Your SlideShare is downloading. ×
0
Current standard implementations for security/authorization in distributed computing infrastructures
Current standard implementations for security/authorization in distributed computing infrastructures
Current standard implementations for security/authorization in distributed computing infrastructures
Current standard implementations for security/authorization in distributed computing infrastructures
Current standard implementations for security/authorization in distributed computing infrastructures
Current standard implementations for security/authorization in distributed computing infrastructures
Current standard implementations for security/authorization in distributed computing infrastructures
Current standard implementations for security/authorization in distributed computing infrastructures
Current standard implementations for security/authorization in distributed computing infrastructures
Current standard implementations for security/authorization in distributed computing infrastructures
Current standard implementations for security/authorization in distributed computing infrastructures
Current standard implementations for security/authorization in distributed computing infrastructures
Current standard implementations for security/authorization in distributed computing infrastructures
Current standard implementations for security/authorization in distributed computing infrastructures
Current standard implementations for security/authorization in distributed computing infrastructures
Current standard implementations for security/authorization in distributed computing infrastructures
Current standard implementations for security/authorization in distributed computing infrastructures
Current standard implementations for security/authorization in distributed computing infrastructures
Current standard implementations for security/authorization in distributed computing infrastructures
Current standard implementations for security/authorization in distributed computing infrastructures
Current standard implementations for security/authorization in distributed computing infrastructures
Current standard implementations for security/authorization in distributed computing infrastructures
Current standard implementations for security/authorization in distributed computing infrastructures
Current standard implementations for security/authorization in distributed computing infrastructures
Current standard implementations for security/authorization in distributed computing infrastructures
Current standard implementations for security/authorization in distributed computing infrastructures
Current standard implementations for security/authorization in distributed computing infrastructures
Current standard implementations for security/authorization in distributed computing infrastructures
Current standard implementations for security/authorization in distributed computing infrastructures
Current standard implementations for security/authorization in distributed computing infrastructures
Current standard implementations for security/authorization in distributed computing infrastructures
Current standard implementations for security/authorization in distributed computing infrastructures
Current standard implementations for security/authorization in distributed computing infrastructures
Current standard implementations for security/authorization in distributed computing infrastructures
Current standard implementations for security/authorization in distributed computing infrastructures
Current standard implementations for security/authorization in distributed computing infrastructures
Current standard implementations for security/authorization in distributed computing infrastructures
Current standard implementations for security/authorization in distributed computing infrastructures
Current standard implementations for security/authorization in distributed computing infrastructures
Current standard implementations for security/authorization in distributed computing infrastructures
Current standard implementations for security/authorization in distributed computing infrastructures
Current standard implementations for security/authorization in distributed computing infrastructures
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Current standard implementations for security/authorization in distributed computing infrastructures

375

Published on

Security concepts …

Security concepts
- Symmetric/Asymmetric Cryptography
- Hash functions
- Digital Signature and Digital Certificates
- PKI
Grid Security
- VOMS
Authentication/Authorization management
- Kerberos
- Shibboleth

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
375
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
18
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide
  • AES was announced by National Institute of Standards and Technology (NIST). May 26, 2002
  • VOMS allows distributed collaborations to centrally manage user roles and capabilities. The VOMS user credentials provide additional role and capability data to application service providers that can then be used to make more fully-informed authorization decisions.
  • MIT developed Kerberos to protect network services provided by Project Athena. The protocol was named after the Greek mythological character Kerberos (or Cerberus), known in Greek mythology as being the monstrous three-headed guard dog of Hades. Several versions of the protocol exist; versions 1–3 occurred only internally at MIT.
  • http://www.citi.umich.edu/projects/kerb_pki/
  • Timestamps : Time-based authenticators shrink the time window during which the authenticator can be reused.Ticket can be address-full, meaning that IP addresses for which tickets have been generated get embedded inside the ticket. Thus the server is able to verify these addresses against the connection source IP address. While it might represent a true challenge to enforce address-full tickets in a realistic environment, very few common services actually verify these addresses, in fact none in a Microsoft Windows environment and only KDC services under Unix environment.Replay cache : a server can store previously submit authenticators during their lifetime and detect their reuse. The last countermeasure is to use keyed cryptographic checksum in upper layer protocol using the session key (unknown by the replaying attacker).
  • Hijacking kerberos tickets always starts compromising a kerberized system, and gain root access: - privilege escalation - password sniffing - shoulder surfing
  • Key benefits:Relieves remote service providers from having to manage user lists for every institution that uses their servicesAllows "home institutions" to protect the identities of their users from remote service providersLeverages existing authentication systems at home institutionsFlexible, distributed architecture supports a variety of usage scenarios
  • Without AAI: - Different login processes - Often IP-based authorization - Many resources not protected due to difficulties With AAI: - Single login process for the users - Many new resources (that weren’t protected when AAI was not implemented) now become available for the users
  • Shibboleth is a Java web appWeb/application Servers supportedTomcat/jboss Apache + Tomcat/JbossIIS + Tomcat/JBoss
  • ×