Enabling Grids for E-sciencE Distributed Key Management For Sensitive Data Joni Hahkala (HIP), John White (HIP), Ákos Frohner (CERN) and Kalle Happonen (HIP) ISGC'10, Taipei, Taiwan www.eu-egee.org EGEE-III INFSO- EGEE and gLite are registered trademarks RI-222667
Outline Enabling Grids for E-sciencE • Background • Hydra • Hydra in medical data management • Status EGEE-III INFSO-RI-222667 ISGC'10, Taipei, March 9th, 2010 2
Background Enabling Grids for E-sciencE • In some fields data security is imperative – Medical data – Financial data – Personal data • For example in Medical field the patient data should be – Anonymized – Encrypted In storage and during transfer – And access to both the files and metadata should be tightly controlled EGEE-III INFSO-RI-222667 ISGC'10, Taipei, March 9th, 2010 3
Encryption Enabling Grids for E-sciencE • Encryption gives more freedom – Unauthorized access to the file is not catastrophic Provided there is strong encryption • But how to encrypt? • Decryption should be possible – by only the owner – by a group defined by file level granularity • Authentication certificates are not good – Renewed each year → files lost – Revoked or pass-phrase lost → files lost – No group access • Symmetric keys are hard to manage – Big number of keys to manage if high granularity needed – User managed keys would easily lead to lost keys and thus files EGEE-III INFSO-RI-222667 ISGC'10, Taipei, March 9th, 2010 4
Key management Enabling Grids for E-sciencE • Central key storage is not so good – All eggs in one basket – Rogue sysadmin could access every file • Distributed key storage is better – Secret is shared, not enough to hack one server – Many sysadmins would have to cooperate to access the keys EGEE-III INFSO-RI-222667 ISGC'10, Taipei, March 9th, 2010 5
Hydra Enabling Grids for E-sciencE EGEE-III INFSO-RI-222667 ISGC'10, Taipei, March 9th, 2010 6
Hydra Enabling Grids for E-sciencE • Distributed key storage • Based on Shamir's Secret Sharing Scheme – ( k , n ) threshold scheme Have to know k parts out of n to reconstruct the key k -1 parts don't reveal any information of the secret – k -1 degree polynomial with n points calculated Need k points to reconstruct the polynomial – Mathematically proven that k -1 parts don't help in finding the key Information theoretic security • Fault tolerant – Only k out of n servers need to be up and running – For example (3, 5) configuration 2 servers may be down Need to crack 3 servers to get the key EGEE-III INFSO-RI-222667 ISGC'10, Taipei, March 9th, 2010 7
Hydra (2) Enabling Grids for E-sciencE • A key per file • Distributed to n preferably geographically and managerially separated servers • Access to each key controlled with access control list – Access for only owner or list of users – Access to list of groups (VOMS) • Not solution to everything – Vulnerable to credential compromise Proxies in many places Secure token service could help – Files need to be used WN will have access when computing, thus compromise there reveals the contents EGEE-III INFSO-RI-222667 ISGC'10, Taipei, March 9th, 2010 8
Storing file with Hydra Enabling Grids for E-sciencE 1. Generate key 2. Encrypt 3. Split key 4. Store parts to Hydra servers 5. Store file 6. (Store key ID to metadata catalog) EGEE-III INFSO-RI-222667 ISGC'10, Taipei, March 9th, 2010 9
Hydra in mediacal data mgmt Enabling Grids for E-sciencE • In EGEE the Hydra is integrated with the data management tools to produce Medical Data Manager (MDM) • Medical data comes from DICOM servers – Digital Imaging and Communications in Medicine (DICOM) – Standard for medical image and metadata format – Designed for hospital internal use – Should not be exposed to outside • DICOM to DPM trigger – Automatic encryption on the fly – Registration of metadata to metadata catalog and file info to LFC – Storage of key pieces into hydra using LFC GUID – Files registered to DPM as “nearline” need to be staged – Once fetched from DICOM DPM serves them normally Anonymized and encrypted during fetch EGEE-III INFSO-RI-222667 ISGC'10, Taipei, March 9th, 2010 10
Register DICOM files to Grid Enabling Grids for E-sciencE EGEE-III INFSO-RI-222667 ISGC'10, Taipei, March 9th, 2010 11
Access DICOM file Enabling Grids for E-sciencE EGEE-III INFSO-RI-222667 ISGC'10, Taipei, March 9th, 2010 12
Status Enabling Grids for E-sciencE • EGEE provides support – Mainly bug fixing and implementing feature requests • Service and clients implemented – Integrated clients for users – Trigger to register DICOM files – Recall daemon to access DICOM files • In use or being evaluated in medical research projects • Current version has some deployment bugs • New version entering certification – To get it into official gLite distribution • Future work depends on feature requests from users! https://twiki.cern.ch/twiki/bin/view/EGEE/DMEDS EGEE-III INFSO-RI-222667 ISGC'10, Taipei, March 9th, 2010 13
Recommend
More recommend
