a new lightweight crypto library for supporting an
play

A new lightweight Crypto Library for supporting an Advanced Grid - PowerPoint PPT Presentation

Aug 04, 2023 •121 likes •456 views

A new lightweight Crypto Library for supporting an Advanced Grid Authentication Process with Smart Cards Roberto BARBERA (1)(2) , Vincenzo CIASCHINI (3) , Alberto FALZONE (4) , Giuseppe LA ROCCA (1)

  1. A new “lightweight” Crypto Library for supporting an Advanced Grid Authentication Process with Smart Cards Roberto ¡BARBERA (1)(2) , ¡Vincenzo ¡CIASCHINI (3) , ¡Alberto ¡FALZONE (4) ¡ , ¡ ¡ Giuseppe ¡LA ¡ROCCA (1) ¡ ¡and ¡Salvatore ¡MONFORTE (1) ¡ ¡ (1) ¡INFN ¡– ¡Na*onal ¡Ins*tute ¡of ¡Nuclear ¡Physics, ¡Division ¡of ¡Catania, ¡Italy ¡ ¡ (2) ¡Department ¡of ¡Physics ¡and ¡Astronomy ¡of ¡the ¡University ¡of ¡Catania, ¡Italy ¡ ¡ (3) ¡INFN ¡– ¡Na*onal ¡Ins*tute ¡of ¡Nuclear ¡Physics ¡– ¡CNAF, ¡Division ¡of ¡Bologna, ¡Italy ¡ (4) ¡NICE ¡srl ¡– ¡As*, ¡Italy ¡ ¡ ISGC 2011 & OGF 31 19-21 March 2011, Academia Sinica, Taipei, Taiwan www.egi.eu www.egi.eu EGI-InSPIRE RI-261323 EGI-InSPIRE RI-261323

  2. Outline Background: • – the current state-of-the-art of Grid Security; Introduction to smart cards and robot certificates: • • Installation and Configuration; • A use case from bioinformatics; Introduction to the “ lightweight ” crypto library • – Java™ PKCS#11, Bouncy Castle and Java CoG Kits; – The Architecture; – The list of software packages; – Examples; – Future works; Summary and Conclusions; • References. • www.egi.eu EGI-InSPIRE RI-261323

  3. • Background: ¡ ¡ – the ¡current ¡state-­‑of-­‑the-­‑art ¡of ¡Grid ¡ Security; ¡ • Introduc9on ¡to ¡smart ¡cards ¡and ¡ robot ¡cer9ficates: ¡ – Installa9on ¡and ¡Configura9on; ¡ – A ¡use ¡case ¡from ¡bioinforma9cs. ¡ ¡ www.egi.eu EGI-InSPIRE RI-261323

  4. 21st C st Century R ntury Rese search is be h is becom oming ing com omputa putationa tionally inte lly intensiv nsive r rese search h www.egi.eu EGI-InSPIRE RI-261323

  5. Background Grid technology allows users to share a wide plethora of • distributed computational resources regardless of their geographical location, but unfortunately … There are many things to know about Grid services before to start… Grid security is indeed based on the Public Key Infrastructure (PKI) of X.509 certificates and the procedure to manage these certificates is unfortunately not straightforward; The adoption of robot certificates can reduce these barriers and help non-expert users to experience Grids technology! www.egi.eu EGI-InSPIRE RI-261323

  6. Robot certificates in a nutshell Robot certificates have been introduced to allow non-users to • experience the Grid paradigm for research activity; – They are extremely useful, for instance, to automate Grid service monitoring, data processing production, distributed data collection systems; – Basically, these certificates can be used to identify a person responsible for an unattended service or process acting as client and/or server. www.egi.eu EGI-InSPIRE RI-261323

  7. Robot Certificates & tokens In order to strong reduce • the risks to have the robot certificate compromised, the INFN CA decided to store this new certificate on board of the Aladdin ¡eToken ¡ smart cards; The Aladdin eToken smart card • can support many certificates; A token PIN is prompted every time the user needs to interact • with the smart card; www.egi.eu EGI-InSPIRE RI-261323

  8. Installation & Configuration The Mkproxy-­‑rhel4.tar.gz tarball contains all the required • binaries for RHEL4 compatible platforms. After unpacking the tarball, copy over the files to their • respective locations: cp ¡-­‑rp ¡etoken/bin/* ¡ ¡/usr/local/bin ¡ ¡ ¡ ¡cp ¡-­‑rp ¡etoken/lib/* ¡ ¡/usr/local/lib ¡ ¡cp ¡-­‑rp ¡etoken/etc/openssl.cnf ¡/usr/local/etc ¡ www.egi.eu EGI-InSPIRE RI-261323

