Home -> Toolkit -> Docs -> 3.2 -> Gsi -> Key	Website Email Lists Search:

This information is for a release that is no longer supported by the Globus Toolkit. The currently supported versions of the Globus Toolkit are 4.2 (recommended) and 4.0.

GSI: Key Concepts

Overview
>Enhanced Security Features
Glossary

Enhanced Security Features

A number of sources have recently raised concerns about the security of systems that use SSL (the Secure Socket Layer). These concerns are based on a number of well-known attacks that can be made on such systems.

One such article points out that SSH and SSL as commonly in use today are mainly focused on protection of data in flight and are not focused on truly identifying end-points. Given this form of implementation, the emergence of the dsniff toolkit makes it easier to thwart the security of connections with these protocols by impersonating endpoints and making the security provided by encryption meaningless.

The well-known attacks outlined by this article are:

When using SSL on the web, servers that don't use a certificate signed by a trusted CA are vulnerable to man-in-the-middle attacks.
Most people browsing the web do not use a personal certificate to authenticate themselves so cannot prove that web-based transactions were actually conducted by them or not.
When using SSH, if the user is connecting to a new host or to a host whose host key has changed, they have no way of verifying the host key to be genuine, leaving themselves open to a man-in-the-middle attack.

GSI addresses all the attacks outlined above by using trusted CAs and mutual authentication. If properly installed, maintained and used, GSI is not susceptible to the man in the middle attacks described in this article. By having trusted CA issue certificates for all servers and users and requiring mutual authentication, all parties can have confidence in the identity of whom they are interacting with.

The problem of unknown sshd host keys is handled as part of the GSI-SSH protocol by hashing the sshd host key, signing the result with the GSI host certificate on the sshd host and sending this to the client. With this information, the client now has the means to verify that a host key belongs to the host it is connecting to and detect an attacker in the middle.

The conclusions of this article are to install IPsec and DNSSEC. Both are good things that can be used to improve the protection provided by GSI. DNSSEC helps make the key management (certificate issuance) harder to subvert, making certificates a more reliable identifier, and also makes DNS spoofing harder. IPsec makes man-in-the-middle attacks harder by denying IP spoofing, though trusted certificates and mutual authentication used by GSI already serve to prevent this.