Improved grid security posture through multi-factor authentication

Victor Hazlewood, Patricia Kovatch, Matthew Ezell, Matthew Johnson, Patti Redd

Research output: Contribution to conferencePaperpeer-review

4 Scopus citations

Abstract

While methods of securing communication over the Internet have changed from clear text to secure encrypted channels over the last decade, the basic username-password combination for authentication has remained the mainstay in academic research computing and grid environments. Security incidents affecting grids, such as the TeraGrid stakkato incident of 2004 and 2005, has demonstrated that the use of reusable passwords for authentication can be readily exploited and can lead to a widespread security incident across the grid [1,2]. The University of Tennessee's National Institute for Computational Sciences (NICS) founded in 2008 has provided resources to the TeraGrid, including Kraken, a 1.17 petaflops Cray XT5, and has implemented and promoted the use of multi-factor authentication mechanisms since its founding. The benefits of use of this stronger authentication method has been higher productivity and resource availability for users due to no known user account compromises caused by stolen NICS user credentials that led to disabling accounts or system resources. NICS has been developing and experimenting with expanding our use of multi-factor authentication to the grid. NICS has integrated multi-factor authentication with our certificate authority so that users can now run my proxy and receive a multi-factor authenticated certificate. NICS is also exploring the federation of multi-factor authentication systems, with the goal of "one user, one token". This is especially important, as new grid resources, such as Blue Waters, will only allow multi-factor authentication, and we want the users to only carry one token, not many tokens. XSEDE, the TeraGrid successor, will also be deploying multi-factor authentication in addition to the other existing authentication methodologies. XSEDE will also work closely with science gateways and workflows to develop and maintain secure frameworks for the highest level of security possible.

Original languageEnglish
Pages106-113
Number of pages8
DOIs
StatePublished - 2011
Externally publishedYes
Event12th IEEE/ACM International Conference on Grid Computing, Grid 2011 - Lyon, France
Duration: Sep 22 2011Sep 23 2011

Conference

Conference12th IEEE/ACM International Conference on Grid Computing, Grid 2011
Country/TerritoryFrance
CityLyon
Period09/22/1109/23/11

Keywords

  • GSI
  • MyProxy
  • federation of multi-factor authentication systems
  • one-time password
  • password
  • security

Fingerprint

Dive into the research topics of 'Improved grid security posture through multi-factor authentication'. Together they form a unique fingerprint.

Cite this