Welcome to Scribd, the world's digital library. Read, publish, and share books and documents. See more
Download
Standard view
Full view
of .
Save to My Library
Look up keyword
Like this
1Activity
0 of .
Results for:
No results containing your search query
P. 1
Trigon-based Authentication Service Creation with Globus Middleware

Trigon-based Authentication Service Creation with Globus Middleware

Ratings: (0)|Views: 59 |Likes:
Published by ijcsis
Abstract— A Grid is built from multi-purpose protocols and interfaces that address fundamental issues as authentication, authorization, resource discovery, and resource access. Security is of utmost importance in grid computing applications as grid resources are heterogeneous, dynamic, and multi-domain. Authentication remains as the significant security challenge in grid environment. The proposed approach uses a dual authentication protocol in order to improve the authentication service in grid environment. The protocol utilizes the fundamental concepts of trigon and based on the parameters of the trigon the user authentication will be performed. In the proposed protocol, the password is interpreted and alienated into more than one unit and these units are stored in two different servers, namely, Authentication Server and Backend Server. Only when the combined authentication scheme from both the servers authenticates the user, the privilege of accessing the requested resources is obtained by the user. The main advantage of utilizing the dual authentication protocol in grid computing is that an adversary user cannot attain the access privilege by compromising a single consolidated server because of the fact that the split password is stored in different servers. Grid service is stateful and transient web service, which can be invoked by clients, and is considered to be the mainstream of future internet. The creation of Web Services standards is an industry-led initiative, with some of the emerging standards in various states of progress through the World Wide Web Consortium (W3C). To achieve reuse of behaviors of this authentication concept, operations are often grouped together to form a trigon based authentication service.

Keywords— Trigon based authentication, web services, globus.
Abstract— A Grid is built from multi-purpose protocols and interfaces that address fundamental issues as authentication, authorization, resource discovery, and resource access. Security is of utmost importance in grid computing applications as grid resources are heterogeneous, dynamic, and multi-domain. Authentication remains as the significant security challenge in grid environment. The proposed approach uses a dual authentication protocol in order to improve the authentication service in grid environment. The protocol utilizes the fundamental concepts of trigon and based on the parameters of the trigon the user authentication will be performed. In the proposed protocol, the password is interpreted and alienated into more than one unit and these units are stored in two different servers, namely, Authentication Server and Backend Server. Only when the combined authentication scheme from both the servers authenticates the user, the privilege of accessing the requested resources is obtained by the user. The main advantage of utilizing the dual authentication protocol in grid computing is that an adversary user cannot attain the access privilege by compromising a single consolidated server because of the fact that the split password is stored in different servers. Grid service is stateful and transient web service, which can be invoked by clients, and is considered to be the mainstream of future internet. The creation of Web Services standards is an industry-led initiative, with some of the emerging standards in various states of progress through the World Wide Web Consortium (W3C). To achieve reuse of behaviors of this authentication concept, operations are often grouped together to form a trigon based authentication service.

Keywords— Trigon based authentication, web services, globus.

More info:

Published by: ijcsis on Oct 10, 2010
Copyright:Attribution Non-commercial

Availability:

Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See more
See less

10/10/2010

pdf

text

original

 
(IJCSIS) International Journal of Computer Science and Information Security,Vol. 8, No. 6, September 2010
Trigon Based Authentication Service Creation withGlobus Middleware
Ruckmani V
1
Anitha Kumari K
2
Sudha Sadasivam G
3
Dhaarini M P
4
Senior Lecturer 
 
 , MCA, Lecturer, IT, , Professor ,CSE, Lecturer ,IT,
 
Ramakrishna Engineering College, PSG College of Technology, PSG College of Technology, PSG College of TechnologyCoimbatore, India Coimbatore,India Coimbatore,India Coimbatore,Indiaruckmaniv@yahoo.com kesh_chse@yahoo.co.in sudhasadhaasivam@yahoo.com dhaarinimp@gmail.com
 Abstract—
A Grid is built from multi-purpose protocols andinterfaces that address fundamental issues as authentication,authorization, resource discovery, and resource access.Security is of utmost importance in grid computingapplications as grid resources are heterogeneous, dynamic, andmulti-domain. Authentication remains as the significantsecurity challenge in grid environment. The proposedapproach uses a dual authentication protocol in order toimprove the authentication service in grid environment. Theprotocol utilizes the fundamental concepts of trigon and basedon the parameters of the trigon the user authentication will beperformed. In the proposed protocol, the password isinterpreted and alienated into more than one unit and theseunits are stored in two different servers, namely,Authentication Server and Backend Server. Only when thecombined authentication scheme from both the serversauthenticates the user, the privilege of accessing the requestedresources is obtained by the user. The main advantage of utilizing the dual authentication protocol in grid computing isthat an adversary user cannot attain the access privilege bycompromising a single consolidated server because of the factthat the split password is stored in different servers. Gridservice is stateful and transient web service, which can beinvoked by clients, and is considered to be the mainstream of future internet. The creation of Web Services standards is anindustry-led initiative, with some of the emerging standards invarious states of progress through the World Wide WebConsortium (W3C). To achieve reuse of behaviors of thisauthentication concept, operations are often grouped togetherto form a trigon based authentication service.
 Keywords— Trigonbasedauthentication, web services, globus.
I.
 
