Professional Documents
Culture Documents
Schroeder 1999
Schroeder 1999
SUMMARY
As part of the Distributed Object Computation Testbed project (DOCT) and the Data Intensive
Computing initiative of the National Partnership for Advanced Computational Infrastructure
(NPACI), the San Diego Supercomputer Center has designed and implemented a multi-
platform encryption and authentication system referred to as the SDSC Encryption and
Authentication, or SEA, system. The SEA system is based on RSA and RC5 encryption
capabilities and is designed for use in an HPC/WAN environment containing diverse hardware
architectures and operating systems (including Cray T90, Cray T3E, Cray J90, SunOS, Solaris,
AIX, SGI, HP, NextStep, and Linux). The system includes the SEA library, which provides
reliable, efficient, and flexible authentication and encryption capabilities between two processes
communicating via TCP/IP sockets, and SEA utilities/daemons, which provide a simple key
management system. It is currently in use by the SDSC Storage Resource Broker (SRB), as well
as by user interface utilities to SDSC’s installation of the High Performance Storage System
(HPSS). This paper presents the design and capabilities of the SEA system and discusses future
plans for enhancing this system.
INTRODUCTION
As often occurs in various fields of computational technology, the current authentication
and privacy infrastructure consists of multiple competing and evolving systems,
developed under various corporate alliances and rivalries and characterized not only by
standardization and interoperation, but also by competition, differentiation, and rapidly
developing new requirements and new solutions. Kerberos, DCE, SSH, PGP, SSL,
underlying encryption technologies such as RSA and RC5, and other systems compete
with, and sometimes complement, each other. Each system has its own features, strengths,
and weaknesses, and thus varying applicability to different authentication and encryption
tasks[1–10].
Within NPACI[11] we are interested in supporting heterogeneous distributed systems.
Thus, we need solutions that cover a wide range of platforms, including the SGI/Cray
PVP (C90/T90), Cray SMP (T3E), workstations and clusters of workstations by DEC,
HP, IBM, SGI, Sun, and Windows NT PCs. We need solutions that integrate well into an
HPC environment, which includes long-running jobs, checkpoint/restart capabilities, batch
queuing systems, and the unique Cray PVP architecture. (SDSC is now the leading-edge
site of the National Partnership for Advanced Computational Infrastructure (NPACI). As
part of this new NSF program, SDSC and its partners are developing software infrastructure
∗ Correspondence to: Wayne Schroeder, San Diego Supercomputer Center, University of California at San Diego,
PO Box 85608, San Diego, CA 92186-9784, USA.
to link the highest performance computers, data servers, and archival storage systems
to enable easier and even more effective use of the aggregate computing power and
information.)
The SDSC Encryption/Authentication (SEA) System was developed as part of the
Distributed Object Computation Testbed (DOCT) research project[12,13] to address the
requirement of providing authentication and encryption capability between two processes
communicating via TCP/IP sockets in a distributed environment. The intention was to
investigate and develop an authentication/encryption system to suit the needs of DOCT,
as well as to serve the immediate needs of other SDSC/NPACI research projects. The
SEA system is being utilized as an optional component of the SDSC Storage Resource
Broker (SRB)[14,15] and of the High Performance Storage System (HPSS)[16] Interface
utility (HSI)[17]. The SRB is client-server-based middle-ware implemented at SDSC to
provide uniform access interface to heterogeneous, distributed storage resources/devices.
SRB, in conjunction with the SDSC Metadata Catalog database[14,15], provides a means
for accessing data sets and resources through querying their attributes instead of knowing
their physical names and/or locations. As part of the SRB client and server, SEA can be
used for secure authentication and/or encryption. The HSI utility is being developed by
SDSC to provide an advanced user interface to the HPSS archival storage system and to do
so, optionally, in a non-DCE environment. Integrated as part of the HSI client and server,
SEA provides secure, remote, password-less access into HPSS.
REQUIREMENTS
As explained in the DOCT Authentication Mechanisms white paper[18], one of the
authentication capabilities we were interested in investigating for DOCT was self-
introduction. The DOCT project developed prototype electronic filing for possible use
in the US Patent and Trademark office. In this environment, it is feasible for the
system to allow the patent applicant to initially introduce himself/herself to the system.
