Introdution to EGEE and Security

1
Introdution to EGEE andSecurity

• Norbert Podhorszki
• MTA SZTAKI

EGEE is funded by the European Union under
contract IST-2003-508833
2
Acknowledgement

• This tutorial is based on the work of many
  people
• Fabrizio Gagliardi, Flavia Donno and Peter Kunszt
  (CERN)
• the EDG developer team
• the EDG training team
• the NeSC training team
• the SZTAKI training team

3
The Grid Vision
The Grid networked data processing centres and
middleware software as the glue of resources.
4
What do we expect from the Grid?

• Access to a world-wide virtual computing
  laboratory with almost infinite resources
• Possibility to organize distributed scientific
  communities in VOs
• Transparent access to distributed data and easy
  workload management
• Easy to use application interfaces

5
CERN Data intensive science in a large
international facility

• The Large Hadron Collider (LHC)
• The most powerful instrument ever built to
  investigate elementary particles physics
• Data Challenge
• 10 Petabytes/year of data !!!
• 20 million CDs each year!
• Simulation, reconstruction, analysis
• LHC data handling requires computing power
  equivalent to 100,000 of today's fastest PC
  processors!

Mont Blanc (4810 m)
Downtown Geneva
6
The EGEE Project

• EU funded project (04/2004 03/2006)
• EGEE offers the largest production grid facility
  in the world open to many applications (HEP,
  BioMedical, generic)
• Existing production service based on LCG (derived
  from EDG software of FP5)
• Next generation open source web-services
  middleware being re-engineered taking into
  account production/ deployment/ management needs
• Well-defined, distributed support structure to
  provide eInfrastructure that is available to many
  application domains

www.eu-egee.org
7
LCG-2/EGEE-0 Status April 2005
Cyprus

• Total
• gt 100 Sites
• 12000 CPUs
• 6.5 PByte

8
Main Logical Machine Types (Services) in LCG-2

• User Interface (UI)
• Information Service (IS)
• Computing Element (CE)
• Frontend Node
• Worker Nodes (WN)

• Storage Element (SE)
• Replica Catalog (RC,RLS)
• Resource Broker (RB)

9
User Interface

• The initial point of access to the LCG-2 Grid is
  the User Interface
• This is a machine where
• LCG users have a personal account
• The users certificate is installed
• The UI is the gateway to Grid services
• It provides a Command Line Interface to perform
  the following basic Grid operations
• list all the resources suitable to execute a
  given job
• replicate and copy files
• submit a job for execution on a Computing
  Element
• show the status of one or more submitted jobs.
• retrieve the output of one or more finished jobs
• cancel one or more jobs
• One or more UIs are available at each site part
  of the LCG-2 Grid

10
Main Logical Machine Types (Services) in LCG-2

• User Interface (UI)
• Information Service (IS)
• Computing Element (CE)
• Frontend Node
• Worker Nodes (WN)

• Storage Element (SE)
• Replica Catalog (RC,RLS)
• Resource Broker (RB)

11
Computing Element

• Computing Element entry
• point into a queue of a batch
• system
• information associated with a computing element
  is limited only to information relevant to the
  queue
• Resource details relates to the system

infoService
gatekeeper
Batch server
Grid Gate node

CPUPIV RAM2GB OSLinux
CPUPIV RAM2GB OSLinux
CPUPIV RAM2GB OSLinux
CPUPIV RAM2GB OSLinux
A CE consist of homogeneous worker nodes
12
Main Logical Machine Types (Services) in LCG-2

• User Interface (UI)
• Information Service (IS)
• Computing Element (CE)
• Frontend Node
• Worker Nodes (WN)

• Storage Element (SE)
• Replica Catalog (RC,RLS)
• Resource Broker (RB)

