Information Technology Reference
In-Depth Information
assumption that the members are no longer part
of the network.
exchange (Asokan and Ginzboorg, 2000), or
through initial distribution of credentials.
The attacks mentioned above can be thwarted
by the use of digital certificates that the nodes may
have obtained a priori from some trusted Authen-
tication Servers (ASs). Using such certificates and
knowledge of the AS public key, the grid nodes
and stations can authenticate each other and sign
their messages even when the AS is not reachable.
Further work is needed to evaluate all possible
security mechanisms.
Policy Management:
Since the end-devices
or nodes can be power constrained, one cannot
assume that the devices are capable of running
complex protocols such as Lightweight Direc-
tory Access Protocol (LDAP) or Common Open
Policy Service (COPS). The technical aspects of
policy management, such as privileges and access
to resources, can be potentially handled through
the root stations and the base stations. The RS
should be capable of not only handling the resource
intensive protocols but also maintaining the latest
information on the nodes in the network and their
capabilities. RS could maintain the policy database
that could be populated manually or through a
messaging mechanism between the nodes and the
RS. When a node leaves the local grid, the policies
relevant to the node are discarded. Similarly, when
a new node enters the local grid, it can configure
its policies on the RS through lightweight mes-
saging. Alternatively, the policies could be pre-
configured on the RS based on a classification of
the resources into one of several classes, i.e., low
power resource class, highly secure class, etc. This
means that the devices, when they register must
also communicate their capabilities.
Similar to the RS, a base station (BS) for
centralized control can be envisaged for the en-
terprise or the virtual organization with intra-grid
architecture. For an inter-grid, two or more BSs
need to interact in order to conform to end-to-end
Quality of Service guarantees while traversing
across multiple enterprises.
Other Considerations
Redundancy:
We have assumed that there is
only one RS per AO and only one BS per VO.
However, depending on the size of the network
and the distances between the components there
can be several RSs per AO and several BSs per
VO to facilitate address assignment and resource
discovery. This will also be important in order to
increase the throughput capacity of the network
(Liu et. al., 2003). The concept of electing a new
leader when the group DNS server leaves the
group (Huck et. al., 2002) could be extended to
the network of RS or BS nodes that communicate,
share and manage hand-offs across boundaries. In
the case where one RS or BS leaves the group, a
pre-configured secondary BS can take over the
concerned responsibility automatically.
Security Issues:
Throughout our discussions
we have assumed that nodes or the stations do not
operate in a malicious. A rogue node or a station
can manipulate the configuration of the network.
By such actions, the rogue node can corner a
number of addresses, making them unavailable
for other nodes that may wish to join the AO.
Subsequently, the rogue node can also respond on
behalf of the phantom nodes making it difficult
to clean up their addresses. If IP addresses are in
short supply, such an action can prevent some
bona-fide nodes from joining the AO. Also, the
rogue node can significantly overload the system
by generating several requests within a short time.
It is also possible for a malicious node to gener-
ate exit messages for nodes that are still part of
the network.
Many approaches assume the existence of a
Security Association (SA) between the end hosts,
which choose to employ a secure communication
scheme and, consequently, need to authenticate
each other (Papadimitratos and Haas, 2002). This
SA could have been established via a secure key
Search WWH ::
Custom Search