Read without ads and support Scribd by becoming a Scribd Premium Reader.

Language:

Download

Go BackAdd Note

Link

Embed

Save for later

Analysis of impact of Symmetric EncryptionAlgorithms in Data Security Model of Grid Networks

N. Thenmozhi

Department of Computer ScienceN.K.R. Govt. Arts College for WomenNamakkal-637 001, India.Email : nthenmozhi@yahoo.co.in

M. Madheswaran

Department of Electronics and Communication Engg.,Muthayammal Engineering CollegeRasipuram-637 408, India.Email : madheswaran.dr@gmail.com

Abstract

─

The symmetric and asymmetric encryption algorithmsare commonly used in grid software to provide necessarysecurity. The use of symmetric encryption algorithm willsignificantly affect the network communication performance.In this paper, the impact of using different popular andcommonly used symmetric key cryptography algorithms forencrypting data in a typical grid commuting environment isanalyzed. It is obvious that the use of encryption and decryptionat application layer will certainly have an impact in theapplication layer performance in terms of speed. In this work,we have studied its impact at network layer performance in atypical grid computing environment in the algorithms such asDES, Triple DES, AES, Blow Fish, RC2 and RC6. Theperformances are measured through simulation studies on ns2by simulating these algorithms in GARUDA Grid NetworkTopology.

Keywords

─

Grid Security; Encryption; ECGIN; ERNET;GARUDA; PPlive; GridFTP;

INTRODUCTIONInternet and Grid computing applications are growingvery fast, so the needs to protect such applications haveincreased. Encryption algorithms play a main role ininformation security systems. On the other side, thosealgorithms consume a significant amount of computingresources such as CPU time, memory, and battery power.The Globus Toolkit is the very commonly used softwarefor Grid computing. It provides different kinds of security forgrid computing. The Grid Security Infrastructure (GSI) of Globus and a Public Key Infrastructure (PKI) provide thetechnical framework (including protocols, services, andstandards) to support grid computing with five securitycapabilities: user authentication, data confidentiality, dataintegrity, non-repudiation, and key management.

Security Issues

Authentication

s the process of verifying the validity of aclaimed individual and identifying who he or she is.Authentication is not limited to human beings; services,applications, and other entities may be required toauthenticate also. Basic authentication is the simplest web-based authentication scheme that works by sending theusername and password within the request. Generallyauthentication is achieved through the presentation of sometoken that cannot be stolen (forged). This can be either peer-to-peer relationship (password for client and server) orthrough a trusted third party (certification authority orKerberos server). Biometrics characteristics can also be usedto a service for authentication purpose, since a uniqueidentification of human being can give more security forexample a finger print scanner can be used to log into a localmachines.Trust can be defined as the assured reliance on thecharacter, ability, strength, or truth of someone or something. Access Control is the ability to limit and control theaccess to host systems and applications via communicationslinks.The process of authorization is often used as a synonymfor access control, but it also includes granting the access orrights to perform some actions based on access rights.Data integrity assures that the data is not altered ordestroyed in an unauthorized manner.Integrity checks areprovided primarily via hash functions (or “message digests”).Data confidentiality, Sensitive information must not berevealed to parties that it was not meant for. Dataconfidentiality is often also referred to as privacy.Thestandard approach to ensure confidentiality is throughencryption, which is the application of an algorithm thattransforms “plaintext” to “cipher text” whose meaning ishidden but can be restored to the original plaintext by anotherAlgorithm (the invocation of which is called decryption).Key management

deals with the secure generation,distribution, authentication, and storage of keys used incryptography.Nonrepudiation

refers to the inability of something that performed a particular action such as afinancial transaction to later deny that they were indeedresponsible for the event.Basically, security requires at least three fundamentalservices: authentication, authorization, and encryption. A gridresource must be authenticated before any checks can be doneas to whether or not any requested access or operation is

(IJCSIS) International Journal of Computer Science and Information Security,Vol. 8, No. 6, September 201099http://sites.google.com/site/ijcsis/ISSN 1947-5500

allowed within the grid. Once the grid resources have beenauthenticated within the grid, the grid user can be grantedcertain rights to access a grid resource. This, however, doesnot prevent data in transit between grid resources from beingcaptured, spoofed, or altered [18]. The security service toinsure that this does not happen is encryption. Obviously, useof data encryption certainly will have its impact onapplication layer performance. But, in this work we willexamine its impact on total network performance. In thispaper, we will study the impact of four symmetric encryptionalgorithms in a typical grid network.The use of cryptography will certainly have an impact onnetwork performance in one way or another. So we decided tomodel an application layer encryption -decryption scenario ina typical grid computing environment and study its impact onnetwork performance through network simulations.