There would be no benefit for anyone to misidentify themselves at this stage, since
legal rights would be subsequently conferred to that identity. While the final DOCT
prototype employed certificate authorities in the patent submission process, the self-
introduction capabilities of SEA, extended with password or ‘trusted agent’ functions,
have been useful in other applications. In addition to self-introduction, we were particularly
interested in an authentication and encryption system that would operate in a distributed,
batched computing environment (e.g. non-expiring tickets), operate on a wide variety
of architectures (including Cray PVP), be easily integrated with the SRB and other
applications, and be easily installed on independent hosts. Of the existing authentication
systems, Kerberos was the best alternative to developing our own system. We had already
ported Kerberos to the Cray architecture[9] and it provides much of the authentication and
encryption functionality required for the DOCT project. However, Kerberos had no self-
introduction feature, had limited batch support (it would have required user involvement in
the regeneration of tickets over time), and it was not easily installed on independent hosts.
Inter-realm authentication also typically requires trust between N administrators in an N 2
pattern.
Using existing standards like RSA and RC5 as the lower-level building blocks, we were
able to build an effective solution with the features required. Alternative mechanisms are
discussed more thoroughly in the ‘Comparison with Other Security Systems’ section of
Copyright 1999 John Wiley & Sons, Ltd. Concurrency: Pract. Exper., 11, 913–931 (1999)
SEA SYSTEM 915
this paper. See the SEA software design document[19] and the authentication mechanisms
paper[18] for additional information.
FEATURES
The features of the SEA system include the following:
COMPONENTS
The SEA System is built upon RSAREF 2.0 and RC5. RSA is used to exchange a random
session key, which is then used with a more efficient symmetric key algorithm, in this case
RC5. Other building blocks include an SDSC-developed random number generator and
middle-level routines. The entire SEA package, excluding RSAREF, is about 7000 lines of
‘C’ code. RSAREF 2.0 is about 4750 lines of ‘C’ code.
RC5
Sample source code from[1] was used as the basis for our RC5 implementation. To this
we added two important features: porting the software to the C90/T90 and cipher block
chaining. Porting the RC5 code to the Cray C90 required a number of changes to deal with
longer word size. Since 32-bit integers are not available on the C90, 32-bit masks were
needed in many operations to return the 64-bit computed quantities to 32-bit as needed in
the algorithm. The lack of a 32-bit addressable unit is a significant and common problem
when porting systems-related software to the Cray PVP architecture. Since the hardware
Copyright 1999 John Wiley & Sons, Ltd. Concurrency: Pract. Exper., 11, 913–931 (1999)
916 W. SCHROEDER
cannot directly address units smaller than a word (8 bytes), the compiler allocates 8 bytes
for all integers. The sizes of shorts, ints, and longs are the same. Most modern packages are
designed for various word sizes but usually assume that there is some definition (usually
an int or long) that can allocate 32-bit integers. The algorithms are then designed to work
with 32-bit units.
As acquired, the RC5 algorithm would encrypt any 8-byte block of plain-text to the same
cipher-text, regardless of its location in the input stream, presenting a weakness that could
be exploited. To harden the implementation, a cipher block chaining (CBC) algorithm was
implemented. In CBC, the cipher stream is mixed (typically XORed) with the plain-text as
it is encrypted, ensuring variation in the cipher-text even with recurring plain-text patterns.
RSAREF 2.0
RSAREF 2.0 was downloaded from RSA Data Security Inc. This was ported to the C90,
which involved numerous changes in various modules to deal with the 64-bit word size.
This is the only known port of RSAREF 2.0 to the C90 and is also being used in SDSC’s
Legion[20] C90/T90 porting effort. It was found that the MD5 implementation within
RSAREF 2.0 conflicted with that available in libnsl on Solaris systems, so names of
the key MD5 routines were changed to keep them separate.
Middle layer
Various middle-level routines were developed as the interface between the API routines
and the lower-level encryption routines. These included key management routines to
read and write encrypted and semi-encrypted public and private RSA keys. Like the
encryption routines, these were developed such that they would function identically on
all architectures, so that encrypted keys could be accessed from each architecture.
Utilities/daemons
Four programs were developed, layered on the SEA library, to handle the management
of the RSA keys: (i) a key generation and registration utility, seaauth, (ii) a key
management daemon for accepting and storing registered public keys, (iii) a ‘trusted
agent’, and (iv) a separate key generation utility. These are described in further detail in
later sections. The encryption and authentication functions are provided by separate APIs.
