Welcome to Scribd, the world's digital library. Read, publish, and share books and documents. See more
Download
Standard view
Full view
of .
Save to My Library
Look up keyword
Like this
2Activity
0 of .
Results for:
No results containing your search query
P. 1
Secure Framework for Mobile Devices to Access Grid Infrastructure

Secure Framework for Mobile Devices to Access Grid Infrastructure

Ratings: (0)|Views: 26 |Likes:
Published by ijcsis
Mobile devices are gradually becoming prevalent in our daily life, enabling users in the physical world to interact with the digital world conveniently. Mobile devices increasingly offer functionality beyond the one provided by traditional resources processor, memory and applications. This includes, for example, integrated multimedia equipment, intelligent positioning systems, and different kinds of integrated or accessible sensors. For future generation grids to be truly ubiquitous we must find ways to compensate for the security limitations inherent in these devices as they interact with grid infrastructure in order to leverage available resources to authorized users. This paper looks into design architecture for mobile computing environment. Focus is given to security framework that will enhance the performance of grid computing in terms of secure design, architecture and accessibility.
Mobile devices are gradually becoming prevalent in our daily life, enabling users in the physical world to interact with the digital world conveniently. Mobile devices increasingly offer functionality beyond the one provided by traditional resources processor, memory and applications. This includes, for example, integrated multimedia equipment, intelligent positioning systems, and different kinds of integrated or accessible sensors. For future generation grids to be truly ubiquitous we must find ways to compensate for the security limitations inherent in these devices as they interact with grid infrastructure in order to leverage available resources to authorized users. This paper looks into design architecture for mobile computing environment. Focus is given to security framework that will enhance the performance of grid computing in terms of secure design, architecture and accessibility.

More info:

Published by: ijcsis on Jun 30, 2010
Copyright:Attribution Non-commercial

Availability:

Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See more
See less

10/29/2010

pdf

text

original

 
 
1
Secure Framework for Mobile Devices to Access GridInfrastructure
Kashif Munir
 
Computer Science and Engineering Technology Unit King Fahd University of Petroleum and Minerals HBCC Campus, King Faisal Street, Hafr Al Batin 31991e-mails: kashif_76@hbcc.edu.sa 
Lawan Ahmad Mohammad
Computer Science and Engineering Technology Unit King Fahd University of Petroleum and Minerals HBCC Campus, King Faisal Street, Hafr Al Batin 31991e-mails:gumel@hbcc.edu.sa 
 Abstract---
Mobile devices are gradually becoming prevalent in ourdaily life, enabling users in the physical world to interact with thedigital world conveniently. Mobile devices increasingly offerfunctionality beyond the one provided by traditional resourcesprocessor, memory and applications. This includes, for example,integrated multimedia equipment, intelligent positioning systems,and different kinds of integrated or accessible sensors. For futuregeneration grids to be truly ubiquitous we must find ways tocompensate for the security limitations inherent in these devices asthey interact with grid infrastructure in order to leverage availableresources to authorized users. This paper looks into designarchitecture for mobile computing environment. Focus is given tosecurity framework that will enhance the performance of gridcomputing in terms of secure design, architecture and accessibility.
 Keywords: Autonomic computing, middleware technologies, Grid  computing, mobile computing
I.
 
