trust establishment in pervasive grid environments
DESCRIPTION
Trust Establishment in Pervasive Grid Environments. Syed Naqvi, Michel Riguidel TÉLÉCOM PARIS É cole N ationale S upérieur des T élécommunications (ENST) 46 Rue Barrault, Paris 75013, France {naqvi, riguidel}@enst.fr. Outline. Introduction Trust Establishment Implementation Status - PowerPoint PPT PresentationTRANSCRIPT
Trust Establishment in
Pervasive Grid Environments
Syed Naqvi, Michel Riguidel
TÉLÉCOM PARISTÉLÉCOM PARIS
ÉÉcole NNationale SSupérieur des TTélécommunications (ENST)
46 Rue Barrault, Paris 75013, France
{naqvi, riguidel}@enst.fr
22 November 2005 CGW'05 - Krakow, Poland 2
Outline
• Introduction
• Trust Establishment
• Implementation Status
• Conclusions
22 November 2005 CGW'05 - Krakow, Poland 3
Outline
• Introduction
• Trust Establishment
• Implementation Status
• Conclusions
22 November 2005 CGW'05 - Krakow, Poland 4
The reliance on a property or a virtue of a person, or the conviction that a given premise is true.
Oxford Dictionary
An entity A is considered to trust another entity B when entity A believes that entity B will behave exactly as expected and required.
International Telecommunication Union
Trust
Pervasive Grid Environments
• The Grid can be accessed from any networked device– laptop, mobile phone, PDA, …
• The Grid can be composed of Internet-connected light-weight devices– Inherent limitations of these devices, physical security, …
• Ubiquitous access to the computing and storage resources– Adaptable to users’ environments; available anywhere anytime– Enable mobile users to launch, monitor, and steer applications
on the Grid
• Introduces new challenges– Bandwidth, heterogeneity, connectivity, scalability, interfacing– Security: physical; gaps; requires knowledge of context and
state
22 November 2005 CGW'05 - Krakow, Poland 6
The Problem Statement
• How pervasive grid nodes can trust unknown infrastructure with their private data; and
• How a computing infrastructure can trust a mobile node which is seeking access to its resources.
22 November 2005 CGW'05 - Krakow, Poland 7
Outline
• Introduction
• Trust Establishment
• Implementation Status
• Conclusions
8
Trust Requirements
• Identification, Access Control, Privacy, …
• User-based Trust Relationships– If a user has the right to use sites A and B, the user should be
able to use sites A and B together without requiring the security administrators from sites A and B to interact.
• Distributed Trust Evaluation– The decentralized nature of administration makes it difficult to
establish and propagate trust. A distributed trust evaluation scheme is therefore required for the pervasive grid environments.
• Non-History-based Trust Establishment– If there is no trust among parties and there is no mechanism to
build some trust based on a history of previous interactions.
22 November 2005 CGW'05 - Krakow, Poland 9
• Delegation of trust– Decentralized hierarchical administration, scalability of certificate
issuing capacity, …
• Continuous monitoring of the changes to the trust level of each node– Dynamic evaluation of the trust relationships, broadcast the
presence of a malicious node in the environment, …
• Consideration of context and state– Determination of the access control on the basis of user’s
location and the state of the user’s environment.
Trust Establishment Approach
22 November 2005 CGW'05 - Krakow, Poland 10
• Instead of having a single value representing the trust-worthiness of a node, the value should be broken into separate attributes – confidences– Each confidence represents a characteristic of a node from which
trust can be synthesized. For example:• We can trust a node to be accurate (important for data integrity)
• We can trust a node to complete task reliably
• We can trust nodes to return data quickly (or always in the guaranteed time).
• These attributes form a virtual plane to link the resources, users (individuals & services) and the applications– Virtual and extensible basis for synthesizing
varying types of trust• Signifies that there is not a fix form of trust
among the various entities
• Allows the greatest flexibility from one entityto the other
22 November 2005 CGW'05 - Krakow, Poland 11
• From the functional point of view: – Attribute certificates are used in compliment with identity
certificates provided by the existing infrastructure.• Identity certificates are used to verify the identity of an entity in a
highly anonymous environment (e.g. the internet)
• Attribute certificates are used to determine the trustworthiness of an uncertain environment (such as Pervasive Grid)
– For direct trust relationship within a single domain, a node estimates the trustworthiness of the node it is going to interact.
• By using the centralized credentials architecture to determine the trust values of the individual nodes.
• By maintaining a trust table of the domain.
– For indirect trust relationships across multiple domains, a node has to trust all the intermediaries that it traversed before arriving the second node.
• By evaluating the trust degree along the whole path.
22 November 2005 CGW'05 - Krakow, Poland 12
Outline
• Introduction
• Trust Establishment
• Implementation Status
• Conclusions
22 November 2005 13
Exam Hall Library
CA / Storage & Display Center
S S S S
T T
SS
Experimental Set-up
22 November 2005 CGW'05 - Krakow, Poland 14
22 November 2005 CGW'05 - Krakow, Poland 15
Outline
• Introduction
• Trust Establishment
• Implementation Status
• Conclusions
22 November 2005 CGW'05 - Krakow, Poland 16
• The computing world is moving from the desktop computing to the mobile and nomadic computing.
• The near future Grid users will prefer to access the grid resources from their smart devices.
• Current research efforts to address trust problem in a Grid environment focus on relatively static scenarios.
• Pervasive Grid Environments require dynamic establishment of trust.
• These pervasive Grid environments may be few years ahead but its important to envision how things will be dealt with in the future.
• Our future directions include:– Implementation of deeper and fine grained interactions among
the various entities of the Pervasive Grid Environments.– Implementation of our trust model as an extension to the GSI.
22 November 2005 CGW'05 - Krakow, Poland 17