  9. Installation & Configuration Edit the /usr/local/mkproxy script and change the PKCS11_MOD • environment variable The mkproxy script has been tested on: • – Windows XP (using cygwin) / Vista / 7 – Linux Fedora Core 5, 8, 9, 11, 12 – Linux CentOS 4, 5 – Scientific Linux 4 and 5 – Linux OpenSuse 10.1, 11.0, 11.1 – MacOS X 10.5 and higher www.egi.eu EGI-InSPIRE RI-261323

  10. Using an Aladdin eToken PRO to generate a Grid Proxy With a single grid certificate on your eToken we can generate a • grid proxy by issuing the Mkproxy-rhel4.tar.gz tarball. mkproxy ¡-­‑-­‑label= ” Robot:MrBayes ” ¡ ¡Star9ng ¡Aladdin ¡eToken ¡PRO ¡proxy ¡genera9on ¡ ¡ ¡ ¡ ¡Found ¡X.509 ¡cer9ficate ¡on ¡eToken: ¡ ¡ ¡ ¡ ¡ ¡ ¡label: ¡(eTCAPI) ¡Robot:MrBayes ¡ – ¡Giuseppe ¡La ¡Rocca's ¡GILDA ¡ID ¡ ¡ ¡ ¡ ¡id: ¡ ¡ ¡ ¡39453945373335312d333545442d343031612d384637302d32384636363930363630423 ¡ ¡ Add VOMS extentions running the command : ¡ ¡ ¡ ¡Your ¡iden9ty: ¡/C=IT/O=GILDA/L=INFN ¡Catania/CN=Robot:MrBayes ¡ – ¡Giuseppe ¡La ¡Rocca ¡ ¡ ¡Genera9ng ¡a ¡512 ¡bit ¡RSA ¡private ¡key ¡..........++++++++++++ ¡......++++++++++++ ¡ ¡ voms-­‑proxy-­‑init ¡-­‑-­‑noregen ¡-­‑voms ¡<VO> ¡ ¡wri9ng ¡new ¡private ¡key ¡to ¡'proxykey.D17633' ¡ ¡ ¡-­‑-­‑-­‑-­‑-­‑ ¡engine ¡"pkcs11" ¡set. ¡ ¡ ¡Signature ¡ok ¡ ¡ ¡subject=/C=IT/O=GILDA/L=INFN ¡Catania/CN=Robot:MrBayes ¡ – ¡Giuseppe ¡La ¡Rocca/CN=proxy ¡ ¡ ¡Gefng ¡CA ¡Private ¡Key ¡ ¡ ¡PKCS#11 ¡token ¡PIN: ¡ ¡ ¡ ¡Your ¡proxy ¡is ¡valid ¡un9l: ¡Sun ¡Feb ¡24 ¡03:58:09 ¡CEST ¡2008-­‑02-­‑23 ¡ ¡ www.egi.eu EGI-InSPIRE RI-261323

  11. The XML/Java-based EnginFrame framework (first scenario) 2. create a proxy with the robot certificate 1. ask for a service 3. execute action User 5. get the results 4 . g e t o u t p u t 2 ’ , 3 ’ Admin . u s t e r r a c k query for accounting data L&B www.egi.eu EGI-InSPIRE RI-261323

  12. The Users Tracking System www.egi.eu EGI-InSPIRE RI-261323

  13. The Users Tracking System (cont.) www.egi.eu EGI-InSPIRE RI-261323

  14. Pros and Cons of this implementation Easy access to the computing resources of the Grid. • If something is compromised, removing the smart card from • the portal the Grid access is based on standard X.509 user ’ s certificate. We need to hack for wrapping Mkproxy-­‑rhel4.tar.gz script in our • Grid portals/Science Gateways. The solution is centralized! • – Only one configured server can exploit this authentication mechanism. The design of Java APIs for supporting a new crypto library and enable a new Grid authentication process based on the use of smart cards is an alternative to resolve these issues! www.egi.eu EGI-InSPIRE RI-261323

  15. • Introduc9on ¡to ¡the ¡ “ lightweight ” ¡ crypto ¡library: ¡ – Java™ ¡PKCS#11, ¡Bouncy ¡Castle ¡and ¡ Java ¡CoG ¡Kits; ¡ – The ¡Architecture; ¡ – The ¡list ¡of ¡sooware ¡packages; ¡ – Examples; ¡ – Future ¡works. ¡ ¡ www.egi.eu EGI-InSPIRE RI-261323

