Advanced Topics in Data Communications

1
Advanced Topics in Data Communications

• Compiled from several online resources
• ISQS 6341
• November 2002

2
Outline

• Grid computing
• Web service
• Web service security

3
Grid Computing
4
Beyond the Net, lies the Grid.

• The Net allows users everywhere to share
  information.
• The Grid will allow users to share raw
  computing power.
• Its under construction.

5
Its for real.

• Used to construct
• collaborative engineering systems
• real-time instrument control systems
• problem solving environments
• to perform record-setting scientific simulations.

6
What is a Grid?

• persistent networked environments integrating
  geographically distributed supercomputers, large
  databases, and high end instruments
• coordinated resource sharing and problem solving
  in dynamic virtual organizations

7
Grid computing is related to but not identical
with

• Distributed computing
• Parallel computing
• Pervasive computing

8
Who is building them?

• Demonstration SC98
• TransPac link from Internet2 to APAN
• NASA, DOE, DOD, NSF

9
The goal is to create

• A scalable, seamless extension of your access
  point
• through pervasive networks
• to a set of resources
• tied together by a set of ubiquitous common
  distributed services.

10
A scalable, seamless extension of your access
point through pervasive networks to a set of
resources tied together by common services.
11
Building on the Internet, the WWW

• Uniform naming
• A seamless, scalable information service
• A powerful new meta-data language XML
• SOAP - simple object access protocol -
• Uses XML for message encoding, HTTP for protocol.
• XML-RPC may become standard mechanism for Grid
  Services.

12
Useful links

• High Performance Computing Support
• http//www.indiana.edu/rac/hpc/
• Class Web Pages
• http//dpis.engr.iupui.edu/Courses/ee595.htm
• http//www.cs.indiana.edu/classes/b649/
• Laboratories
• http//www.iumsc.indiana.edu/
• http//www.engr.iupui.edu/cfdlab/
• http//www.indiana.edu/uits/hpnap/
• Indiana Pervasive Computing Research (IPCRES)
  Initiative
• http//www.indiana.edu/ovpit/ipcres/
• Grid Computing Info Centre (GRID Infoware)
• http//www.gridcomputing.com/
• EnterTheGrid
• http//www.hoise.com/enterthegrid/
• NASAs Information Power Grid
• http//www.nas.nasa,gov/About/IPG/ipg.html
• GriPhyN / ATLAS in NY Times
• http//www.nytimes.com/2000/09/28/technology/28NEX
  T.html

13
Web Service
14
What is web service?

• Web-based application architecture
• Main players and standards
• Microsoft .NET
• SUN Open Net Environment (ONE)
• IBM Web Service Conceptual Architecture (WSCA)
• W3C Web Service Workshop
• Oracle Web Service Broker
• Hewlett-Packard Web Service Platform

15
Web Services standards

• WSDL Web Services Description Language
  http//www.w3.org/TR/wsdl
• descriptions of Web Services
• UDDI Universal Discovery, Description
  Integration http//www.uddi.org/spec
  ification.html
• registries containing service descriptions
• SOAP Simple Object Access Protocol
  http//www.w3.org/TR/SOAP/
• transport protocol for communication between Web
  Services
• Emerging standards WSRP, WSIA, WSXL.

16
Simple Object Access Protocol (SOAP)

• A way for a program running in one kind of OS to
  communicate with a program in the same or another
  kind of OS by using HTTP and XML as the
  mechanisms for information exchange.
• SOAP specifies exactly how to encode an HTTP
  header and an XML file so that a program in one
  computer can call a program in another computer
  and pass it information. It also specifies how
  the called program can return a response.

17
IBM Web Services model
Service provider

WSDL SOAP
WSDL UDDI
Publish
Bind
Service requestor
Service registry
Find
WSDL UDDI
18
Service Registries

• UDDI Web Service standard
• Global public registry
• Private registries
• JISC Information Environment registry
• Grid Service registry
• Service type
• Service instance
• Functionality
• Registries are dynamic services
• Implement searching across multiple registries
• New Web Services compliant products ?

19
Metadata Schema Registries

• CORES http//www.cores-eu.net/
  a forum on shared metadata
  vocabularies.
• Standards Interoperability Forum in November
• A Metadata Registry for the Semantic Web
  Rachel Heery (UKOLN)
  Harry Wagner (OCLC) D-Lib May 2002
• Metadata for Education Group (MEG)
  http//www.ukoln.ac.uk/metadata/education/regproj/
  
• Demo of registry at Workshop in September
• 2nd Joint UKOLN / NeSC workshop Autumn 2002
• focussing on exchange of practical experience

20
Web Service security
21
Internet Week 3.29.2002

• Many companies have been caught by surprise by
  the lack of inherent security in Web services
  protocols.