An application can utilize either one or both together. A stronger exchange of the session
Copyright 1999 John Wiley & Sons, Ltd. Concurrency: Pract. Exper., 11, 913–931 (1999)
SEA SYSTEM 917
SEA ENCRYPTION
After the application client and server establish communication via a TCP/IP socket, the
following routes can then be called by the server and client, respectively, to establish
encryption:
• seaBeginEncryptionServer(fd,authUser)
• seaBeginEncryptionClient(fd)
The fd is a socket connecting the client and server. The routines perform a handshake, using
RSA to exchange a random key for use with this session. Upon success, each returns zero.
If an error occurs, a message is printed to standard out, and a negative value is returned. The
authUser argument is optional. If non-null, and not a pointer to a null string, it should be the
userid that has been authenticated earlier in this session. libsea uses this to accomplish a
stronger session key exchange (countering ‘man-in-the-middle’ attacks). Once encryption
is established, the following two routines are called, instead of write and read, to send
and receive encrypted data on the socket:
• seaWrite(fd,buf,len)
• seaRead(fd,buf,len)
All arguments and return values are equivalent to read and write. This includes
the return value, which is the positive length for a successful read or write, zero
when disconnected, and negative upon error. To reduce memory requirements and
improve performance seaWrite encrypts the buffer in place. Applications that need
subsequent access to data written via seaWrite must copy the data. The application
can establish encryption at any point in the session. The only requirement is that
the client and server call the seaBeginEncryptionClient/Server routines at
the same point in the communications exchange. As mentioned above, the application
calls seaRead and seaWrite to exchange encrypted information. If data do not
need to be encrypted, the application can use read and write, instead of seaRead
and seaWrite, even after encryption is established on the socket. Multiple sockets
can be encrypted via multiple calls to the seaBeginEncryptionServer/Client
routines. RC5 encryption requires buffers to be integer multiples of 8 bytes in length.
If the user passes a buffer to seaWrite that is not a multiple of 8 bytes, the SEA
routines pad the buffer with random data, saving and restoring the contents of the
0 to 7 bytes of storage following the data. This means, however, that a call such
as seaWrite(fd,"Message",7) will fail, since the storage area for constants
is not writable. Instead, application programs must copy data to a buffer instead:
char buf[20]; strcpy(buf,"Message"); seaWrite(fd,buf,7). Also,
the buffer passed to seaRead and seaWrite must be aligned on a 4-byte boundary so that
the encryption routines can perform the integer arithmetic on 4-byte items. For some
compilers, this means that character arrays need to be defined as multiples of 4 bytes
in length (i.e. char buf[10000]; , not char[10002]). Note that seaWrite and seaRead
will transfer data without encryption, if the seaBeginEncryptionClient/Server
routines have not been called. We are considering adding a seaEndEncryption routine
as well.
Copyright 1999 John Wiley & Sons, Ltd. Concurrency: Pract. Exper., 11, 913–931 (1999)
918 W. SCHROEDER
Copyright 1999 John Wiley & Sons, Ltd. Concurrency: Pract. Exper., 11, 913–931 (1999)
SEA SYSTEM 919
Encryption performance
Any secure encryption algorithm can potentially reduce overall communications
performance considerably. Instead of primarily moving buffers (or, usually, pointers) and
orchestrating I/O, substantial logical and arithmetic operations must be performed on each
data item. The RC5 implementation in SEA, however, is quite efficient and is comparable to
SSH’s encryption mechanisms (using rough timing estimates, using the default settings of
512-bit RSA keys, 14 RC5 rounds, and SSH’s IDEA algorithm). In cases where the security
constraints are less severe, the SEA system can be configured with milder encryption. If
the SEA library is configured to use seven RC5 rounds, SEA encryption is almost twice as
fast. In addition to this, RC5 rounds can be adjusted by users with an environment variable.