  16. The Cryptographic Token Interface Standard (PKCS#11) The Cryptographic Token Interface Standard (PKCS#11) is a • standard introduced by RSA Data Security Inc; – It defines native programming interfaces to cryptographic tokens, (hardware cryptographic accelerators, smart cards, … ); To make easier the integration of these PKCS#11 tokens, the • PKCS#11 ¡provider has been introduced. The PKCS#11 provider is supported on several platforms; PKCS#11 standard includes sixty function prototypes (also referred • to as cryptoki library) that together can be used to perform a wide range of cryptographic operations. www.egi.eu EGI-InSPIRE RI-261323

  17. The Bouncy Castle APIs The Bouncy Castle APIs provide support for creating two kinds of • X.509 certificates: – version 1 • They are used to create root certificates; • org.bouncycastle.x509.X509V1Cer9ficateGenerator ¡ – version 3 • They contain certificate extensions; • org.bouncycastle.x509.X509V3Cer9ficateGenerator ¡ – PKCS10 certification requests • org.bouncycastle.jce.PKCS10Cer9fica9onRequest ¡ www.egi.eu EGI-InSPIRE RI-261323

  18. The Java CoG Kits CoG Kits allow users to provide Globus Toolkit functionality • within their code without calling scripts, or in some cases without having Globus installed. – CoGs are currently available for Java, Python, CORBA, Perl, and Matlab. The Java CoG Kits distributed under the Globus Toolkit Public • License (GTPL) is an extension of the Java libraries and classes that provides Globus Toolkit functionality. – It provides Java classes for interfacing with the following Globus components/functions: • Proxy: Credential creation and destruction; • GRAM: Job submission and monitoring; • MDS: Resource searching; • RSL: Resource specification and job execution; • GridFTP: Data Management; • GASS: Data Management. www.egi.eu EGI-InSPIRE RI-261323

  19. The “ lightweight ” crypto library The new “ lightweight ” crypto library has been designed and • developed considering: – the native PKCS#11 ¡(v2.0) ¡ APIs; – the Bouncy ¡Castle ¡ APIs; ¡ – the Cog-­‑jGlobus ¡(ver ¡1.8.0) APIs; – SSL/TLS mechanisms; – Java Multithreaded Server. www.egi.eu EGI-InSPIRE RI-261323

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Future Challenges for Lightweight Cryptography F.-X. Standaert UCL Crypto Group Crypto for 2020,

Future Challenges for Lightweight Cryptography F.-X. Standaert UCL Crypto Group Crypto for 2020,

Future Challenges for Lightweight Cryptography F.-X. Standaert UCL Crypto Group Crypto for 2020, Tenerife, January 2013 Outline 1 1. Past results 2. Future challenges 1. Block ciphers 2 TEA, NOEKEON, AES, SERPENT, ICEBERG, HIGHT,

844 views • 68 slides
Lightweight Symmetric Crypto on a Full Circle: From Industry to Academia and Back Christian

Lightweight Symmetric Crypto on a Full Circle: From Industry to Academia and Back Christian

Lightweight Symmetric Crypto on a Full Circle: From Industry to Academia and Back Christian Rechberger TU Graz and DTU Security of modern IT Systems User Secure System Communication Protocol Cryptographic Primitive Security of modern IT

523 views • 51 slides
Lightweight Cryptography and Classification of AEAD Modes Nilanjan Datta Institute for Advancing

Lightweight Cryptography and Classification of AEAD Modes Nilanjan Datta Institute for Advancing

Lightweight Cryptography and Classification of AEAD Modes Nilanjan Datta Institute for Advancing Intelligence (IAI), TCG CREST International Crypto-Webniar 2020 Aug 30, 2020 N. Datta (IAI, TCG CREST) Lightweight Crypto and Classification of

1.62k views • 98 slides
On the Design and Use of Lightweight Cryptography for Cyber-Physical Systems Hirotaka Yoshida 1 1

On the Design and Use of Lightweight Cryptography for Cyber-Physical Systems Hirotaka Yoshida 1 1

On the Design and Use of Lightweight Cryptography for Cyber-Physical Systems Hirotaka Yoshida 1 1 AIST, Japan Kolkata, India (16 November 2018) 1 / 38 Table of contents 1 Introduction 2 Lightweight Crypto Stack for Circuit/RAM Size Requirement

670 views • 38 slides
Chip card sidelight on lightweight crypto Marc Girault CARDIS 2014 5-7 November 2014 Contents

Chip card sidelight on lightweight crypto Marc Girault CARDIS 2014 5-7 November 2014 Contents

