allowed within the grid. Once the grid resources have beenauthenticated within the grid, the grid user can be grantedcertain rights to access a grid resource. This, however, doesnot prevent data in transit between grid resources from beingcaptured, spoofed, or altered . The security service toinsure that this does not happen is encryption. Obviously, useof data encryption certainly will have its impact onapplication layer performance. But, in this work we willexamine its impact on total network performance. In thispaper, we will study the impact of four symmetric encryptionalgorithms in a typical grid network.The use of cryptography will certainly have an impact onnetwork performance in one way or another. So we decided tomodel an application layer encryption -decryption scenario ina typical grid computing environment and study its impact onnetwork performance through network simulations.
: Using the same secret key toprovide encryption and decryption of data.Symmetriccryptography is also known as secret-key cryptography.
: Using two different keys forencryption and decryption. The public key encryptiontechnique is the primary example of this using a "public key"and a "private key" pair. So it is referred aspublic-keycryptography.
Secure Socket Layer/Transport Layer Security(SSL/TLS):
These are essentially the same protocol, but arereferred to one another differently. TLS has been renamed bythe IETF, but they are based on the same RFC.
Public Key Infrastructure (PKI):
The differentcomponents, technologies, and protocols that make up a PKIenvironment.Grid security implementations arepredominantly built on public key infrastructure (PKI)(Housely et al., 2002; Tuecke et al., 2004). In a PKI eachentity (e.g. user, service) possesses a set of credentialscomprised of a cryptographic key and a certificate.
: Instead of using an LightweightDistribution Access Protocol (LDAP) repository to hold thepublic key (PKI), two parties who want to communicate withone another use their public key stored in their digitalcertificate to authenticate with one another.
The symmetric key Encryption Algorithms
Data Encryption Standard(DES), was the first encryptionstandard to be recommended by NIST (National Institute of Standards and Technology). It is based on the IBM proposedalgorithm called Lucifer. DES became a standard in 1974.Since that time, many attacks and methods were recorded thatexploit the weaknesses of DES, which made it an insecureblock cipher.Advanced Encryption Standard(AES), is the newencryption standard recommended by NIST to replace DES.Rijndael (pronounced Rain Doll) algorithm was selected in1997 after a competition to select the best encryptionstandard. Brute force attack is the only effective attack knownagainst it, in which the attacker tries to test all the characterscombinations to unlock the encryption. Both AES and DESare block ciphers.Blowfish is a variable length key,the block size is 64 bits,and the key can be any length up to 448 bitsblock cipher.This algorithm can be optimized in hardware applicationsthough it's mostly used in software applications. Thoughit suffers from weak keys problem, no attack is knownto be successful against .RC2 is a block cipher with a 64-bits block cipherwith a variable key size that range from 8 to128 bits. RC2 isvulnerable to a related-key attack using 234 chosen plaintexts.Authentication and authorization has been a basic andnecessary Service for internet transactions. Several newstandards have merged which allow dynamic access controlbased on exchanging user attributes. Unfortunately, whileproviding highly secure and flexible access mechanisms are avery demanding task. Authentication and AuthorizationInfrastructures (AAIs) can provide such integrated federationsof security services. They could, in particular, provideattribute based access control (ABAC) mechanisms andmediate customers’ demand for privacy and vendors’ needsfor information .II.
SURVEYThe Globus Security Infrastructure (GSI) is one of themost famous security architecture. GSI is based on PublicKey Infrastructure (PKI), which performs mutualauthentication via X.509 certificates. The author describespresent a password-based grid security infrastructure(PBGSI), which authenticates clients by authenticated keyexchange (AuthA) methods and uses improved Chaffing andWinnowing for secure data transfer. By using password-basedmethods in authentication, authorization and delegation,PBGSI provides convenient interface for the user. At thesame time, encryption-less secure data transfer improves theperformance; and mechanisms used in our scheme (time-stamp etc.) enhance the security of the whole grid .A grid environment is built to verify the feasibility and theefficiency of the extended OCSP protocol. The paper dealswith the running requirement and the data description of theclient and each extended OCSP responder in detail
Itdescribes the processing algorithm of each responder. In orderto improve the efficiency of the system, the path lengthconstraint and time constraint of request transmitting aredesigned specially. Theory and experiments all prove that theextended OCSP system improves the efficiency of certificateverification effectively .Recently, Authentication protocol has been recognized asan important factor for grid computing security. This paper described a new simple and efficient Grid authenticationsystem providing user anonymity. It is based on hashfunction, and mobile users only do symmetric encryption and
(IJCSIS) International Journal of Computer Science and Information Security,Vol. 8, No. 6, September 2010100http://sites.google.com/site/ijcsis/ISSN 1947-5500