1. Distributed Systems

2. Outline  Services: DNSSEC  Architecture Models: Grid  Network Protocols: IPv6  Design Issues: Security  The Future: World Community Grid

3. Services: DNSSEC

4. DNS  Large distributed database for name-to-ip resolution (ex: DNS Query)DNS Query  Was not originally designed with security in mind – naturally has security flaws:  Packet interception  DNS cache poisoning / Name chaining  ID guessing [RFC 3833, 2004]

5.  DNSSEC – suite of IETF specifications for securing information provided by DNS and IP.  Authentication of origin  Data integrity  Backwards compatibility [RFC 3833, 2004]

6.  RFC 2065 published in 1997, but problems have existed since then and are still being worked out  Did not scale well for the internet  Backwards compatibility  Who should own TLD root keys  Complexity of deployment  Proposed Standard is currently RFC 4033

7.  Works by digitally signing DNS responses to lookups using public-key cryptography.  DNS records RRSIG, DNSKEY, DS, and NSEC DNS records created.  RRSIG is the digital signature of the response. Verified using the public key found in DNSKEY record.  DS records are for designated signers.

8.  Start with a trusted DNS root. Look up the DS record for TLD to verify the DNSKEY records for that TLD.  Next, check if DS record for site.com exists in the TLD zone, and if so, use that to verify the DNSKEY found in the site.com zone.  Finally, verify RRSIG record found in the A records for www.site.com [RFC 4033, 2005]www.site.com

9. Architectural Model: Grid

10. Grid Architecture  Use idle machine for more efficient use of the resources such as cpu, memory, storage, bandwidth, databases, etc.  Geographically dispersed  Must be provisioned to determine location, availability, and scheduling of resources. [IT Pro, 2004]

11. Related Terms: Comparison  Utility Computing: Leased like a utility from a company. Expect providers to switch to using grids (Sun, for example)  Cluster computing: machines usually closely coupled and connected through high speed network – generally in the same room.  P2p: considered to be an application that uses grid services for file sharing, whereas the grid can allow for sharing of any resource type.

12.  Cloud computing: Very similar to grid. So similar it’s difficult to pull out the differences and different people state different things…  Overall, many sources mention “on-demand” for cloud computing, whereas grid computing focuses on one problem at a time. [IT Pro, 2004]

13.  Not all applications are efficient on a grid – must have high levels of parallelism in order to be effective and overcome the overhead involved with grid computing.

14. Network Protocols: IPv6

15.  Defined in 1998 by Internet Engineering Task Force (IETF), RFC 2460  Main feature is much larger number of addresses  IPv4 uses 32 bits, allowing for 2 32 addresses, whereas IPv6 uses 128 bits (2 128 addresses)  Other changes include network security, improved routing, extensibility, among others. [Geer, 2005]

16. http://www.fh-wedel.de

17.  Many benefits available from the extensive amount of IP addresses. Ex:  Distributed applications on cell phones  Japanese windshield wipers for taxi cabs  Track devices for warranties, upgrade / repair, emergencies  Smart homes [Geer, 2005]

18.  Main difficulty is making the switch from IPv4 to IPv6.  Difficult to mix the two  Users generally do not feel the push to switch, especially since NAT has become widespread

19. Design Issues: Security

20.  Secure communications between two machines:  Grid Security Infrastructure (GSI)  Mutual authentication  Public key cryptography  Certificates  Single sign-on [Globus]

21.  In grid computing, we can protect the host by:  Sandboxing  Virtualization  Flexible kernel [Chakrabarti et. al., 2008]  Can we protect the privacy of the grid user?

22. The Future: World Community Grid (Or Cloud)

23. World Community Grid  An idea where the grid exists across the internet, and the world is all connected to the grid  Would allow millions of idle processors to be used more efficiently

24.  Will be very difficult to achieve  Security (unknown users connecting to unknown machines)  Network issues  Control

25. References  RFC 3833: Threat Analysis of the Domain Name System, The Internet Society, August 2004  RFC 4033: DNS Security Introduction and Requirements, The Internet Society, March 2005  http://www.globus.org/security/overview.html http://www.globus.org/security/overview.html  http://www.fh-wedel.de http://www.fh-wedel.de  "Grid computing 101: what's all the fuss about?," IT Professional, vol.6, no.2, pp. 25-33, March-April 2004  D. Geer, “In Brief: IPv6 and Distributed Applications,” IEEE Distributed Systems Online, vol. 6, no.12, December 2005  Chakrabarti, A.; Damodaran, A.; Sengupta, S., “Grid Computing Security: A Taxonomy,” Security & Privacy, IEEE, vol. 6, no.1, pp.44-51, Jan-Feb. 2008