Security Methods

Symmetric encryption

: Using the same secret key toprovide encryption and decryption of data.Symmetriccryptography is also known as secret-key cryptography.

Asymmetric encryption

: Using two different keys forencryption and decryption. The public key encryptiontechnique is the primary example of this using a "public key"and a "private key" pair. So it is referred aspublic-keycryptography.

Secure Socket Layer/Transport Layer Security(SSL/TLS):

These are essentially the same protocol, but arereferred to one another differently. TLS has been renamed bythe IETF, but they are based on the same RFC.

Public Key Infrastructure (PKI):

The differentcomponents, technologies, and protocols that make up a PKIenvironment.Grid security implementations arepredominantly built on public key infrastructure (PKI)(Housely et al., 2002; Tuecke et al., 2004). In a PKI eachentity (e.g. user, service) possesses a set of credentialscomprised of a cryptographic key and a certificate.

Mutual Authentication

: Instead of using an LightweightDistribution Access Protocol (LDAP) repository to hold thepublic key (PKI), two parties who want to communicate withone another use their public key stored in their digitalcertificate to authenticate with one another.

The symmetric key Encryption Algorithms

Data Encryption Standard(DES), was the first encryptionstandard to be recommended by NIST (National Institute of Standards and Technology). It is based on the IBM proposedalgorithm called Lucifer. DES became a standard in 1974.Since that time, many attacks and methods were recorded thatexploit the weaknesses of DES, which made it an insecureblock cipher[22].Advanced Encryption Standard(AES), is the newencryption standard recommended by NIST to replace DES.Rijndael (pronounced Rain Doll) algorithm was selected in1997 after a competition to select the best encryptionstandard. Brute force attack is the only effective attack knownagainst it, in which the attacker tries to test all the characterscombinations to unlock the encryption. Both AES and DESare block ciphers[20].Blowfish is a variable length key,the block size is 64 bits,and the key can be any length up to 448 bitsblock cipher.This algorithm can be optimized in hardware applicationsthough it's mostly used in software applications. Thoughit suffers from weak keys problem, no attack is knownto be successful against [8][23].RC2 is a block cipher with a 64-bits block cipherwith a variable key size that range from 8 to128 bits. RC2 isvulnerable to a related-key attack using 234 chosen plaintexts[20].Authentication and authorization has been a basic andnecessary Service for internet transactions. Several newstandards have merged which allow dynamic access controlbased on exchanging user attributes. Unfortunately, whileproviding highly secure and flexible access mechanisms are avery demanding task. Authentication and AuthorizationInfrastructures (AAIs) can provide such integrated federationsof security services. They could, in particular, provideattribute based access control (ABAC) mechanisms andmediate customers’ demand for privacy and vendors’ needsfor information [10].II.

LITERATURE

SURVEYThe Globus Security Infrastructure (GSI) is one of themost famous security architecture. GSI is based on PublicKey Infrastructure (PKI), which performs mutualauthentication via X.509 certificates. The author describespresent a password-based grid security infrastructure(PBGSI), which authenticates clients by authenticated keyexchange (AuthA) methods and uses improved Chaffing andWinnowing for secure data transfer. By using password-basedmethods in authentication, authorization and delegation,PBGSI provides convenient interface for the user. At thesame time, encryption-less secure data transfer improves theperformance; and mechanisms used in our scheme (time-stamp etc.) enhance the security of the whole grid [11].A grid environment is built to verify the feasibility and theefficiency of the extended OCSP protocol. The paper dealswith the running requirement and the data description of theclient and each extended OCSP responder in detail

Itdescribes the processing algorithm of each responder. In orderto improve the efficiency of the system, the path lengthconstraint and time constraint of request transmitting aredesigned specially. Theory and experiments all prove that theextended OCSP system improves the efficiency of certificateverification effectively [12].Recently, Authentication protocol has been recognized asan important factor for grid computing security. This paper[20] described a new simple and efficient Grid authenticationsystem providing user anonymity. It is based on hashfunction, and mobile users only do symmetric encryption and