INTRODUCTIONGrid computing has emerged as a significant new field,distinguished from conventional distributed computing by itsconcentration on large-scale resource sharing, innovativeapplications, and, in some cases, high-performanceorientation . Grid computing is concentrating on large-scaleresource sharing and collaboration over enterprises andvirtual organizations boundaries. A VO is a dynamic groupof individuals, groups, or organizations that have commonrules for resource sharing [8]. Confidentiality of informationin a VO Should also be ensured [28]. The necessity forsecure communication between grid entities has motivatedthe development of the Grid Security Infrastructure (GSI).GSI provides integrity, protection, confidentiality andauthentication for sensitive information transferred over thenetwork in addition to the facilities to securely traverse thedistinct organizations that are part of collaboration.Authentication is done by exchanging proxy credentials andauthorization by mapping to a grid map file. Gridtechnologies have adopted the use of X.509 identitycertificates to support user authentication. SOAP protocol[12] is used by the emerging OGSA. This necessitates forsupport message layer security using XML digital signaturestandard and the XML encryption standard [11]. GlobusToolkit [24] provides security services for authentication,authorization, management of user credentials and userinformation. Laccetti and G. Schmid [14] have introduced aunified approach for access control of grid resources. PKI(Public Key Infrastructure) and PMI (Privilege ManagementInfrastructure) infrastructures were utilized at the grid layerafter authentication and authorization procedures.Czajkowski [5] have explained about agreement based gridmanagement. Nagaratnam [18] have introduced securityarchitecture for open grid services. H.-L. Truong[26] define aframework for monitoring and analyzing qos metrics of gridServices. The proposed work aims at authenticating the usersby using trigon concept and to host this operation as a webservice.
 A.
 
Globus Middleware
Globus [25] provides a software infrastructure thatenables applications to handle distributed heterogeneouscomputing resources as a single virtual machine. Globus isconstructed as a layered architecture in which high-levelglobal services are built upon essential low-level core localservices. Middleware is generally considered to be the layer
179http://sites.google.com/site/ijcsis/ISSN 1947-5500
 
(IJCSIS) International Journal of Computer Science and Information Security,Vol. 8, No. 6, September 2010
of software sandwiched between the operating system andapplications, providing a variety of services required by anapplication to function correctly. Recently, middleware hasre-emerged as a means of integrating software applicationsrunning in distributed heterogeneous environments. In aGrid, the middleware is used to hide the heterogeneousnature and provide users and applications with ahomogeneous and seamless environment by providing a setof standardized interfaces to a variety of services.
 B.
 
Web Services
The term Web Services describes an important emergingdistributed computing paradigm that differs from otherapproaches such as DCE, CORBA, and Java RMI in its focuson simple, Internet-based standards to address heterogeneousdistributed computing. Web services define a technique fordescribing software components to be accessed, methods foraccessing these components, and discovery methods thatenable the identification of relevant service providers. Once aweb service is created, it is advertised in a registry calledUDDI (Universal Description, Discovery and Integration)[27], where it can be searched. The UDDI will provide thelocation to the service provider’s WSDL (Web ServicesDescription Language) [29] file that describes the methodsthat can be invoked and the parameters required. Messagesare exchanged through the protocol SOAP (Simple ObjectAccess Protocol) [30].The established standards include:SOAP (XML Protocol). SOAP provides an envelopewhich encapsulates XML data for transfer through the Webinfrastructure (e.g. over HTTP, through caches and proxies),with a convention for Remote Procedure Calls (RPCs) and aserialization mechanism based on XML Schema data types.SOAP is being developed by W3C in cooperation with theInternet Engineering Task Force (IETF).Web Services Description Language (WSDL). Describesa service in XML, using an XML Schema; there is also amapping to the Resource Description Framework (RDF). Insome ways WSDL is similar to an interface definitionlanguage IDL. WSDL is available as a W3C note [WSDL].Universal Description Discovery and Integration (UDDI).This is a specification for distributed registries of webservices, similar to yellow and white pages services. UDDIsupports ‘publish, find and bind’: a service providerdescribes and publishes the service details to the directory;service requestors make requests to the registry to find theproviders of a service; the services ‘bind’ using the technicaldetails provided by UDDI. It also builds on XML and SOAP[UDDI].Web Services have certain advantages over othertechnologies:Web Services are platform-independent and language-independent, since they use standard XML languages. Thismeans that my client program can be programmed in C++and running under Windows, while the Web Service isprogrammed in Java and running under Linux.Service Processes: This part of the architecture generallyinvolves more than one Web service. For example, discoverybelongs in this part of the architecture, since it allows us tolocate one particular service from among a collection of Webservices.Service Description: One of the most interesting featuresof Web Services is that they are self-describing. This meansthat, once you've located a Web Service, you can ask it to'describe itself' and tell you what operations it supports andhow to invoke it. This is handled by the Web ServicesDescription Language (WSDL).Service Invocation: Invoking a Web Service (and, ingeneral, any kind of distributed service such as a CORBAobject or an Enterprise Java Bean) involves passingmessages between the client and the server. SOAP (SimpleObject Access Protocol) specifies how we should formatrequests to the server, and how the server should format itsresponses. In theory, we could use other service invocationlanguages (such as XML-RPC, or even some ad hoc XMLlanguage). However, SOAP is by far the most popular choicefor Web Services.Transport: Finally, all these messages must betransmitted somehow between the server and the client. Theprotocol of choice for this part of the architecture is HTTP(Hypertext Transfer Protocol), the same protocol used toaccess conventional web pages on the Internet. Again, intheory we could be able to use other protocols, but HTTP iscurrently the most used one.
C.
 