On the client side, if environment variable SEA LEVEL is ‘Low’ or ‘low’ (starts with ‘l’
or ‘L’), rounds is set to 7; Medium or medium (starts with ‘m’ or ‘M’), rounds is set to
14; High or high (‘h’ or ‘H’), rounds is set to 22. If it is set to a numeric value between
1 and 200, rounds is set to that value. This rounds value is sent to the server side when
encryption is established. SEA’s encryption performance on an UltraSparc1 using 14 RC5
rounds is comparable to the SSH’s copy function, scp. SSH has very efficient encryption
implementations. (In an SDSC study done a few years ago, SSH outperformed Kerberos
for comparable types of encryption.) By setting SEA LEVEL to Low, the performance is
almost two times faster while still providing good security against casual eavesdroppers:
SSH scp using IDEA encryption (default at SDSC): ∼0.61 MB/s
SSH scp using 3DES encryption ∼0.45 MB/s
Test programs using SEA RC5 using 7 rounds ∼1.14 MB/s
Test programs using SEA RC5 using 14 rounds ∼0.64 MB/s
Test programs using SEA RC5 using 28 rounds ∼0.33 MB/s
SEA AUTHENTICATION
The following two routines are called to authenticate a user or process:
Copyright 1999 John Wiley & Sons, Ltd. Concurrency: Pract. Exper., 11, 913–931 (1999)
920 W. SCHROEDER
Copyright 1999 John Wiley & Sons, Ltd. Concurrency: Pract. Exper., 11, 913–931 (1999)
SEA SYSTEM 921
utility generates a pair of RSA keys, stores the private key locally (encrypted), and sends
the public key to the key manager to be recorded for future use. Once this is done, the
user can authenticate to the programs using SEA (the SEA library accesses these keys to
securely authenticate). The SEA system provides for three ‘trust models’ for the initial
introduction/registration:
1. Password: The administrator sets up a password for each user’s initial introduction
and provides this for the user via a secure mechanism (e.g. phone or mail). The SEA
key manager daemon will verify this password before allowing a new RSA key to be
registered. This password is encrypted as it crosses the network via the normal SEA
encryption functions.
2. Trusted host: A ‘trusted agent’ process runs on each system that has a unique user
home directory. This agent communicates with the key manager daemon to verify
that the public key being provided is indeed the key owned by the stated user. This
agent program authenticates itself to the key manager at startup. When authenticating
a user, the agent reads a copy of the user’s public key that seaauth has stored
and provides it to the key daemon. At SDSC chown is restricted, so the agent just
needs to confirm ownership of this file; another method would be to write the file
in a directory that is only writable by the owner, such as the home directory, but
this directory would need to be readable by others. For systems that share user file
systems (most SDSC workstations, for example), only one agent needs to run on one
system to handle the whole collection of computers. The security of this trust model
is relying on the security of the hosts involved and is appropriate for a centrally
managed, security-aware, administrative environment.
3. Self-introduction: The system allows the introduction of new RSA keys as long as
the name does not match an existing key (this uniqueness is required in the password
and trusted host models too). This could be appropriate in an environment where one
is only concerned in verifying the continued identity of the user, i.e. once introduced,
they are the same individual.
Higher-level functions
Two utilities (seaauth, keygen) and daemons (keyd, and TA (‘trusted agent’)) provide
the key generation and management functions. These make use of the SEA library
routines for encryption and authentication themselves and also make use of various SEA
library routines for key file access and management and other common functions. The
one user utility is seaauth, used to set up and modify authentication with the SDSC
encryption/authentication (SEA) system. The command line is of the form seaauth reg
| auto | noauto | passwd | rereg | unreg [objectname], where one of the
five commands is required and is optionally followed by an objectname. Each command
performs the following function:
• reg --- register as a new user with the SDSC encryption/authentication system.
This will create an RSA key pair for the user, registering the public key with the
SEA system and storing the user’s private key locally (the combination of these keys
is used to authenticate the user in SEA applications such as the SRB). Normally, the
encrypted private key is stored in the home directory. Users will need to provide a
password for encrypting this private key.
Copyright 1999 John Wiley & Sons, Ltd. Concurrency: Pract. Exper., 11, 913–931 (1999)
922 W. SCHROEDER
• unreg --- unregister from the SEA system. Users need to authenticate using their
private key and password to do this. This is not normally needed.
• auto --- allow automatic authentication from the current host. This will create
an unencrypted copy of the user’s private key in a local file system. Users need to
supply their private key password to do this. Users should run auto before they run
batch jobs, or before an interactive session in which multiple authentications will be
needed. To increase security, users should run noauto when finished.
• noauto --- disallow automatic authentication from the current host. This will
remove the unencrypted private key.
• passwd --- change the password used to encrypt the private key. Users will be
prompted for their old private key password and for a new one.
• rereg --- go through the registration process again, generating a new key pair.
Users will be prompted for the old private key password to authenticate before this
will be allowed. It is a good idea to reregister occasionally in case someone else has
gained access to the private key.