13
Storage Element (SE)

• A Storage Element (SE) provides uniform access
  and services to large storage spaces.
• Each site includes at least one SE
• They use two protocols
• GSIFTP for file transfer
• Remote File Input/Output (RFIO) for file access
• Storage Resource Manager (SRM) needs to take into
  account
• Transparent access to files (migration to/from
  disk pool)
• Space reservation (on demand and advance)
• File status notification
• Life time management

14
Main Logical Machine Types (Services) in LCG-2

• User Interface (UI)
• Information Service (IS)
• Computing Element (CE)
• Frontend Node
• Worker Nodes (WN)

• Storage Element (SE)
• Replica Catalog (RC,RLS)
• Resource Broker (RB)

15
Information System (IS)

• The Information System (IS) provides information
  about the LCG-2 Grid resources and their status
• The current IS is based on LDAP (Lightweight
  Directory Access Protocol) a directory service
  infrastructure which is a specialized database
  optimized for
• reading,
• browsing and
• searching information.
• the LDAP schema used in LCG-2 implements the GLUE
  (Grid Laboratory for a Uniform Environment)
  Schema

16
Main Logical Machine Types (Services) in LCG-2

• User Interface (UI)
• Information Service (IS)
• Computing Element (CE)
• Frontend Node
• Worker Nodes (WN)

• Storage Element (SE)
• Replica Catalog (RC,RLS)
• Resource Broker (RB)

17
Data Management

• In LCG, the data files are replicated
• on a temporary basis,
• to many different sites depending on
• where the data is needed.
• The users or applications do not need to know
  where the data is located, they use logical files
  names
• the Data Management services are responsible for
  locating and accessing the data.

18
Replication Services Basic Functionality
Each file has a unique Grid ID. Locations
corresponding to the GUID are kept in the Replica
Location Service.
Users may assign aliases to the GUIDs. These are
kept in the Replica Metadata Catalog.
Files have replicas stored at many Grid sites on
Storage Elements.
Replica Metadata Catalog
Replica Location Service
Replica Manager
The Replica Manager provides atomicity for file
operations, assuring consistency of SE and
catalog contents.
Storage Element
Storage Element
19
Main Logical Machine Types (Services) in LCG-2

• User Interface (UI)
• Information Service (IS)
• Computing Element (CE)
• Frontend Node
• Worker Nodes (WN)

• Storage Element (SE)
• Replica Catalog (RC,RLS)
• Resource Broker (RB)

20
Job Management

• The user interacts with Grid via a Workload
  Management System (WMS)
• The Goal of WMS is the distributed scheduling
  and resource management in a Grid environment.
• What does it allow Grid users to do?
• To submit their jobs
• To execute them on the best resources
• The WMS tries to optimize the usage of resources
• To get information about their status
• To retrieve their output

21
A Simple Configuration
Computing Element 1
Storage Element 1
CLOSE
User Interface Resource Broker Replica
Catalog Information Service
CLOSE
Storage Element 2
Computing Element 2
22
Security
23
Introduction to Security

• What aspects of security should we be concerned
  about?
• Authentication (Identification)
• Confidentiality (Privacy)
• Integrity (non-Tampering)
• Authorisation
• Also
• Accounting
• Delegation
• Non-Repudiation

24
How do I login on the Grid ?

• Distribution of resources secure access is a
  basic requirement
• secure communication
• security across organisational boundaries
• single sign-on" for users of the Grid
• Two basic concepts
• Authentication Who am I?
• Equivalent to a pass port, ID card etc.
• Authorisation What can I do?
• Certain permissions, duties etc.