• Surprise implies the mismatching expectation, and
  expectation implies knowledge or ignorance.

22
Security Facts

• Every security system is vulnerable
• Security can be difficult to implement and manage
• Security services consume resources
• Federation requires a flexible set of services

Time to Compromise
Complexity
23
What is XML Web Services?

• Standards based, modular messaging architecture
  to enable loosely-coupled computing
• Standards
• Define message composition
• Define message processing
• Will enable end-to-end messaging systems

Interoperability
24
Standards that enable End-to-End Web service
security

• Cryptography and Security Primer
• Ciphers (Can enable confidentiality)
• Key Distribution
• Digital Signatures (Can enables integrity)
• XML Signature
• Data Integrity
• Repudiation
• XML Encryption
• Encryption
• WS-Security

25
Cryptography Ciphers

• Asymmetric Cipher non-matching keys
• One key for encryption
• One key for decryption
• Does not require exchange of keys
• Examples
• RSA (variable key size)

Text
Ciphertext
Text
A
A
XX
26
Cryptography Key Agreement

• Synchronous
• Real-time key agreement e.g. exchange over HTTPS
• Asynchronous
• Off-line agreement
• Diffie-Hellman
• Used by XML Encryption

27
Digital Signatures

• Enables integrity and non-repudiation
• E-Sign Act, June 2000
• RSA, DSA or HMAC (symmetric key)
• Relies on Hashing
• InputRange(ADASADDAFA) OutputRange(XSDAD)
• Examples
• Secure Hash Algorithm (SHA)
• SHA1 creates a 20 byte digest of any binary data

Public Key
RSA Private Key
Text
Signed Digest
SHA
Digest
xsd.
A
xsd.
xsd.
A
28
XML Signature

• http//www.w3.org/TR/xmldsig-core/
• XML syntax used to represent a digital signature
  over any digital content
• Verified whether a message was altered during
  transit
• Enables non-repudiation
• Sign specific portions of the XML document or
  message
• One-way transformation via private key
• Defined schema

29
WS-Security 1.0

• A specification for proposed SOAP extensions to
  be used when building secure Web services.
• Supercedes the following specifications
• SOAP-SEC
• Microsofts WS-Security, WS-License
• IBMs security token and encryption
• Dependent upon XML DIGSIG, XML Encryption, XML
  Schema, SOAP
• Defined schema

30
WS-Security 1.0

• What Enhancements to SOAP
• Quality of protection
• Integrity
• Confidentiality
• Authentication
• Token Association
• Token Encoding
• Designed to be composed with other Web service
  protocols
• Is not a complete security solution

31
WS-Security 1.0

• Who
• Joint effort IBM, Microsoft, VeriSign
• When

WS-Federation
WS-Authorization
WS-Secure Conversation
WS-Policy
WS-Trust
WS-Privacy
WS-Security
Today
SOAP
Refer to Security Roadmap http//msdn.microsoft.
com/webservices
32
WS-Security 1.0

• Security Model
• Security Token Digital Signature Proof of Key
  Possession

Private Key
Claims Public Key
33
WS-Security 1.0

• Trust Model
• Security Token
• Unendorsed Not signed by an authority
• Proof-of-Possession claim that can be mutually
  verified
• Endorsed Signed by an authority

Signing Authority
34
WS-Security 1.0

• Protection
• Integrity XML Signature Security Tokens
• Confidentiality XML Encryption Security Tokens

35
WS-Security 1.0

• Core building blocks
• ltSecuritygt
• ltUsernameTokengt
• ltBinarySecurityTokengt
• ltSecurityTokenReferencegt
• ltdsKeyInfogt
• ltdsSignaturegt
• ltxencEncryptedData
• ltxencEcryptedKeygt
• Processing rules and error handling

36
Wrap-Up

• Resources
• WS-Security (http//msdn.microsoft.com/webservices
  )
• XML Security (Blake Dournaee RSA Press)
• Applied Cryptography Protocols, Algorithms, and
  Source Code in C, 2nd Edition (Bruce Schneier
  Wiley)
• CAPICOM (Refer to the Platform SDK)