Abstract: Grid computing is an emergent computing innovation which offers endless access to computing infrastructure across various organizations (academia and industry). Since this technology allows aggregation of various computer systems for usage by different users to run applications, the information stored on it which may be sensitive and private, remains vulnerable. According to related research on the attribute based access control for grid computing there is no adequate and appropriate security mechanism to authorize and authenticate users before accessing information on a grid system. The issue of security in grid technology has not been fully addressed even though it is a precondition for optimizing grid usability. Having realized the paucity of security guarantees, this research work focuses on developing a model for securing data and applications deployed on a grid on the basis of double identity authentication and public key. The implementation of the model has undoubtedly guaranteed the security of sensitive information on a grid vis-α-vis strict adherence to security policies and protocols.
INTRODUCTION
Many authors have defined grid computing using several technical words and terminologies. According to Buyya (2002), the following definition was given.
The "Grid is a type of parallel and distributed system that enables the sharing, selection, and aggregation of resources distributed across multiple administrative domains based on their (resources) availability, capability, performance, cost and users' quality-of- service requirements.” (Buyya, 2002).
Currently, Folderol, SETI@home and Distributed Net are projects that are currently exploiting (Wolfgang, 2000) various grid resources on the Internet. To ensure safety and security of resources within a grid system environment, there needs to be a set of policies for data access between the resource providers and resource consumers (Khider et al., 2010).
Public Key Infrastructure (PKI) is noted and recognized as a useful technology for securing a large scale network like grid. The main idea behind PKI is the certificate (Ali, 2002). The function of the certificate is to cement and bind (Price, 2003) the public key to a particular entity on the grid (Butleret al., 2000). The private key stands for the identity of an entity on the grid. PKI is well known for its interoperability (Ali, 2002).
One of the prominent models for implementing security on a grid is the Bell-LaPadula Model (BLM), also called the multi-level model which was formulated by the duo of Bell and LaPadula. This model is used for access control policy in both military and government applications (Zhao and Chadwick, 2008). With this security model, subjects and objects are grouped into different security rank and stage such that a subject can only access objects at a particular levels specified by his security level. In spite of the uniqueness of this model and its benefits, it only addresses confidentiality issues and its application is limited to systems where security levels do not change dynamically (Dallon et al., 2007).
Apart from the above approach, several other approaches (Goguen and Meseguer, 1982) have been employed to secure grid information to ensure adequate and efficient authentication (Gao et al., 2010) and authorization. Some of the prominent methods involved the adoption of traditional access control models such as Mandatory Access Control (MAC) model, Community Authorization Service (CAS) model, Discretionary Access Control (DAC) model and Role Based Access Control (RBAC) model (Ni et al., 2007).
Ali et al. (2009) has specified seven important security needs to protect grid information against attacks. These requirements are: authentication, authorization, availability, non-repudiation, data confidentiality, data integrity and privacy (Prasannakumari, 2009).
In an unsecured multi domain application environment like grid where various organizations interact with one another there bound to be some problems between the users and resources (Ni et al., 2007). We addressed some of these security challenges by adopting and implementing a double identity authentication scheme and public key system on a grid platform.
BASIC CLASSES OF ENCRYPTION WITH TRADITIONAL CRYPTOGRAPHY
| • | Product cryptography: This is a process of combining various transformations such as modular arithmetic; substitution cipher and shift cipher together. The objective is to get a more reliable and secure (Zanjani et al., 2009) cipher than a single component to make it secure and resistant to cryptanalysis (Yanxiang et al., 2008) |
| • | Substitution cryptography: The plaintexts are exchanged with some characters to produce ciphertext (Rasheed et al., 2010) base on a regular system. The formation of each of the characters can be changed but its position cannot be changed. The receiver performs an inverse substitution (Alfred et al., 1997) to decipher the text |
| • | Transportation ciphers: The units of plaintext are rearranged in a unique and complex manner however the units remain unchanged (Yanxiang et al., 2008) |
| • | Shift cryptography: This allows each of the characters to change its position without changing its formation in the plaintext. Matrix cryptography is an example of shift cryptography |
Definition of concepts:
| • | Authentication is any approach used to confirm that the identity is exactly the person who claims to be. This is always confirm with the aid of password and username |
| • | Authorization is a technique of confirming if the person previously identified is permitted to have access to a particular resource or not |
APPRAISAL OF DATA ENCRYPTION TO ENSURE CONFIDENTIALITY
The purpose of data confidentiality is to protect data from being divulged to the wrong or an unintended party (Shen et al., 2006).
Two steps can be used to achieve data confidentiality (Hamid et al., 2009; Hoque and Avery, 2010) data encryption and data decryption. Also, two main types of cryptography can be used to provide data confidentiality (MSDN, 2005), they are: Symmetric and asymmetric.
Symmetric cryptography: In this type of cryptography both the sender and the recipient use a common key to carry out encryption and decryption (Fig. 1).
