Improving the Security Performance in Computer Grids

Abstract

Security in computational Grids is mainly based on Grid Security Infrastructure (GSI) for authentication and Virtual Organization Membership Service for authorization. Although these mechanisms provide the required level of security, they lack in performance due to their dependence on public key cryptography. In our proposed security architecture we use a Kerberos-based approach (symmetric cryptography) to establish common secrets between grid services (exposed as web services) and clients. The architecture does not nullify GSI and VOMS, but allows a full mapping of GSI-NOMS to Kerberos credentials. The security architecture was designed to meet the specific quality of service (QoS) for nearly real-time control of distributed instruments that belong to different organizations by minimizing the impact of security processing. It is based on GSI and VOMS certificates for the initial login, translates them into Kerberos credentials for authentication and provides message level security implementing the OASIS Kerberos Token Profile. The security performance of our implementation, as shown in our measurements, outperforms the one when X509 Token Profile is used.