INTRODUCTIONGrid computing has made rapid strides during the last fewyears from their first use in the scientific computing domain toenterprise grids deploying commercial applications. Gridcomputing permits participating entities connected via networksto dynamically share their resources. Its increasing usage andpopularity in the scientific community and the prospect of seamless integration and interaction with heterogeneous devicesand services makes it possible to develop further complex anddynamic applications for the grid. Grid is already beingsuccessfully used in many scientific applications where hugeamounts of data have to be processed and/or stored. Suchdemanding applications have created, justified and diffused theconcept of grid among the scientific community. As the amountof potential grid users is really enormous, the accumulated dataprocessing and storage requirements are at least comparable.Wireless devices laptops and Personal Digital Assistants (PDAs),with currently limited resources (low processing power, finitebattery life and constrained storage space), and would benefitfrom the opportunity of using a considerable amount of resources made available by all the other devices connected tothe network [1]. In particular, mobile users might be the futureusers of this new technology. Moreover, we have nomadic userswho travel and work only seldom at their offices.Mobile grid enables both the mobility of the usersrequesting access to a fixed grid and the resources that arethemselves part of the grid. Both cases have their ownlimitations and constraints that should be handled [2]. In the firstcase the devices of the mobile users act as interfaces to the gridenabling job submission, monitoring and management of the
activities in an „anytime, anywhere‟ mode, while the grid
provides them with a high reliability, performance and cost-efficiency. Physical limitations of the mobile devices makenecessary the adaptation of the services that grid can provide to
the users‟ mobile devices. In those cases mobile grid has themeaning of „gridifying‟ the mobile resources. In the second case
of having mobile grid resources, we should underline that theperformances of current mobile devices are significantlyincreased. Laptops and PDAs can provide aggregatedcomputational capability when gathered in hotspots, forming aGrid on site. This capability can advantage the usage of gridapplications even in places where this would be imaginary.Grids and mobile grids can be the ideal solution for many largescale applications that are of dynamic nature and requiretransparency for users. Grid will increase the job throughput andperformance of the involved applications and will increaseutilization rate of resources by applying efficient mechanismsfor resource management in the vast amount of its resources. Itwill enable advanced forms of cooperative work by allowing theseamless integration of resources, data, services and ontologies.However, the efficient management of such a large computingplatform is a considerably complicated issue and it is aconstantly increasing complexity because of increasing numbersof heterogeneous devices and components being added to it [3].Arguably, the current level of the system complexity hasreached such a level of complexity that it threatens the securityof the grid. A promising approach to handle this or reduce suchreduces is the employing of suitable security policy andauthentication scheme. Also, as the environment of a mobiledevice changes, the application behavior needs to be adjusted to
(IJCSIS) International Journal of Computer Science and Information Security,Vol. 8, No. 1, April 2010238http://sites.google.com/site/ijcsis/ISSN 1947-5500
 
 
2adapt itself to the changing environment. Hence, the mobileclients usually need to have the ability to interact with variousnetworks, services, and security policies as they move from oneplace to another.In this paper, we discuss the issues involved in mobileaccess to grid services and then present grid computingenvironment architecture based on middleware which providessupport and management infrastructure for delegation of jobs tothe grid, a light-weight security model, offline processing,adaptation to network connectivity issues etc. The proposedsystem enables heterogeneous mobile devices to access gridservices in a secure manner and also suggests security policyapplications and security management infrastructure foraccessing grid resources.II.
 
ARCHITECTUREThe grid middleware is integrated with functions thatfacilitate the management of data mining and data transfer [4].We use a mobile agent environment that manages the user(mobility, profile, etc.) and the issues related with theheterogeneity of the devices. First of all, let us analyze theinterfacing between the user (wireless) and the wired zone. Afixed agent (Personal Agent) will be present in every mobiledevice (PDA, Laptop). The Personal Agent will have the task of managing the wireless device, by monitoring resources (battery,memory, CPU, display, etc.) and position (through GPS, forinstance) within the wireless area. When a user enters thewireless area, an agent (User Agent) is created in thecorresponding Access Point. This agent will represent the userwhile he/she remains connected to the network. The User Agentwill be able to communicate with the Personal Agent present inthe device, in order to obtain all the information needed. Anytime the user moves (by changing his/her Access Point) the useragent will follow him/her, by migrating to the new Access Point.The User Agent will therefore act as an intermediary betweenthe mobile device and the grid resources present in the wiredarea. As we can see in Figure 1 each node of the Grid network will consist of a three-level architecture. The lowest one is thelevel that provides the grid basic services (resource management,security, distributed access). If the Globus middleware is used,the main services will be: the Globus Resource ManagementArchitecture (GRAM), the Grid Security Infrastructure (GSI),the Grid Information Service (GIS), and the Globus Access toSecondary Storage (GASS).
 A.
 
