TCP-AuthN: An Approach to Dynamic Firewall Operation in Grid Environments

Grid computing provides users with transparent access to substantial compute and storage resources. Up to now the main focus lay in the development of Grid infrastructures and the development of services providing access to Grid resources. This leads to a negligence of security aspects, which, for example, leads to the recommendation of open wide port ranges on firewalls protecting the Grid resources. In this paper we present an approach for a dynamic firewall operation facilitated by a strong inline authentication for every TCP connection. The presented approach, which is based on X.509 certificates and public-key encryption uses TCP segments exchanged during the TCP three-way handshake between the client and the server to transport user authentication information. Firewalls on the path use this authentication information to authorize the connection. To distinguish the authentication information in the TCP segments from application data a new TCP option tcpauthn is introduced.

[1]  Miron Livny,et al.  CODO: firewall traversal by cooperative on-demand opening , 2005, HPDC-14. Proceedings. 14th IEEE International Symposium on High Performance Distributed Computing, 2005..

[2]  Ian T. Foster,et al.  The Anatomy of the Grid: Enabling Scalable Virtual Organizations , 2001, Int. J. High Perform. Comput. Appl..

[3]  Jon Postel,et al.  Transmission Control Protocol , 1981, RFC.

[4]  Marian Bubak,et al.  A novel approach to protect Grids with firewalls A System for Distributed Computing Based on H2O and JXTA , 2004 .

[5]  Steven Tuecke,et al.  Internet X.509 Public Key Infrastructure (PKI) Proxy Certificate Profile , 2004, RFC.

[6]  David Cooper,et al.  Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile , 2008, RFC.

[7]  Tim Dierks,et al.  The Transport Layer Security (TLS) Protocol Version 1.2 , 2008 .

[8]  P ? ? ? ? ? ? ? % ? ? ? ? , 1991 .

[9]  Von Welch Globus Toolkit Firewall Requirements , 2003 .

[10]  David Abramson,et al.  Bridging organizational network boundaries on the grid , 2005, The 6th IEEE/ACM International Workshop on Grid Computing, 2005..

[11]  Russ Miller,et al.  Grid-enabled virtual organization based dynamic firewall , 2004, Fifth IEEE/ACM International Workshop on Grid Computing.

[12]  Miron Livny,et al.  Recovering internet symmetry in distributed computing , 2003, CCGrid 2003. 3rd IEEE/ACM International Symposium on Cluster Computing and the Grid, 2003. Proceedings..

[13]  Alfred Menezes,et al.  Handbook of Applied Cryptography , 2018 .

[14]  Ákos Frohner,et al.  VOMS, an Authorization System for Virtual Organizations , 2003, European Across Grids Conference.

[15]  Eric Rescorla,et al.  The Transport Layer Security (TLS) Protocol Version 1.1 , 2006, RFC.