(IJCSIS) International Journal of Computer Science and Information Security,Vol. 8, No. 6, September 2010100http://sites.google.com/site/ijcsis/ISSN 1947-5500

decryption and it takes only one round of messages exchangebetween the mobile user and the visited network, and oneround of message exchange between the visited network andthe corresponding home network.There are number of projects investigating attribute-basedauthentication such as the VO Privilege Project, GridShib,and PERMIS. However, there are quite a few decisiondimensions when it comes about designing this scheme ingrid computing [10].Authentication in the grid environment can be performedin two ways either in the application layer part or in thecommunication part. Cryptography plays a major role toimplement authentication. It is obvious that the use of encryption and decryption at application layer will certainlyhave an impact in the application layer performance in thegrid environment. In this paper, we have simulated theencryption algorithms in a typical grid network scenario usingthe results from the paper [1].

Europe-China Grid Internetworking (EC-GIN) Project

The Internet communication infrastructure (the TCP/IPprotocol stack) is designed for broad use; as such, it does nottake the specific characteristics of Grid applications intoaccount. This one-size-fits-all approach works for a numberof application domains, however, it is far from being optimalgeneral network mechanisms, while useful for the Grid, andcannot be as efficient as customized solutions. While the Gridis slowly emerging, its network infrastructure is still in itsinfancy. Thus, based on a number of properties that makeGrids unique from the network perspective, the project EC-GIN (Europe-China Grid Internetworking) will developtailored network technology in dedicated support of Gridapplications. These technical solutions will be supplementedwith a secure and incentive-based Grid Services networktraffic management system, which will balance the conflictingperformance demand and the economic use of resources inthe network and within the Grid [30].By collaboration between European and Chinese partners,EC-GIN parallels previous efforts for real-time multimediatransmission across the Internet: much like the Grid, theseapplications have special network requirements and show aspecial behavior from the network perspective.

The ERNET Project

ERNET[26] (Education and Research Network) was thefirst dedicated and integrated step taken towards to enable theresearch and education community in India to leverage thebenefits of ICTs. ERNET India aims at developing, setting upand operating nationwide state-of-the-art computercommunication infrastructure and providing services to theusers in academic and research institutions, Governmentorganizations, and industry, in line with technologydevelopments and national priorities. Dissemi- nation,training and knowledge transfer in the field of computercommunication and information technology are an integratingpart of ERNET mission.ERNET also acts as a bridge for co-operation with othercountries in the area of computer com- munications,information technology, computer networking and otherrelated emerging technologies.The ERNET network has 15 Points of Presence spreadthroughout India serving 1389 institutions, including 152universities, 284 agricultural universities and many otherresearch organizations. It has 14 points of peering for Internetbandwidth connectivity using submarine cables.The network comprises a mix of terrestrial and satellite-based wide area networks. It provides a wide range of operation and application services. As of today, universities,academic institutions, R&D labs and schools, etc. use ERNETfor a variety of applications and services including email, filetransfer, database access, world wide web , web hosting, mailrelaying, security solutions, distant learning and grids.ERNET is the first network in the country to provide dualstack access of Internet protocol version 6 (IPv6) and Internetprotocol version 4 (IPv4) test beds to its users to develop, testand implement IPv6 based mail, Domain name Services, Webapplications and products.ERNET has deployed many overlay networks over itsterrestrial and satellite network under different schemes.Some examples are GARUDA (see below), UGC-Infonet,interconnecting Indian universities, ICAR-Net,interconnecting Agricultural Research centers, Universitiesand Stations, and several pilot projects aiming atinterconnecting schools. Separate networks wereimplemented to allow DAE institutes to connect to theGÉANT network and to participate in LHC activities.

Figure 1. The ERNET Topology [18]

C. Overview of GARUDA Project

GARUDA[27] initiative is a collaboration of scienceresearchers and experimenters on a nationwide grid of computational nodes, mass storage and scientific instrumentsthat aims to provide the technological advances required to

(IJCSIS) International Journal of Computer Science and Information Security,Vol. 8, No. 6, September 2010101http://sites.google.com/site/ijcsis/ISSN 1947-5500

Searching...

Result 00 of 00

00 results for result for

Analysis of impact of Symmetric Encryption Algorithms in Data Security Model of Grid Networks

Abstract─The symmetric and asymmetric encryption algorithms are commonly used in grid software to provide necessary security. The use of symmetric encryption algorithm will significantly affect the network communication performance. In this paper, the impact of using… (More)

Download or Print

Add To Collection

982

Reads

Readcasts

Embed Views