Providing security to the Desktop Data Grid

Volunteer computing is becoming a new paradigm not only for the computational grid, but also for institutions using production-level data grids because of the enormous storage potential that may be achieved at a low cost by using commodity hardware within their own computing premises. However, this novel "Desktop Data Grid" depends on a set of widely distributed and untrusted storage nodes, therefore offering no guarantees about neither availability nor protection to the stored data. These security challenges must be carefully managed before fully deploying desktop data grids in sensitive environments (such as eHealth) to cope with a broad range of storage needs, including backup and caching. In this paper we propose a cryptographic protocol able to fulfil the storage security requirements related with a generic desktop data grid scenario, which were identified after applying an analysis framework extended from our previous research on the data grid's storage services. The proposed protocol uses three basic mechanisms to accomplish its goal: (a) symmetric cryptography and hashing, (b) an information dispersal algorithm and the novel (c) "quality of security" (QoSec) quantitative metric. Although the focus of this work is the associated protocol, we also present an early evaluation using an analytical model. Our results show a strong relationship between the assurance of the data at rest, the QoSec of the volunteer storage client and the number of fragments required to rebuild the original file.

[1]  Vijay S. Pande,et al.  Storage@home: Petascale Distributed Storage , 2007, 2007 IEEE International Parallel and Distributed Processing Symposium.

[2]  David P. Anderson,et al.  BOINC: a system for public-resource computing and storage , 2004, Fifth IEEE/ACM International Workshop on Grid Computing.

[3]  Ian T. Foster The globus toolkit for grid computing , 2001, Proceedings First IEEE/ACM International Symposium on Cluster Computing and the Grid.

[4]  Valeria Vittorini,et al.  A policy-based methodology for security evaluation: A Security Metric for Public Key Infrastructures , 2007, J. Comput. Secur..

[5]  Sushil Jajodia,et al.  Secure Dynamic Fragment and Replica Allocation in Large-Scale Distributed File Systems , 2003, IEEE Trans. Parallel Distributed Syst..

[6]  Marios D. Dikaiakos,et al.  ICGrid: Enabling Intensive Care Medical Research on the EGEE Grid , 2007, HealthGrid.

[7]  Miguel Castro,et al.  Farsite: federated, available, and reliable storage for an incompletely trusted environment , 2002, OPSR.

[8]  Gilles Fedak,et al.  The Computational and Storage Potential of Volunteer Computing , 2006, Sixth IEEE International Symposium on Cluster Computing and the Grid (CCGRID'06).

[9]  James S. Plank A tutorial on Reed-Solomon coding for fault-tolerance in RAID-like systems , 1997 .

[10]  Russ Housley,et al.  Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile , 2002, RFC.

[11]  Manuel Medina,et al.  Using OGRO and CertiVeR to improve OCSP validation for Grids , 2007, The Journal of Supercomputing.

[12]  Angelos Bilas,et al.  An Analysis of Security Services in Grid Storage Systems , 2008 .

[13]  Ben Y. Zhao,et al.  OceanStore: an architecture for global-scale persistent storage , 2000, SIGP.

[14]  Ethan L. Miller,et al.  POTSHARDS—a secure, recoverable, long-term archival storage system , 2009, TOS.

[15]  David Cooper,et al.  Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile , 2008, RFC.

[16]  Luigi Troiano,et al.  Security level evaluation: policy and fuzzy techniques , 2004, International Conference on Information Technology: Coding and Computing, 2004. Proceedings. ITCC 2004..

[17]  Luigi Troiano,et al.  A Reference Model for Security Level Evaluation: Policy and Fuzzy Techniques , 2005, J. Univers. Comput. Sci..

[18]  Michael O. Rabin,et al.  Efficient dispersal of information for security, load balancing, and fault tolerance , 1989, JACM.

[19]  Warwick Ford,et al.  Internet X.509 Public Key Infrastructure Certificate Policy and Certification Practices Framework , 2003, RFC.

[20]  Nicola Mazzocca,et al.  Static evaluation of Certificate Policies for GRID PKIs interoperability , 2007, The Second International Conference on Availability, Reliability and Security (ARES'07).

[21]  Ethan L. Miller,et al.  Secure, archival storage with POTSHARDS , 2007 .

[22]  James S. Plank,et al.  A tutorial on Reed–Solomon coding for fault‐tolerance in RAID‐like systems , 1997, Softw. Pract. Exp..

[23]  Erik Riedel,et al.  A Framework for Evaluating Storage System Security , 2002, FAST.