25
Encrypting for Confidentiality

• Sending a message using asymmetric keys
• Encrypt message using Receivers public key
• Send encrypted message
• Receiver decrypts message using own private key
• Only someone with Receivers private key can
  decrypt message

Receiver space
Public space
Sender space
Private Key
Public Key
Receivers Public Key
Receivers Public Key
3
hR3a rearj
hR3a rearj
openssl
openssl
2
hR3a rearj
1
Hello World
Hello World
26
Signing for Authentication

• Encrypt message with Senders private key
• Send encrypted message
• Message is readable by ANYONE with Senders
  public key
• Receiver decrypts message with Senders public
  key
• Receiver can be confident that only someone with
  Senders private key
• could have sent the message

Public space
Sender space
Receiver space
Senders Public Key
Senders Public Key
Public Key
Private Key
3
openssl
1
openssl
n52krj rer
n52krj rer
openssl
Hello World
4
2
n52krj rer
Hello World
Hello World
27
Problem of Authentication

• What if the public key is stolen? Can the
  Receiver be sure that the Senders public key is
  really the Senders public key and not someone
  elses?

Public space
Attacker
Public Key
Private Key
1
openssl
s76gthklds
Attackers Public Key advertised as Senders
Public Key
You are a looser
Sender space
Receiver space
Senders Public Key
Public Key
Private Key
3
openssl
You are a looser
1
openssl
n52krj rer
s76gthklds
openssl
2
4
s76gthklds
You are a looser
Hello World
28
Digital Certificates

• How can B be sure that As public key is really
  As public key and not someone elses?
• A third party guarantees the correspondence
  between public key and owners identity, by
  signing a document which contains the owners
  identity and his public key (Digital Certificate)
• Both A and B must trust this third party
• Two models
• X.509 hierarchical organization
• PGP web of trust.

29
Certificate contents

• The certificate that you present to others
  contains
• Your distinguished name (DN)
• your identifier
• Your public key
• anyone can send a secret message to you
• The identity of the CA who issued the certificate
• just a name
• Its expiry date
• the certificates expiry date (usually issued for
  one year)
• Digital signature of the CA which issued it
• the certificate encrypted with the CAs private
  key

30
Involved entities
Certificate Authority
User
Public key Private key certificate
Resource (site offering services)
31
Certificate Request
User send public key to CA along with proof of
identity.
User generatespublic/privatekey pair.
CA confirms identity, signs certificate and sends
back to user.
Cert
Signed public key.
Private Key encrypted on local disk
32
X.509 certificates and authentication
B
A
A
As certificate
Verify CA signature
Random phrase
Encrypt with A s private key
Encrypted phrase
Decrypt with A s public key
Compare with original phrase
33
Certificate classification

• User certificate
• issued to a physical person
• DN CCH, OCERN, OUGRID, CN John Smith
• the only kind of certificate good for a client,
  i.e. to send Grid jobs etc.
• Host certificate
• issued to a machine (i.e. a secure web server,
  etc.)
• request signed with a user certificate
• DN CCH, OCERN, OUGRID, CNhost1.cern.ch
• Grid host certificate
• issued to a Grid service (i.e. a Resource Broker,
  a Computing Element, etc.)
• request signed with a user certificate
• DN CCH, OCERN, OUGRID, CNhost/host1.cern.ch
• Service certificate
• issued to a program running on a machine
• request signed with a user certificate
• DN CCH, OCERN, OUGRID, CNldap/host1.cern.ch

34
Grid Security Infrastructure (GSI)

• Globus ToolkitTM proposed and implements the Grid
  Security Infrastructure (GSI)
• Protocols and APIs to address Grid security needs
• GSI protocols extend standard public key
  protocols
• Standards X.509 SSL/TLS
• Extensions X.509 Proxy Certificates (single
  sign-on) Delegation
• Proxy Certificate
• Short term, restricted certificate that is
  derived form a long-term X.509 certificate
• Signed by the normal end entity cert, or by
  another proxy
• Allows a process to act on behalf of a user
• Not encrypted and thus needs to be securely
  managed by file system

35
Delegation

• Proxy creation can be recursive
• each time a new private key and new X.509 proxy
  certificate, signed by the original key
• Allows remote process to act on behalf of the
  user
• Avoids sending passwords or private keys across
  the network
• The proxy may be a Restricted Proxy a proxy
  with a reduced set of privileges (e.g. cannot
  submit jobs).