By default, all of the above operate on one’s SEA user id, which is username@domain,
where username is the Unix login name and domain is predefined; for example
‘schroede@sdsc’. Other entities can also be authenticated. In this case, the object name
is specified on the command line. At SDSC, one’s encrypted private keys are stored
in the home directory. For most SDSC workstations, home directories are shared (NFS
mounted), but when they are not (e.g. for the T90), users need to move their encrypted
private key between hosts. Users should not attempt to move the unencrypted private
keys. They will not function on another host (they are designed to be host-specific),
and the transfer could expose the private key information on the network. Unencrypted
private keys are stored on local disk (/tmp) so as to not transverse the network (i.e.
via NFS). (These private keys are actually encrypted, but only via determinate values
such as hostname.) It is the user’s responsibility to keep the private key private.
As configured at SDSC, the private key file is HOME/.SEAusername@domain,
for example, /users/sy/schroede/.SEAschroeder@sdsc. The unencrypted
private key will be stored as /tmp/.SEAusername@domain.hostname, for
example, /tmp/.SEAschroeder@sdsc.c90. Both of these files will be owned by
the user and stored without group or other access (mode 600). The applications that utilize
the SEA system will access the keys to authenticate the user. If the user has no unencrypted
private key, the application will prompt for the private key password. In addition to these,
seaauth also contains some test and debug options. These include -n to display the
network messages, -d to display the network messages and the unencrypted messages,
as well as test1 through test6, and a -mmessage to be used in conjunction with
some of the tests. These test and demonstrate libsea capabilities. test1 connects to
the key daemon, establishes encryption, performs authentication, and optionally sends the
-mmessage. test2 does the same except without establishing encryption. And test3
does the same except without authentication. seaauth connects to the key daemon
(keyd) to register the public key (and also for the tests). This is an encrypted session, using
the normal libsea encryption functions (although encryption would not be required).
keyd receives the public key from seaauth and stores it in the public key directory via
libsea routines. The directory is defined in seaInternal.h. The request to store a
new key will be rejected if it already exists (for that user or process name). Write access
Copyright 1999 John Wiley & Sons, Ltd. Concurrency: Pract. Exper., 11, 913–931 (1999)
SEA SYSTEM 923
to the public key directory must be carefully controlled. Read access to the public key data
is not a concern, and the seaAuthServer routine, in fact, requires read access. The key
daemon carefully manages this area. The administrator must ensure that only trusted users
can update this directory. Normally, this is only the administrator who is running the SEA
system and perhaps root. The login password for this account should be well protected, as
the SEA trust hierarchy rests on the security of the Unix file permissions on the keyd host.
So the plain-text password for this login account should not be sent across the network (e.g.
via telnet), but secure mechanisms (such as SSH or Kerberos ktelnet/krlogin)
should be used.
Copyright 1999 John Wiley & Sons, Ltd. Concurrency: Pract. Exper., 11, 913–931 (1999)
924 W. SCHROEDER
files seldom change and are quite small, this works well and is expected to scale well
to fairly large directories. Beyond this, it may be feasible to provide a daemon to return
the public key data instead of accessing files. Since it would be critical to authenticate
this daemon reliably, we could use SEA for this, storing the Public Key Daemon’s key
locally, connecting and authenticating it, and receiving the desired public key. This adds
additional overhead/delay (up to two authentications to achieve one) as well as some
complexity (the existing type of authentication plus the daemon logic). So, at least for
now, the synchronization of public key files is preferable.
Web of trust
The SEA system implements a chaining of trust that begins with the SEA administrator,
extends via the trusted agent (run by the administrator), and then goes to users and
processes. Users can register with the SEA system (via the TA or password and Key
Daemon) and can in turn, if included in the privileged list, register new keys as
arbitrary names. Each new registration is logged, along with the authenticating agent.
This authenticating agent is first authenticated as part of the registration process and
is either a trusted agent or a user. Thus a chain of trust is created, providing secure
authenticating functionality distributed to a wide set of people. Another web of trust
involves the interrelationships between SEA and the operating system. SEA depends on
the normal Unix file permissions to protect both the public and private keys. This is a
reasonable assumption, since if the OS can’t be trusted, the host cannot be secure. As
is the case with other authentication mechanisms, if the root user login is compromised,
forged authentication/access will be possible, and there is little that can be done about this.
Computer security involves not only secure authentication/encryption, but also installing
vendor patches, system monitoring, configuration control, and related activities, all of
which SDSC actively pursues.
Communication changes
The SRB communication routines had to be modified to incorporate SEA. The SRB
communication routines used file stream I/O and did this via multiple subroutine packages.