Web Service Definition Language(WSDL)
Web Services programmers usually only have toconcentrate on writing code in their favorite programminglanguage and, in some cases, in writing WSDL. SOAP code,on the other hand, is always generated and interpretedautomatically for us. Once we've reached a point where ourclient application needs to invoke a Web Service, wedelegate that task on a piece of software called a stub. Usingstubs simplifies our applications considerably. We don't haveto write a complex client program that dynamically generatesSOAP requests and interprets SOAP responses (and similarlyfor the server side of our application). We can simplyconcentrate on writing the client and/or server code, andleave all the dirty work to the stubs (which, again, we don'teven have to write ourselves... they can be generatedautomatically from the WSDL description of a webservice).The stubs are generally generated only once. Ingeneral, we only go through the discovery step once, thengenerate the stubs once (based on the WSDL of the servicewe've discovered) and then reuse the stubs as many times aswe want (unless the maintainers of the Web service decide to
180http://sites.google.com/site/ijcsis/ISSN 1947-5500
 
(IJCSIS) International Journal of Computer Science and Information Security,Vol. 8, No. 6, September 2010
change the service's interface and, thus, its WSDLdescription).II.
 
TRIGON
 
BASED
 
AUTHENTICATION
 
ARCHITECTUREWhen legitimate entities (users) login, the trigon basedauthentication server splits the password into its componentsand stores the authentication information in two servers –namely authentication and backend server. Users have toregister with the Authentication server, so that it can hold apart of the interpreted password with itself and another partin the Backend server. The block diagram illustrating theregistration process of the users is depicted in the Figure5.As illustrated in Figure5, the users who require servicesfrom the VO have to register initially with the Authenticationserver using their username and password. TheAuthentication server calculates the P
i
as given in (1). Alongwith this authentication server generates two large primenumbers, namely, a and a’, which are considered as the twosides of a trigon. It is difficult to hack the values of a and a'as they are large prime numbers (as per RSA FactoringChallenge). Here, P
i
is taken as the angle between the two thetwo sides of the trigon a and a’. Now, the Authenticationserver can easily determine the opposite side of the angle P
i
,termed as a’’.
With these trigon parameters, α, Vaa' and Paa' are
found asVaa’=a-a’ (1)Paa’ = a * a’ (2)
α = 2P aa’ −
a' ' 2 (3)
where, a, a’ and a' ‘are the three sides of trigon. α is a
strengthening parameter used as the index . Vaa' and Paa' arethe variance and the product of the sides a and a'respectively. With the parameters a , a' and a' ' as thesides of trigon and Pi be the angle between the sides aand a' the generated trigon will be assumed . After the
calculation of α , Vaa' and Paa' , the authentication server stores the α value and its corresponding username in a
database and forwards Vaa' and Paa' to the Backend serveralong with the username. Hence, the password is interpretedand alienated into two units and stored in two separateserver. The authentication procedure is based on thefundamental concepts of a trigon. Initially, the user whowants the services of VO has to login to the Authenticationserver using the username and password. Here, ui andpwi refers to username and password of i th user. TheAuthentication server calculates the Password index ( Pi )from the password asP AI(i) / 10 pow n-2 ; if P AI (i)
≥ 180
Pi =P AI(i)/ 10 pow n-3 ; else (4)In (4), PAI is the ASCII-interpreted value of the givenpassword pwi , n is the total number of digits in PAI and PAI( j) represents the first j digits of PAI . The PAI can becalculated by the following steps.Change the pwi into its corresponding ASCII value.Calculate the three-fourth of total digits of theASCII value modulo 180, which results the first three digitsof PAI .Append the remaining one-fourth of the ASCII digits toPAI .Then, from Pi the Authentication Server determinesthe Authentication index ( AI ) for ui asAI(i) = Pi/2 (5)Then, the Authentication Server searches for the
username index α i for the corresponding ui which has
already been stored in the server database duringthe process of the
registration. Subsequently, α i is
sent to the backend server along with ui . When theBackend server
receives the index α i and the
username from the Authentication server, itsearches for Vaa' and Paa' the Variance and the productof the sides a and a' respectively, which have beensaved in the backend server database during theprocess of registration. From these values,
Fig 1 Flow Diagram
181http://sites.google.com/site/ijcsis/ISSN 1947-5500

You're Reading a Free Preview

Download
/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->