A security architecture for distributed grid applications with sensitive delay requirements

147 σ.Η αρχιτεκτονική ασφαλείας που προτείνεται στην διατριβή είναι προσανατολισμένη στο να δώσει λύσεις σε κατανεμημένες εφαρμογές Πλέγματος (Grid) ευαίσθητες σε χρόνο απόκρισης. Πεδίο εφαρμογής της είναι τα Πλέγματα Μετρήσεων και Ελέγχου (Instrumentation Grids), επέκταση των Συστημάτων Υπολογιστικού Πλέγματος (Computational Grids). Τα Instrumentation Grids είναι κατανεμημένα συστήματα τεχνολογιών πλέγματος, τα οποία προσφέρουν απομακρυσμένη πρόσβαση σε όργανα «μετρήσεων και ελέγχου». Βασική προδιαγραφή στα περιβάλλοντα αυτά αφορά στον περιορισμένο χρόνο απόκρισης των κατανεμημένων λειτουργιών των οργάνων. Η αρχιτεκτονική ασφαλείας που υιοθετείται στα παραδοσιακά Grids βασίζεται σε Υποδομή Δημοσίου Κλειδιού (PKI) και δημιουργεί συνήθως μεγάλες καθυστερήσεις. Για τον λόγο αυτό προτείνουμε μια νέα αρχιτεκτονική ασφαλείας βασισμένη στο πρωτόκολλο Kerberos. Η αρχιτεκτονική μας αποτελείται τέσσερα υποσυστήματα: Το Kerberos KDC που αποτελεί την Τρίτη Έμπιστη Οντότητα του συστήματος, το KrbClient που αλληλεπιδρά με την αρχιτεκτονική εκ μέρους του λογισμικού πελάτη, ο Access Control Manager (ACM) που προστατεύει τις υπηρεσίες ελέγχου του Instrumentation Grid και το Policy Repository που αποθηκεύει τους κανόνες πρόσβασης (authorization) των κατανεμημένων πόρων. Στα πλαίσια της διατριβής υλοποιήθηκε πρότυπη αρχιτεκτονική ασφαλείας βασισμένη σε ενδιάμεσο λογισμικό Υπηρεσιών Ιστού (Web Services). Οι μετρήσεις που πραγματοποιήσαμε επιβεβαιώνουν πως η προτεινόμενη αρχιτεκτονική βελτιώνει σημαντικά την απόδοση στις λειτουργίες ασφαλείας (Ταυτοποίηση, Εξουσιοδότηση και Ακεραιότητα Μηνύματος) αντικαθιστώντας την Κρυπτογραφία Δημοσίου Κλειδιού των Computational Grids με Συμμετρική Κρυπτογραφία. Η βελτίωση γίνεται εντονότερη κάτω από υψηλό υπολογιστικό φορτίο στις υπηρεσίες μετρήσεων και ελέγχου των οργάνων.In this thesis we propose a security architecture that provides a solution to distributed Grid applications with delay sensitive requirements. These applications are usually encountered within an Instrumentation Grid, an extension of a Computational Grid. Instrumentation Grids are distributed systems that follow Grid technologies to interact with remote distributed instruments. One of their main requirements is low latency times. This may not be satisfied with security architectures adopted in Computational Grids based on Public Key Infrastructure (PKI). For that reason we propose an alternate security architecture based on the Kerberos protocol. Our architecture is composed of four components: The Kerberos KDC that acts as a Third Trusted Party, the KrbClient that represents the client, the Access Control Manager (ACM) that protects the services of the Instrumentation Grid and the Policy Repository which stores the access rules (authorization) of the distributed resources. We validated our architecture by implementing a prototype built on Web Service middleware. Our experiments showed a significant performance improvement in authentication, authorization and message integrity processes over legacy Grid security architectures. The improvement becomes substantial under heavy processing load of the remote instrumentation services.Αθανάσιος Μ. Μώραλη

GRIDCC - Providing a real-time grid for distributed instrumentation

The GRIDCC project is extending the use of Grid computing to include access to and control of distributed instrumentation. Access to the instruments will be via an interface to a Virtual Instrument Grid Service (VIGS). VIGS is a new concept and its design and implementation, together with middleware that can provide the appropriate Quality of Service (QoS), is a key part of the GRIDCC development plan. An overall architecture for GRIDCC has been defined and some of the application areas, which include distributed power systems, remote control of an accelerator and the remote monitoring of a large particle physics experiment, are briefly discussed.E