Copyright 1999 John Wiley & Sons, Ltd. Concurrency: Pract. Exper., 11, 913–931 (1999)
SEA SYSTEM 925
While the use of file stream I/O was a reasonable design choice, it prevented the access to
buffers that is needed for an add-on encryption scheme. Thus, the communication routines
(two sets) were modified to use sockets and new buffering routines. For example, calls to
putc were changed to calls to commPutc, which stores data into a small buffer and calls
seaWrite when full (similarly, calls to fflush were changed to a new routine that calls
seaWrite). The read system call and seaRead behave differently from stream file I/O
reads in that they will return data that are currently available rather than waiting for the
buffer to fill. To present the same stream-like interface to the higher-level communications
routines, the mid-level routines loop on reads until the buffer fills or the connection ends.
SRB encryption
With these communications changes in place, calls to seaBeginEncryptionClient
and seaBeginEncryptionServer cause libsea to encrypt communications data.
In the SRB communication scheme, both control information and data are transferred
on the same socket, so when encryption is enabled, it is performed on both. A new
flag was introduced in the SRB connect message to request encryption. The client
user can control this with the SEA OPT environment variable. When the flag is
set, the client side calls seaBeginEncryptionClient, and the server side calls
seaBeginEncryptionServer to establish encryption. In some cases, to service an
SRB client request, an SRB server may need to communicate with one or more other
SRB servers. In this case, if the SRB client has requested encryption, then encryption is
also requested on the second (or subsequent) connections, thus extending the protection of
data. Since one SRB server calls another via the SRB client routines, adding encryption is
only a matter of propagating the encryption flag. However, this does require the SRB in the
middle to decrypt and re-encrypt (in a different key) the data.
SRB authentication
Currently, similar to the SEA encryption flag, a new flag is used in the SRB connect
message to specify that SEA authentication is to be used. Eventually, we plan to phase
this out and require SEA authentication by default. The SRB server and client make the
SEA authentication calls to confirm the identity of the client.
SRB-to-SRB authentication
As mentioned above, there are cases where an SRB will make client calls to another SRB.
This can occur when a particular storage type (an Illustra DB, for example), is available
through a second SRB but not the first. In this case, the SRB to SRB authentication is
implemented using the SEA user authentication capabilities and a list of privileged user
ids (for example, ‘srb@sdsc’). It would also be possible to authenticate to an alternative
process or object name but, for now, authenticating to the SRB userid is sufficient. If the
SEA-authenticated user is privileged, then the username as passed by the connect message
is used. In this way, the SRB to SRB connections can proxy for the original user. The list
of SRB names (users with privileges) is maintained in the Metadata Catalog (MCAT) and
retrieved by each SRB at startup. This provides substantial flexibility in the configuration
of multiple SRBs and meshes well with the MCAT core functions as the SRB data and
Copyright 1999 John Wiley & Sons, Ltd. Concurrency: Pract. Exper., 11, 913–931 (1999)
926 W. SCHROEDER
metadata repository. We decided to modify the connect message to contain two fields, the
clientUser and the proxyUser, to clarify the use of two types of user ids. This is similar
to Unix’s model of real and effective user IDs. SEA is used to confirm the identity of the
proxyUser field (real UID). (An initial integration of SRB and SEA kept the format of
the SRB connect message unchanged, except for the addition of new flags, and used SEA
to confirm the user id.) With SEA authentication from SRB clients, the proxyUser field
is compared with the SEA-authenticated name as determined by the seaAuthServer
routine. If the proxyUser matches an entry in the privileged user list, then the clientUser
field is allowed to vary from the proxyUser name. For non-privileged users, the clientUser
field must match the proxyUser. It is the clientUser name that is used for access control. A
second (or later) SRB in a chain of SRBs (for a particular connection) trusts the information
passed to it when that connection has been identified as from a privileged user. The user of
the original SRB client is authenticated to the first SRB, and the second SRB then ‘knows’
that the user has authenticated. This provides a secure, flexible, and simple authentication
mechanism that meets the needs of the SRB infrastructure.
Server identification
SEA could be used to authenticate the SRB server to the client, although some method of
reliably providing the SRB public key to the clients would be needed.
Copyright 1999 John Wiley & Sons, Ltd. Concurrency: Pract. Exper., 11, 913–931 (1999)
SEA SYSTEM 927
DCE-based and HPSS client user interface utilities (pftp, HSI) use DCE authentication.
