[AG-TECH] AG Security
Ivan R. Judson
judson at mcs.anl.gov
Thu Jul 18 13:31:24 CDT 2002
There is never any guarantee (nor mechanism to detect, necessarily) if
someone is eavesdropping via multicast. However, if the streams are
encrypted, then you decrease the probability that eavesdroppers can gain
access to the data, related to the amount of effort and resources they
have to crack the crypto method you use.
On another note, the key distribution mechanism we use for the secure
room is a prototype. Yes it is cumbersome, no it isn't the way it
should be done. SecureID cards, key chain devices, or even biometric
sensors could be used to do key management or
identification/authentication. We haven't had to do that for 1.0, which
means we can focus on building 2.0 with those features in place (which
they are).
If you want to eliminate eavesdropping, the easiest mechanism is to use
a bridge, which has performance trade-offs.
--Ivan
..........
Ivan R. Judson .~. http://www.mcs.anl.gov/~judson
Futures Laboratory .~. 630 252 0920
Argonne National Laboratory .~. 630 252 6424 Fax
> -----Original Message-----
> From: owner-ag-tech at mcs.anl.gov
> [mailto:owner-ag-tech at mcs.anl.gov] On Behalf Of Allan Spale
> Sent: Thursday, July 18, 2002 1:24 PM
> To: ag-tech at mcs.anl.gov
> Subject: [AG-TECH] AG Security
>
>
> Hello,
>
> One of the questions today that I received during my
> presentation about the Access Grid concerned security.
> Specifically, how can one guarantee that no one can eavesdrop
> (video and/or audio) on an AG session. I am somewhat aware
> about the Secure Room and its purpose, but what other options
> are there? When I described this process, my explanation
> made this process of reserving this room seem cumbersome
> (i.e. having to specifically request use of the Secure Room
> as opposed to reserving a non-secure venue).
>
> The other idea I thought about was setting up an
> instituition-level venues server (Virtual Venues server
> software). If this was done, what assurances would there be
> to keep people from eavesdroping on the internal session.
>
> Taking this one step further, if there were shared
> applications used during a session (and I do not think
> exposing DPPT data streams would really matter, but for the
> sake of argument), it is more of the writers of the
> applications to provide their own security mechanism to
> assure that the data streams are secured?
>
> I would appreciate any people sharing their information with
> me. In this way, I can help address the security issue in a
> much better manner in any future AG presentation. Thanks.
>
>
> Allan
> EVL at UIC
> node-op
>
>
More information about the ag-tech
mailing list