A Taxonomy of Data Grids for Distributed Data Sharing, Management and Processing

Data Grids have been adopted as the platform for scientific communities that need to share, access, transport, process and manage large data collections distributed worldwide. They combine high-end computing technologies with high-performance networking and wide-area storage management techniques. In this paper, we discuss the key concepts behind Data Grids and compare them with other data sharing and distribution paradigms such as content delivery networks, peer-to-peer networks and distributed databases. We then provide comprehensive taxonomies that cover various aspects of architecture, data transportation, data replication and resource allocation and scheduling. Finally, we map the proposed taxonomy to various Data Grid systems not only to validate the taxonomy but also to identify areas for future exploration. Through this taxonomy, we aim to categorise existing systems to better understand their goals and their methodology. This would help evaluate their applicability for solving similar problems. This taxonomy also provides a "gap analysis" of this area through which researchers can potentially identify new issues for investigation. Finally, we hope that the proposed taxonomy and mapping also helps to provide an easy way for new practitioners to understand this complex area of research.Comment: 46 pages, 16 figures, Technical Repor

Securing the IOT Based Smart Meter Monitoring Using AES Algorithm

Smart meter is the upgradation of the existing meter in terms of cost, communication infrastructure, internet of things and reliable technologies. In the ambitious flagship programme of digital India-project an initiative of India, the potential fields of the missions are identified in the area are smart energy, smart meters, smart homes, and smart cities. More than 100 smart cities are planned for information and communication technology-driven solutions with big data analytics in India. The exponential growth in smart meter has given certain security risks, cyber threats and protection of stored data as Nation security. Smart meters, comprising of several communication, monitoring intelligent, metering and electrical equipment used in power meter, have a greater exposure to meter security and cyber-attacks which potentially disrupt distribution in a city. The paper proposed the energy meter with Advanced Encryption Standard (AES) algorithm enable with NodeMCU hardware. The data generated by the energy meter is stored in the cloud using AES algorithm to secure this data from intruders. This system ensures the AES can be employed in smart meter security and communication infrastructure

Automated tools and techniques for distributed Grid Software: Development of the testbed infrastructure

Grid technology is becoming more and more important as the new paradigm for sharing computational resources across different organizations in a secure way. The great powerfulness of this solution, requires the definition of a generic stack of services and protocols and this is the scope of the different Grid initiatives. As a result of international collaborations for its development, the Open Grid Forum created the Open Grid Services Architecture (OGSA) which aims to define the common set of services that will enable interoperability across the different implementations. This master thesis has been developed in this framework, as part of the two European-funded projects ETICS and OMII-Europe. The main objective is to contribute to the design and maintenance of large distributed development projects with the automated tool that enables to implement Software Engineering techniques oriented to achieve an acceptable level of quality at the release process. Specifically, this thesis develops the testbed concept as the virtual production-like scenario where to perform compliance tests. As proof of concept, the OGSA Basic Execution Service has been chosen in order to implement and execute conformance tests within the ETICS automated testbed framework

Assessing and augmenting SCADA cyber security: a survey of techniques

SCADA systems monitor and control critical infrastructures of national importance such as power generation and distribution, water supply, transportation networks, and manufacturing facilities. The pervasiveness, miniaturisations and declining costs of internet connectivity have transformed these systems from strictly isolated to highly interconnected networks. The connectivity provides immense benefits such as reliability, scalability and remote connectivity, but at the same time exposes an otherwise isolated and secure system, to global cyber security threats. This inevitable transformation to highly connected systems thus necessitates effective security safeguards to be in place as any compromise or downtime of SCADA systems can have severe economic, safety and security ramifications. One way to ensure vital asset protection is to adopt a viewpoint similar to an attacker to determine weaknesses and loopholes in defences. Such mind sets help to identify and fix potential breaches before their exploitation. This paper surveys tools and techniques to uncover SCADA system vulnerabilities. A comprehensive review of the selected approaches is provided along with their applicability

Evolving a secure grid-enabled, distributed data warehouse : a standards-based perspective

As digital data-collection has increased in scale and number, it becomes an important type of resource serving a wide community of researchers. Cross-institutional data-sharing and collaboration introduce a suitable approach to facilitate those research institutions that are suffering the lack of data and related IT infrastructures. Grid computing has become a widely adopted approach to enable cross-institutional resource-sharing and collaboration. It integrates a distributed and heterogeneous collection of locally managed users and resources. This project proposes a distributed data warehouse system, which uses Grid technology to enable data-access and integration, and collaborative operations across multi-distributed institutions in the context of HV/AIDS research. This study is based on wider research into OGSA-based Grid services architecture, comprising a data-analysis system which utilizes a data warehouse, data marts, and near-line operational database that are hosted by distributed institutions. Within this framework, specific patterns for collaboration, interoperability, resource virtualization and security are included. The heterogeneous and dynamic nature of the Grid environment introduces a number of security challenges. This study also concerns a set of particular security aspects, including PKI-based authentication, single sign-on, dynamic delegation, and attribute-based authorization. These mechanisms, as supported by the Globus Toolkit’s Grid Security Infrastructure, are used to enable interoperability and establish trust relationship between various security mechanisms and policies within different institutions; manage credentials; and ensure secure interactions