However, there is also a need for non-DCE clients, and SEA has been selected as
one major alternative. HSI optionally includes five modes of authentication: none (for
debug), local password (on the storage system host), DCE, Kerberos, and SEA. Multiple
authentication systems can be built into HSI simultaneously. HSI first attempts to use the
default authentication method (SEA as configured at SDSC), but provides a startup option
to allow selection of an alternative method (DCE at SDSC). HSI uses SEA routines for
authentication, prompting for a password to decrypt the private key if necessary. Multiple
principals are supported; a flag can be utilized to access alternative SEA key files. We
plan to use SEA to encrypt transmitted passwords when SEA authentication is not being
used. By running seaauth auto to create a semi-encrypted private key, users can store
and retrieve HPSS files via HSI from batch jobs without placing passwords into scripts.
This is also useful in interactive sessions where multiple HSI sessions are initiated. We
currently do not allow general access to HPSS via remote FTP utilities due to the danger
of passwords being compromised as they cross the wide-area network. With HSI/SEA, we
will be able to provide secure remote access, even in a passwordless manner.
Copyright 1999 John Wiley & Sons, Ltd. Concurrency: Pract. Exper., 11, 913–931 (1999)
928 W. SCHROEDER
requires some awareness and ticket management operations by users. SSH is an excellent
product for providing secure interactive access and file transfer. It is easily installed on
independent hosts and is available on the needed platforms, including the Cray. As NPACI
phases out plain-text password access, SSH and Kerberos are the primary replacement
mechanisms. Currently, however, SSH does not provide interprocess authentication; that
is, there is no SSH library and no API. When we started the SEA project, we investigated
converting some of the SSH software into a library, but found that it would be difficult to
do so. SSH is well-structured software, but is designed to be an integrated whole. There
are various ways in which SSH keys used for login could, eventually, be used in a role that
SEA is serving:
• SEA could be modified to read SSH-format key files. This would be somewhat
difficult, but is feasible.
• The SSH DataFellows/Tatu Yl’vnen team is planning to implement an SSH library
as part of a future release. However, they have not committed to a timeframe for
this, and want to first make the SSH 2.x protocol a standard and then prioritize
new features (there is an IETF working group, SECSH, that is defining the SSH
2.x protocol). It could be a year or more before an SSH library is released.
• Tadayoshi Kohno, at the University of Colorado at Boulder, has developed an
SSH Library and corresponding Windows 95/NT Client[22]. This is a Windows
implementation, but has also been ported to various Unix systems. It uses Eric
Young’s SSLeay libraries[23]. libSSH appears to be an excellent package; however,
it currently does not include a server-side implementation (it is designed to connect
from Windows systems to standard SSH Unix servers), and its private key format is
different from that of SSH.
For all of these, there would be some confusion of function for the keys. In SSH login
sessions, the user’s SSH private key is available on his/her workstation and the public key
in his/her home directory on the host being remotely accessed. To use this same system
to authenticate on the accessed host, either a second pair of keys would be needed or the
private key would need to be moved to the accessed host. In the latter case, there is no SSH
mechanism to automatically do this, and it would reduce security somewhat by exposing
the encrypted private key on the network and on another host.
The third major option is SSL/X.509. SSLeay is an excellent SSL/X.509 package, and
SDSC recently ported it to the Cray T90 with relative ease. Globus will be using SSL/X.509
as its primary security infrastructure, and interoperability between SEA applications and
Globus would be useful. SDSC has recently started to run a certificate authority, and
we expect that SSL/X.509 will be useful as part of the NPACI interaction environments
(visualization, etc.) as well as data intensive applications. An SSL/X.509 capability would
enable the development of secure Web-based computation and data access.
FUTURE DIRECTIONS
Security is an important aspect of any computer operation. Since there is greater demand
for computing resources than we have available at SDSC, we need to ensure that these
resources are only being used by the researchers who have received allocations via the NSF
peer-review process. Also, many of the users’ data files represent intellectual property, both
academic and commercial, and need to be presented only to authorized individuals. Secure,
Copyright 1999 John Wiley & Sons, Ltd. Concurrency: Pract. Exper., 11, 913–931 (1999)
SEA SYSTEM 929
CONCLUSION
By utilizing and augmenting available encryption implementations, RSA and RC5, we
have created an encryption/authentication system designed to meet specific requirements
of the SDSC environment. The SDSC encryption/authentication system provides a
relatively simple, yet strong, easily installed and easily integrated, supplemental
authentication/encryption system for use in practical, real-world, distributed applications.