 Discovery
Discovery is the process of finding Web services with agiven capability. In general, discovery requires that Webservices advertise their capabilities with a registry, and thatrequesting services query the registry for Web services withparticular capabilities. The role of the registry is both to storethe advertisements of capabilities, and to perform a matchbetween the request and the advertisements. In this section, wewill describe how Ontology Web Language for Services (OWL-S) can be used to add capability matching to UniversalDescription, Discovery and Integration (UDDI), the de-factostandard discovery registry for Web Services. The autonomicmiddleware which enables mobile devices to access gridservices is managed by employing a Universal Description,Discovery and Integration, or UDDI [5] registry whose goal isto create an Internet wide network of registries of Web services.The composition of the current web services may not providesufficient facilities to represent an autonomic behavior or tointegrate them seamlessly with other autonomic components.but with the advent of semantic web service technologies likeOntology Web Language for Services, or OWL-S [6], itbecomes possible to provide a fundamental framework forrepresenting and relating devices and services with their policiesand describing about their functionalities and capabilities.As the middleware service is in place and information isexposed, other devices would be able to discover and providesupport to use the API in the UDDI specification (UDDI version3.0.2) [5] which is defined in XML, enclosed in a SOAPenvelope and sent over HTTP. SOAP is fundamentally astateless, one-way message exchange paradigm, but applicationscan create more complex interaction patterns (e.g.,request/response, request/multiple responses, etc.) by combiningsuch one-way exchanges with features provided by anunderlying protocol and/or application-specific information.SOAP is silent on the semantics of any application-specific datait conveys, as it is on issues such as the routing of SOAPmessages, reliable data transfer, etc. However, SOAP providesthe framework by which application-specific information maybe conveyed in an extensible manner. Also, SOAP provides afull description of the required actions taken by a SOAP node onreceiving a SOAP message (SOAP Version 1.2 Part 0) [7].
(IJCSIS) International Journal of Computer Science and Information Security,Vol. 8, No. 1, April 2010239http://sites.google.com/site/ijcsis/ISSN 1947-5500
 
 
3
Figure 1.
Self Organized middleware Architecture for enabling mobile devices to accessGrid services
III.
 
Proposed Grid Security Infrastructure
In this section, we provide an overview of the securityoperation for secure access to resources. A user sends a messageto the center for authorization to access a resource. The messagemay consist of header and content payload. In addition tomessage being encrypted, it should also be signed forconfidentially and integrity. Associated with very secureresources is a secret key generated and maintain by aCertification Authority (CA). The secret key associated with aresource is distributed securely to all interesting entities in thesystem. A user in need of the resource should encrypt thecontent payload of the message with this key. To ensureintegrity of the payload, a user signs the encrypted payload; thisinvolves computing the message digest of the encrypted payloadand encrypting this hashed value with an asymmetric key.When the CA received the message, it can validate it based onthe signature to verify the source and to confirm messageintegrity and then proceed to decrypt the encrypted payloadusing the previously distributed secret key. A messagecomprises a set of message headers (M
H
) and the messagepayload (M
P
): M=M
H
+M
P
. We secure both the headers and thebody of the message. We do not need confidentiality for theheaders, but we do need tamper evidence. In the case of themessage payload, we need both confidentiality and tamper-evidence. Finally, the message header associated with messageis M
H
= S
U
(M
P
).The CA is a specialized node within the system which isresponsible for managing information pertaining to secureresources. There can be more than one CA within the system,and a given CA may manage more than one resources.However, a given secure resource can be managed by only oneCA. A given CA performs four core functions. First, the CA isresponsible for the generation of the secret symmetric key that isused for encrypting and decrypting content payloads. Second,the CA maintains the list of authorized entities to access givenrecourses. In addition to this, the CA maintains authorizationinformation related to each of these entities. Allcommunications between the entities and the CA need to besecure. To ensure this, all exchanges between the entities andCA are encrypted using the following rule. First, a secretsymmetric key is generated at the sender, and then used toencrypt the content payload. Second, depending on the directionof the communication this secret key is then secured using the
CA‟s or the entity‟s public personal
-key. Only the entity or theCA that is in possession of the corresponding private personal-key is able to decrypt the secret key that was used for encryptingthe content payload. This method leverages both symmetric andasymmetric key encryptions. Specifically, asymmetricencryptions have higher overheads for large payloads. Byrestricting the use of asymmetric encryptions (and subsequentdecryptions) to operate on only the secret key, which wouldtypically be a 256-bit AES key [8], we have worked around thehigh overhead constraint for asymmetricencryptions/decryptions.The following notations were used in our proposed system:
 Notation: Meaning:
 K Secret key shared between U and CAU User
(IJCSIS) International Journal of Computer Science and Information Security,Vol. 8, No. 1, April 2010240http://sites.google.com/site/ijcsis/ISSN 1947-5500

You're Reading a Free Preview

Download
/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->