Orange Labs Caen Chip card sidelight on lightweight crypto Marc Girault CARDIS 2014 5-7 November 2014 Contents 1. Back to 1985 Why 1985 ? Public phones Cryptology 2. Prepaid phone cards Background T1G T2G

786 views • 47 slides
Outline Lightweight Active Router-Queue Problem Management for Multimedia Supporting

Outline Lightweight Active Router-Queue Problem Management for Multimedia Supporting

Outline Lightweight Active Router-Queue Problem Management for Multimedia Supporting multimedia on the Internet Networking Context Drop Tail M. Parris, K. Jeffay, and F.D. Smith RED Department of Computer Science

288 views • 6 slides
CRYPTO HERE, CRYPTO THERE, CRYPTO, CRYPTO EVERYWHERE WORLD AQUATIC HEALTH CONFERENCE

CRYPTO HERE, CRYPTO THERE, CRYPTO, CRYPTO EVERYWHERE WORLD AQUATIC HEALTH CONFERENCE

CRYPTO HERE, CRYPTO THERE, CRYPTO, CRYPTO EVERYWHERE WORLD AQUATIC HEALTH CONFERENCE WILLIAMSBURG, VA THURSDAY, OCTOBER 17 TH , 2019 JOHN KELLY, PE IOWA DEPARTMENT OF PUBLIC HEALTH DISCLAIMER THIS PRESENTATION: IS INTENDED FOR

843 views • 40 slides
Lightweight Cryptography Mar a Naya-Plasencia Inria, France Summer School on real-world

Lightweight Cryptography Mar a Naya-Plasencia Inria, France Summer School on real-world

Lightweight Cryptography Mar a Naya-Plasencia Inria, France Summer School on real-world crypto and privacy Sibenik, Croatia - June 15 2018 Outline Symmetric lightweight primitives Most used cryptanalysis Impossible

1.31k views • 76 slides
Its time to Think Lightweight! www.thinklightweight.com TO D A Y S TO P IC S 1.

Its time to Think Lightweight! www.thinklightweight.com TO D A Y S TO P IC S 1.

Its time to Think Lightweight! www.thinklightweight.com TO D A Y S TO P IC S 1. About Think Lightweight 2. What are Lightweight Structures? 3. Industry Applications 4. Product Line Review 5. Think Lightweight Component

832 views • 43 slides
NaCl: a new crypto library AES-128, RSA-2048, etc. are widely accepted standards. D. J.

NaCl: a new crypto library AES-128, RSA-2048, etc. are widely accepted standards. D. J.

NaCl: a new crypto library AES-128, RSA-2048, etc. are widely accepted standards. D. J. Bernstein, U. Illinois Chicago &amp; T. U. Eindhoven Obviously infeasible to break Tanja Lange, T. U. Eindhoven by best attacks in literature. Joint work

1.46k views • 133 slides
NaCl: a new crypto library D. J. Bernstein, U. Illinois Chicago &amp; T. U. Eindhoven Tanja

NaCl: a new crypto library D. J. Bernstein, U. Illinois Chicago &amp; T. U. Eindhoven Tanja

NaCl: a new crypto library D. J. Bernstein, U. Illinois Chicago &amp; T. U. Eindhoven Tanja Lange, T. U. Eindhoven Joint work with: Peter Schwabe, R. U. Nijmegen xkcd.com/538/ AES-128, RSA-2048, etc. are widely accepted standards. Obviously

874 views • 50 slides
A Lightweight Library for Building Scalable T ools Emily R. Jacobson , Michael J. Brim, Barton

A Lightweight Library for Building Scalable T ools Emily R. Jacobson , Michael J. Brim, Barton

A Lightweight Library for Building Scalable T ools Emily R. Jacobson , Michael J. Brim, Barton P. Miller Paradyn Project University of Wisconsin jacobson@cs.wisc.edu June 6, 2010 Para 2010: State of the Art in Scientific and Parallel

1.02k views • 45 slides
The PHOTON Family of Lightweight Hash Functions Jian Guo, Thomas Peyrin, Axel Poschmann CRYPTO

The PHOTON Family of Lightweight Hash Functions Jian Guo, Thomas Peyrin, Axel Poschmann CRYPTO

Introduction Generalized Sponge Serial MDS PHOTON Security Conclusion The PHOTON Family of Lightweight Hash Functions Jian Guo, Thomas Peyrin, Axel Poschmann CRYPTO 2011, 15 August 2011 Introduction Generalized Sponge Serial MDS PHOTON

839 views • 35 slides
Saturnin A suite of lightweight symmetric algorithms for post-quantum security Anne Canteaut 1