It is the foundation for some of SDSC/NPACI’s current and future distributed computing
and security research. Using SEA, SDSC is augmenting existing applications, in a
relatively unobtrusive manner, to provide secure remote access to the SDSC data-intensive
and archival storage resources. Future plans include merging and/or interoperating
with additional standards, either through further development of SEA or through its
eventual replacement with ported and augmented existing systems as they evolve. Various
standards-based systems, and interoperating standards-based systems, are expected in
Copyright 1999 John Wiley & Sons, Ltd. Concurrency: Pract. Exper., 11, 913–931 (1999)
930 W. SCHROEDER
the near future, and SDSC plans to make use of these while maintaining some of the
advantages of the SEA system.
AVAILABILITY
Since SEA uses encryption technology (RC5 and RSAREF2.0 (including Cray versions)),
we can only release it to domestic US sites. Contact Wayne Schroeder, schroede@sdsc.edu,
to obtain a copy. See the SEA software design document[19] for installation instructions.
ACKNOWLEDGEMENTS
Michael Gleicher integrated SEA into HSI. Michael Wan assisted with the integration of
SEA with the SRB. The SDSC/NPACI Kerberos/SSH infrastructure is being enhanced by
Tom Perrine and SDSC and NPACI systems staff. The DOCT project was funded jointly
by DARPA and the USPTO under Project F19628-96-C-0020. Additional information is
available at http://www.sdsc.edu/˜schroede.
REFERENCES
1. Bruce Schneier, Applied Cryptography, 2 Edn, Protocols, Algorithms, and Source Code in C,
Wiley, 1996.
2. Jeffery I. Schiller, ‘Secure distributed computing’, Sci. Am., 271(5), 72–76 (1994).
3. Kerberos Users’ Frequently Asked Questions,
http://www.veritas.com/common/f/97042301.htm, and new version at
http://www.nrl.navy.mil/CCS/people/kenh/kerberos-faq.html, March 1998.
4. RSA Home Page, http://www.rsa.com/.
5. International PGP Home Page, http://www.ifi.uio.no/pgp/.
6. SSH Home Page, http://www.cs.hut.fi/ssh/.
7. SSH at NPACI, http://www.sdsc.edu/projects/ssh/ssh.html.
8. International Cryptography Pages, http://www.cs.hut.fi/crypto.
9. Wayne Schroeder, ‘SDSC’s installation and development of Kerberos’, Proceedings, Thirty-
sixth Semiannual Cray User Group Meeting, Fairbanks, Alaska, September 1995,
http://www.sdsc.edu/˜schroede/kerberos cug.html.
10. Wayne Schroeder, ‘Kerberos/DCE, the secure shell, and practical internet security’,
Proceedings, Thirty-eighth Semiannual Cray User Group Meeting, Charlotte, North Carolina,
October 1996, http://www.sdsc.edu/˜schroede/ssh cug.html.
11. National Partnership for Advanced Computational Infrastructure Home Page,
http://www.npaci.edu.
12. C. K. Baru, R. W. Moore, A. Rajasekar, W. Schroeder and M. Wan, ‘A data handling
architecture for a prototype federal application’, Proceedings of the IEEE Conference on Mass
Storage Systems, College Park, MD., March 23–27, 1998.
13. Distributed Object Computation Testbed (DOCT) Project Home Page,
http://www.sdsc.edu/DOCT, June 1996.
14. C. K. Baru, R. Marciano, R. W. Moore, A. Rajasekar and M. Wan, ‘Metadata to support
information-based computing environments’, http://www.sdsc.edu/˜baru/MD97 Paper.html.
15. SRB Technical Information Page, http://www.npaci.edu/Research/DI/srb/.
16. High Performance Storage System, http://www.sdsc.edu/hpss/.
17. Michael Gleicher, HPSS Interface (HSI) Hypertext Manual, http://www.sdsc.edu/Storage/hsi/.
18. Markus Jakobsson, DOCT White Paper, ‘Authentication mechanisms’, July 1997,
http://www.sdsc.edu/˜schroede/authmech.html.
19. Wayne Schroeder, DOCT White Paper, ‘Software design document for an
MDAS/NPACI/DOCT authentication/privacy mechanism’, October 1997,
http://www.sdsc.edu/ schroede/auth.html.
Copyright 1999 John Wiley & Sons, Ltd. Concurrency: Pract. Exper., 11, 913–931 (1999)
SEA SYSTEM 931
Copyright 1999 John Wiley & Sons, Ltd. Concurrency: Pract. Exper., 11, 913–931 (1999)