are much slower. For practical pourposes they are used togheter: first a temporary key for a symmetric algorithm is generated, which is used to encrypt the message, then the public key of the receiver is used to encrypt this key, which is sent (in encrypted form) together with the message. A’s keys B’s keys public public private private SEE-GRID tutorial, Istanbul, 09-10.12.2004 - 9

Overview Glossary Encryption Certificates Grid Security Symmetric algorithms Asymmetric algorithms: PKI Certificates Digital Signatures X509 certificates Grid Security Basic concepts Grid Security Infrastructure Proxy certificates Command line interfaces SEE-GRID tutorial, Istanbul, 09-10.12.2004 - 10

One-Way Hash Functions Functions (H) that given as input a variable-length message (M) produce as output a string of fixed length (h) the length of h must be at least 128 bits (to avoid birthday attacks) given M, it must be easy to calculate H(M) = h given h, it must be difficult to calculate M = H-1(h) given M, it must be difficult to find M’ such that H(M) = H(M’) Examples: SNEFRU: hash of 128 or 256 bits; MD4/MD5: hash of 128 bits; SHA (Standard FIPS): hash of 160 bits. SEE-GRID tutorial, Istanbul, 09-10.12.2004 - 11

Digital Signature A calculates the hash of the message A encrypts the hash using his private key: the encrypted hash is the digital signature. A sends the signed message to B. B calculates the hash of the message and verifies it with the one received by A and decyphered with A’s public key. If the two hashes are equal, the message wasn’t modified and A cannot repudiate it. A This is some message Digital Signature This is some message Hash(A) Digital Signature B This is some message Digital Signature A’s keys public private Hash(B) = ? Hash(A) SEE-GRID tutorial, Istanbul, 09-10.12.2004 - 12

Digital Certificates A’s digital signature is safe if: A’s private key is not compromised B knows A’s public key How can B be sure that A’s public key is really A’s public key and not someone else’s? A third party guarantees the correspondence between public key and owner’s identity, by signing a document which contains the owner’s identity and his public key (Digital Certificate) Both A and B must trust this third party Two models: X.509: hierarchical organization; PGP: “web of trust”. SEE-GRID tutorial, Istanbul, 09-10.12.2004 - 13

PGP “web of trust” D B F C E A F knows D and E, who knows A and C, who knows A and B. F is reasonably sure that the key from A is really from A. SEE-GRID tutorial, Istanbul, 09-10.12.2004 - 14

The “third party” is called Certification Authority (CA). X.509 The “third party” is called Certification Authority (CA). Issue certificates for users, programs and machines Check the identity and the personal data of the requestor Registration Authorities (RAs) do the actual validation CA’s periodically publish a list of compromised certificates Certificate Revocation Lists (CRL) They contain all the revoked certificates yet to expire Online Certificate Status Protocol (OCSP). CA certificates are self-signed SEE-GRID tutorial, Istanbul, 09-10.12.2004 - 15

X.509 Certificates An X.509 Certificate contains: owner’s public key; identity of the owner; info on the CA; time of validity; Serial number; digital signature of the CA Structure of a X.509 certificate Public key Subject:C=CH, O=CERN, OU=GRID, CN=Andrea Sciaba 8968 Issuer: C=CH, O=CERN, OU=GRID, CN=CERN CA Expiration date: Aug 26 08:08:14 2005 GMT Serial number: 625 (0x271) Sample user certificate Certificate: Version: 3 (0x2) Serial Number: 981 (0x3d5) Signature Algorithm: md5WithRSAEncryption Issuer: C=IT, O=INFN, CN=INFN Certification Authority Issuer (CA) Validity Not Before: Oct 10 15:50:14 2002 GMT Not After : Oct 10 15:50:14 2003 GMT Subject: C=IT,O=INFN,CN=M. Rossi/Email=M.Rossi@infn.it User’s name Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (1024 bit) User’s public key Modulus (1024 bit): 00:bf:7e:b9:91:9f:dd:07:10:aa:0f:e6:5b:dc:b6: [...] Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: critical CA:FALSE X509v3 Key Usage: critical Certificate use Digital Signature, Non Repudiation, Key Encipherment, Data Encipherment X509v3 CRL Distribution Points: CRL information URI:http://security.fi.infn.it/CA/crl.crl X509v3 Certificate Policies: Policy information Policy: 1.3.6.1.4.1.1043.10.1.1 X509v3 Subject Key Identifier: 5A:57:A5:DC:C2:76:44:E1:29:B9:C4:BC:13:58:70:2A:A0:01:37:B2 X509v3 Authority Key Identifier: keyid:CA:11:EF:5D:1D:07:04:98:A9:A5:B5:58:1A:66:4E:0A:16:2B:E0:4 DirName:/C=IT/O=INFN/CN=INFN Certification Authority serial:00 X509v3 Subject Alternative Name: email:M.Rossi@infn.it X509v3 Issuer Alternative Name: email:infn-ca@fi.infn.it, URI:http://security.fi.infn.it/CA/ Signature Algorithm: md5WithRSAEncryption Signature of the CA 76:f7:ee:d2:57:f4:99:fc:1a:73:90:ab:ae:c4:8f:dc:de:b5: [...] CA Digital signature SEE-GRID tutorial, Istanbul, 09-10.12.2004 - 16

