Transport Level Security in Grid Environment

Abstract

Grid technology has emerged as a new way of large-scale distributed computing with high-performance orientation. Grid computing is being adopted in various areas from academic, industry research, to government use. The multi-institutional nature of grid computing poses a significant challenge in establishing a security infrastructure for the grid. In this thesis, we specifically focus on the security implementation provided by Globus toolkit 4 (GT4) and how it resolves the security issues. GT4’s security implementation is based on existing web service technology, public key cryptography, and digital certificates. Within Grid computing, it is very common to have groups of individuals and associated resources and services on different administrative domain called virtual organizations, connected together for a single purpose. Each domain has its own local security policies; thus, grid security must find a way to bridge the diverse local policies and allow interdomain communication in a secure manner. This multi-institutional environment creates the need for a security framework that allows flexibility in communication and authentication between different domains yet remains secured from unwarranted intrusions. In order to support the above requirements, Globus toolkit incorporates a specific security component called Grid Security infrastructure or GSI which is based on standard technologies, such as TLS (formerly SSL) and secure Web Services specifications. The GSI in Globus Toolkit 4 uses message-level security, and the transport-level security. GSI provides complete public-key system, authentication through certificates, credential delegation and single sign-on. GSI is based on public-key cryptography to guarantee privacy, integrity, and authentication. In most situations, there may not be necessary to provide all three features at once, but at the least, authentication should be performed. This thesis focuses on authentication aspect of grid security. A simple grid service is implemented and security features are added to it from authentication perspective, then experimental results are obtained for the same.