Saturnin A suite of lightweight symmetric algorithms for post-quantum security Anne Canteaut 1

Saturnin A suite of lightweight symmetric algorithms for post-quantum security Anne Canteaut 1 Sbastien Duval 2 Gatan Leurent 1 Mara Naya-Plasencia 1 Lo Perrin 1 Thomas Pornin 3 Andr Schrottenloher 1 1 Inria, France 2 UCL Crypto Group,

750 views • 26 slides
Towards Green Cryptography: a Comparison of Lightweight Ciphers from the Energy Viewpoint St

Towards Green Cryptography: a Comparison of Lightweight Ciphers from the Energy Viewpoint St

Towards Green Cryptography: a Comparison of Lightweight Ciphers from the Energy Viewpoint St ephanie Kerckhof, Fran cois Durvaux, C edric Hoquet, David Bol, Fran cois-Xavier Standaert CHES 2012 September 2012 UCL Crypto Group

931 views • 49 slides
The lightweight beam for Heavyweight applications The impact of this lightweight steel beam will

The lightweight beam for Heavyweight applications The impact of this lightweight steel beam will

The lightweight beam for Heavyweight applications The impact of this lightweight steel beam will revolutionise the international high-rise construction industry Tony Zaccarini and Dr Patrick OBrien The lightweight beam for Heavyweight

417 views • 12 slides
1. Introduction to a new Type of Matching 2. The polynomials U ,k,n ( x ) 3. Background and

1. Introduction to a new Type of Matching 2. The polynomials U ,k,n ( x ) 3. Background and

1. Introduction to a new Type of Matching 2. The polynomials U ,k,n ( x ) 3. Background and Previous Results 4. Extreme Coefficients 5. 2 Closed Forms from Recursions 6. Q-Analogues 7. Q-statistic 8. Unanswered Questions Notion of a

464 views • 31 slides
r r

r r

r r ss s sr rtt tr

1.21k views • 96 slides
On the Provable Security of the Iterated Even-Mansour Cipher against Related-Key and Chosen-Key

On the Provable Security of the Iterated Even-Mansour Cipher against Related-Key and Chosen-Key

Introduction Related-Key Attacks Chosen-Key Attacks Conclusion On the Provable Security of the Iterated Even-Mansour Cipher against Related-Key and Chosen-Key Attacks Benot Cogliati 1 and Yannick Seurin 2 1 Versailles University, France 2

1.23k views • 94 slides
CSN08101 Digital Forensics Lecture 8: File Systems Lecture 8: File Systems Module Leader: Dr

CSN08101 Digital Forensics Lecture 8: File Systems Lecture 8: File Systems Module Leader: Dr

CSN08101 Digital Forensics Lecture 8: File Systems Lecture 8: File Systems Module Leader: Dr Gordon Russell Lecturers: Robert Ludwiniak Objectives Investigative Process Analysis Framework last week File Systems File

795 views • 50 slides
The Kernel (and Process) Abstraction Chapter 2-3 OSPP Part I Announcements Today: kernel

The Kernel (and Process) Abstraction Chapter 2-3 OSPP Part I Announcements Today: kernel

The Kernel (and Process) Abstraction Chapter 2-3 OSPP Part I Announcements Today: kernel Asynchrony Processes Protection Kernel The software component that controls the hardware directly and implements the core privileged OS

934 views • 62 slides
Run-time Classification of Malicious Processes Using System Call Analysis Ray Canzanese Spiros

Run-time Classification of Malicious Processes Using System Call Analysis Ray Canzanese Spiros

Run-time Classification of Malicious Processes Using System Call Analysis Ray Canzanese Spiros Mancoridis Moshe Kam Dept. of Electrical and Computer Engineering Newark College of Engineering College of Computing and Informatics Drexel

594 views • 23 slides
CS 528 Mobile and Ubiquitous Computing Lecture 11: Mobile Security and Mobile Software

CS 528 Mobile and Ubiquitous Computing Lecture 11: Mobile Security and Mobile Software

CS 528 Mobile and Ubiquitous Computing Lecture 11: Mobile Security and Mobile Software Vulnerabilities Emmanuel Agu Mobile Security Issues Introduction So many cool mobile apps Access to web, personal information, social media, etc

1.05k views • 55 slides
Introduction to OSs What is an Operating System? Architectural Support for Operating

Introduction to OSs What is an Operating System? Architectural Support for Operating

CPSC-410 Operating Systems Introduction Introduction to OSs What is an Operating System? Architectural Support for Operating Systems Basic Organization of an Operating System Reading: Silberschatz (7 th ed), Chapters 1, 2

873 views • 19 slides

More recommend