Overview Glossary Encryption Certificates Grid Security Symmetric algorithms Asymmetric algorithms: PKI Certificates Digital Signatures X509 certificates Grid Security Basic concepts Grid Security Infrastructure Proxy certificates Command line interfaces SEE-GRID tutorial, Istanbul, 09-10.12.2004 - 17

GRID Security: the players Large and dynamic population Different accounts at different sites Personal and confidential data Heterogeneous privileges (roles) Desire Single Sign-On Users “Group” data Access Patterns Membership “Groups” Grid Sites Heterogeneous Resources Access Patterns Local policies Membership SEE-GRID tutorial, Istanbul, 09-10.12.2004 - 18

The Risks Launch attacks to other sites Large distributed farms of machines Illegal or inappropriate data distribution and access sensitive information Massive distributed storage capacity Disruption by exploiting security holes Complex, heterogeneous and dynamic environment Damage caused by viruses, worms etc. Highly connected and novel infrastructure SEE-GRID tutorial, Istanbul, 09-10.12.2004 - 19

The Grid Security Infrastructure (GSI) B Based on X.509 PKI: A’s certificate every user/host/service has an X.509 certificate; certificates are signed by trusted (by the local sites) CA’s; every Grid transaction is mutually authenticated: A sends his certificate; B verifies signature in A’s certificate; B sends to A a challenge string; A encrypts the challenge string with his private key; A sends encrypted challenge to B B uses A’s public key to decrypt the challenge. B compares the decrypted string with the original challenge If they match, B verified A’s identity and A can not repudiate it. VERY IMPORTANT Private keys must be stored only: in protected places AND in encrypted form Verify CA signature Random phrase Encrypt with A’ s private key Encrypted phrase Decrypt with A’ s public key Compare with original phrase SEE-GRID tutorial, Istanbul, 09-10.12.2004 - 20

Certificate request … more details Egee/LCG recognizes a given set of CAs https://lcg-registrar.cern.ch/pki_certificates.html How do you request a certificate depends on your CA The certificate request is created together with the certificate private key (encrypted by a pass phrase) For GILDA, have a look at the Demo Video: https://gilda.ct.infn.it/video/Certification/Allproxy.html (Flash) https://gilda.ct.infn.it/video/Certification/AllCertproxy.ram (Real) SEE-GRID tutorial, Istanbul, 09-10.12.2004 - 21

Certification Authority State of Illinois Certificate Request Cert User generates public/private key pair. CA confirms identity, signs certificate and sends back to user. Cert Request Public Key Certification Authority Cert State of Illinois ID Private Key encrypted on local disk User send public key to CA along with proof of identity. SEE-GRID tutorial, Istanbul, 09-10.12.2004 - 22

Certificate Information To get cert information run grid-cert-info [scampana@grid019:~]$ grid-cert-info -subject /C=CH/O=CERN/OU=GRID/CN=Simone Campana 7461 Options for printing cert information -all -startdate -subject -enddate -issuer -help SEE-GRID tutorial, Istanbul, 09-10.12.2004 - 23