As illustrated in Fig. 1, symmetric encryption involves the following stages:
| • | The ciphertext message is created by the sender through the encryption of a plaintext with the assistance of a symmetric encryption algorithm as well as a shared key |
| • | The ciphertext message is sent to the recipient by the sender |
| • | The ciphertext message is decrypted back into a plaintext by the recipient |
| • | Block cipher is the most popular of the symmetric-key encryption methods. Also, transposition ciphers and substitution ciphers are two prominent categories of block ciphers |
Asymmetric cryptography: With asymmetric cryptography also called public key cryptography; different keys are used by the sender and recipient for encryption and decryption, respectively (MSDN, 2005). The sender encrypts data with one key and the recipient uses a different key to decrypt ciphertext (Fig. 2).
| Fig. 1: | The process of symmetric encryption |
| Fig. 2: | The process of asymmetric encryption |
As illustrated in Fig. 2, asymmetric encryption involves the following steps:
| • | The ciphertext message is created by the sender who encrypts the plaintext message with the aid of an encryption algorithm and the recipient’s public key |
| • | The ciphertext message is sent from the sender to the recipient |
| • | The ciphertext message is decrypted back to plaintext with the aid of a private key that tallies with the public key that was used to encrypt the same message |
TRADITIONAL AUTHENTICATION APPROACH
To restrict and monitor the access of resources on a network (Rozyyev et al., 2011), user usually supplies and provides his identity (Ayofe and Oluwaseyifunmitan, 2009) based on recognition technology. The most common among the technology is password, Unique Identifier (ID) and token. The way in which this traditional technology is being employed is demonstrated (Fig. 3).
As the research in the area of computer and information security increases, the above technique of verifying user before accessing a network becomes unreliable and insufficient. This traditional approach has been confirmed and affirmed (Ayofe and Lawal, 2010) that they are very static and has not sufficiently satisfied the security demand in a data sharing environment. Due to this vulnerability, hacker takes the advantage to carry out malicious action on the grid (Ayofe and Oluwaseyifunmitan, 2009).
THE CONCEPT OF RSA CRYPTO SYSTEM
Briefly, to implement Rivest, Shamir and Adleman (RSA) algorithm the following procedures are followed:
| • | Firstly, a random numbers p and q considered to be prime is selected and confirm that p! = q. Then the value of modulus with n = pq is determined before calculating phi, Φ = (p-1)(q-1) |
| • | Also, the public exponent e, 1<e< Φ such that gcd (e, Φ) = 1 is determined. Public key is taken to be {n, e} while private key is d |
| • | Encryption is considered to be c = memod n while decryption is taken to be: m = cdmod n |
| • | s = H (m) dmod n is taken as the digital signature while m' = semod n is for the verification |
| • | If m' = H (m) signature is correct. It is believed that H is a publicly known hash function |
| Fig. 3: | Common traditional authentication approach |
IMPLEMENTATION OF A SECURED MODEL IN A GRID BASED ENVIRONMENT
For the implementation of a secured model on a grid platform, the Fig. 4 serves as a dependable source of message information sharing.
Whenever, a user intends to establish a communication in a grid network, he supplies his flexible password and the required ID, respectively. The token code is evaluated by the server side thereby juxtapose it with flexible password supplied by the user. If it is confirmed and affirmed that the authentication is successful the server then comes up with a number as Token Session of a confirmed authentication. This is expected to be sent back to the client side.
When the client side confirms that authentication is succeeded by receiving token session information, the user will be prompted to enter the next flexible password which will have a binary value of 64-bit. At this stage, Hash algorithm (Dai et al., 2009; Zhou et al., 2008) is applied on the binary value to obtain 128-bit symmetric key. Handshake is therefore conducted between a client and the server. After the handshaking, the transmission of data encryption hereby commences. With the application of next flexible password, both the client and the server can successfully generate the secret key. With the double authentication procedure adopted in this model, it is sure and safe that hacker will not be able to carry out any malicious act that could be detrimental to the grid and its resources.
| Fig. 4: | Scenario of a dependable security model |
Algorithm for the scenario is given as: |
To evaluate the performance of this double authentication scheme security model, a GridSim simulator was used. Two different graphs were obtained and the results of simulation are explained hereunder.
As shown in the Fig. 5, double authentication approach is flexible therefore resource each user can access varies with time according to the degree of authenticity of user. However, the degree of reliability of single authentication remains constant. This simulation result shows that with double authentication scheme, the rate of accessing any resource on the grid varies with time and directly depends on the authenticity of the user involved.
In Fig. 6, simulation result reveals that there is proportional increase in the turnaround time as the degree of authorization increases. But the average turn around remains constant at a point when a reliable and double authentication was not adopted.
| Fig. 5: | Appraisal of double authentication scheme with respect to access control and time |
| Fig. 6: | Evaluation of average turn-around time with respect to time when applying double authentication |
CONCLUSION
Since security is an issue that is very crucial in a data sharing environment like grid, the proposition and implementation of a double identity authentication is a must to protect the integrity of resources across a multi administrative domains. This is mainly to achieve confidentiality, authentication, authorization and privacy on the grid network. It will be recalled that most of the approaches in the past have a lot of weaknesses which has rendered its significance to the lowest ebb. With the widespread and ubiquitous nature of grid computing vis a vis number of participants on the network the provision for a reliable authentication scheme could not be over emphasized. The implementation of the above authentication scheme has proved to be effective and useful in any grid based resource sharing environment.