X.509 Proxy Certificate GSI extension to X.509 Identity Certificates signed by the normal end entity cert (or by another proxy). Enables single sign-on Support some important features Delegation Mutual authentication Has a limited lifetime (minimized risk of “compromised credentials”) It is created by the grid-proxy-init command: % grid-proxy-init Enter PEM pass phrase: ****** Options for grid-proxy-init: -hours <lifetime of credential> -bits <length of key> -help SEE-GRID tutorial, Istanbul, 09-10.12.2004 - 24

grid-proxy-init User enters pass phrase, which is used to decrypt private key. Private key is used to sign a proxy certificate with its own, new public/private key pair. User’s private key not exposed after proxy has been signed User certificate file Private Key (Encrypted) Pass Phrase User Proxy Proxy placed in /tmp, read-only by user the private key of the Proxy is not encrypted: stored in local file: must be readable only by the owner; proxy lifetime is short (typically 12 h) to minimize security risks. NOTE: No network traffic! SEE-GRID tutorial, Istanbul, 09-10.12.2004 - 25

Proxy again … grid-proxy-init ≡ “login to the Grid” To “logout” you have to destroy your proxy: grid-proxy-destroy This does NOT destroy any proxies that were delegated from this proxy. You cannot revoke a remote proxy Usually create proxies with short lifetimes To gather information about your proxy: grid-proxy-info Options for printing proxy information -subject -issuer -type -timeleft -strength -help SEE-GRID tutorial, Istanbul, 09-10.12.2004 - 26

Delegation and limited proxy Delegation = remote creation of a (second level) proxy credential New key pair generated remotely on server Clients signs proxy cert and returns it Allows remote process to authenticate on behalf of the user Remote process “impersonates” the user The client can elect to delegate a “limited proxy” Each service decides whether it will allow authentication with a limited proxy Job manager service requires a full proxy GridFTP server allows either full or limited proxy to be used SEE-GRID tutorial, Istanbul, 09-10.12.2004 - 27

Long term proxy Proxy has limited lifetime (default is 12 h) Bad idea to have longer proxy However, a grid task might need to use a proxy for a much longer time Grid jobs in HEP Data Challenges on LCG last up to 2 days myproxy server: Allows to create and store a long term proxy certificate: myproxy-init -s <host_name> -d -n -s: <host_name> specifies the hostname of the myproxy server -d: server to use the subject of the certificate as the default username -n: avoids the use of a passphrase to access to the long-term proxy so the WMS can perform the renewals automatically. myproxy-get-delegation -s <host_name> Get a new proxy from the MyProxy server myproxy-destroy A dedicated service on the RB can renews automatically the proxy contacts the myproxy server SEE-GRID tutorial, Istanbul, 09-10.12.2004 - 28

GSI environment variables User certificate files: Certificate: X509_USER_CERT (default: $HOME/.globus/usercert.pem) Private key: X509_USER_KEY (default: $HOME/.globus/userkey.pem) Proxy: X509_USER_PROXY (default: /tmp/x509up_u<id>) Host certificate files: Certificate: X509_USER_CERT (default: /etc/grid-security/hostcert.pem) Private key: X509_USER_KEY (default: /etc/grid-security/hostkey.pem) Trusted certification authority certificates: X509_CERT_DIR (default: /etc/grid-security/certificates) SEE-GRID tutorial, Istanbul, 09-10.12.2004 - 29

Further Information Grid LCG Security: http://proj-lcg-security.web.cern.ch/proj-lcg-security/ LCG Registration: http://lcg-registrar.cern.ch/ Globus Security: http://www.globus.org/security/ Background GGF Security: http://www.gridforum.org/security/ GSS-API: http://www.faqs.org/faqs/kerberos-faq/general/section-84.html GSS-API: http://docsun.cites.uiuc.edu/sun_docs/C/solaris_9/ SUNWdev/GSSAPIPG/toc.html IETF PKIX charter: http://www.ietf.org/html.charters/pkix-charter.html PKCS: http://www.rsasecurity.com/rsalabs/pkcs/index.html SEE-GRID tutorial, Istanbul, 09-10.12.2004 - 30