Security and Trust in a Global Research Infrastructure

Security and Trust in a Global Research Infrastructure

Jens Jensen (Science and Technology Facilities Council, UK) and David L. Groep (National Institute for Subatomic Physics, the Netherlands)
DOI: 10.4018/978-1-61350-116-0.ch022
OnDemand PDF Download:


Modern science increasingly depends on international collaborations. Large instruments are expensive and have to be funded by several countries, and they generate very large volumes of data that must be archived and analysed. Scientific research infrastructures, e-Infrastructures, or cyber infrastructures support these collaborations and many others. In this chapter we look at the issue of trust for such infrastructures, particularly when scaling up from a small one. This growth can be “natural,” as more researchers are added, but can also be dramatic if whole new communities are added, possibly with different requirements. Our focus is on authentication, since for most realistic infrastructures, authentication is the foundation upon which further security is built. Our aim has been to focus on real-life experiences and examples, distilling them into practical advice.
Chapter Preview


Science and research are increasingly becoming global: where researchers previously only communicated by email, they now collaborate closely across national boundaries using supporting e-infrastructures or cyber infrastructures. For a small group of researchers sharing few resources, it is fairly easy to establish a trusted relationship between the users and the resources: for example by getting everyone together in the same room and hand out passwords. It becomes much more difficult to establish and maintain these relationships when the group grows, when many other resources are added, or when the resources need higher levels of protection (e.g. if accessing sensitive data or controlling an instrument.)

This chapter looks at the challenges in scaling up from small infrastructures to large ones. Our emphasis is more on human processes than technology: ultimately trust is between humans, supported by processes and policies; the role of technology is to mediate the trust in a distributed infrastructure. Purely technological proposals for scaling to larger infrastructures have been studied elsewhere, e.g. identity based encryption (Shamir, 1984), or more recently, building PKI (Public Key Infrastructure) with secure “mediators” (Boneh, 2001; Vanrenen, Smith, & Marchesini, 2005) these and others will not be pursued here. When we need to cover aspects of commonly used technology, we do so to assess how much it can help scale the trust infrastructure.

In addition to being “sociological,” our overall aim is highly practical: we focus on processes and technology which are known to work on a global scale.

A high level outline of this chapter is as follows:

  • 1.


  • 2.

    A discussion of the participants and their trust relationships.

  • 3.

    Investigating scalability issues.

  • 4.

    A discussion of issues and controversies.

  • 5.

    Practical advice for people seeking to scale a trust infrastructure.

  • 6.

    Future directions.


Participants And Security Goals

Let us first look at the simplest case mentioned in the introduction: a group of users accessing a shared resource. They may use a password to authenticate to the resource, and the password can be reset using their email address if they forget it. e-Commerce (see Example 1 and Anderson (2008, sec. 10.5) for further discussion) is similar. In both cases, we have a group of users who interact only with the resource, not with each other.

  • Example 1. Doohickey Inc sells widgets on the Internet.

  • Alice signs up and gets a password mailed to her. She uses the password to log in and buy widgets using her credit card. Each time Alice logs in, she sees her account and can track her order. If she forgets her password, she clicks a reset button and a new (possibly temporary) password is sent to her email account.

The need for security is not high because the account is used mainly for presentation purposes (unless the server remembers her credit card details and no additional checks are performed!)

Security in this case appears to be symmetric, being based on a secret shared between the user and the resource, namely the password1. (The trust relationship need not be symmetric, though, as we shall see in sections Resources and Scalability of the Infrastructure.)

Key Terms in this Chapter

Authentication: In the context of this chapter, authentication refers to the process of establishing that a usually remote entity is who or what they claim to be (cf. (Chokhani, S., et al, 2003), section 2.) Authentication of an entity to a verifier usually involves the presentation of an identity token, along with a verification by the verifier of the validity of the token, as well as a check that the entity is the one named in the token. A real-life example is presenting a passport to an immigration official, who will check that it is a valid passport and compare the picture with the person presenting the passport. Cf. identification, below.

Identification: “Establishing that a given name of an individual or organization corresponds to a real-world identity of an individual or organization, and establishing that an individual or organization applying for or seeking access to something under that name is, in fact, the named individual or organization” (Chokhani, S., et al, 2003, section 2.) As an example, consider an application for a passport: if you have had one before, it may be sufficient to show it; otherwise a documented process is used to verify your name and the likeness of a recent photo. (Once the passport is issued, another process needs to ensure that it is delivered to you, the applicant.) An example of the second half of the definition is if you pick up a package (in your name) at the post office, and use the passport to prove that you are the person to whom the package is addressed.

Policy: In the context of this chapter, a policy is a published statement describing any or all of infrastructure, community, participants, methods, obligations, requirements, jurisdictions, etc., sufficient for a participant to determine the trustworthiness of the publisher. For example, a federation of identity providers (a special case of the hub in section 3) may have a policy that all users shall have individual identity tokens (i.e. tokens must not be shared.) Some identity providers (i.e. token issuers) within the federation may further require that the tokens carry a reasonable resemblance of the token owner’s name. The policy of the federation, and possibly the individual providers, should be sufficient for a resource provider to determine the LoA (see above) of the federation and whether it is sufficient; possibly they will accept tokens only from the providers that issue named tokens. Of course, it is necessary that a participant with a policy follow the policy – an audit may be required to assuage the resource provider.

Level of Assurance: (LoA): The LoA is an attempt to measure of the overall strength of the assertions made in the infrastructure (section 2.5.3.) An infrastructure managing public data does not usually need a high LoA; if it manages personal data it needs a much higher one; if it manages state secrets, it needs a higher one still. See (Bolten, J.B., 2003) for an overview, and (Burr, Polk, & Dodson, 2006.) for further details.

Trusted Third Party: An intermediary whose role in the infrastructure is to establish or mediate trust, and, possibly, verify the trustworthiness (i.e. reputation) of other participants.

Trust: The word “trust” has several meanings (section 3); the ones relevant to this chapter are the belief in the honesty and reliability of, or confidence in, some other party. For example, Alice feels confident lending Bob her car because she trusts that he will return it and she has confidence he will drive well. See also

Scalability: Scalability refers to the ability of the trusted infrastructure to scale, usually in terms of the number of participants. A secondary aspect of scalability is scaling geographically, as scaling beyond national boundaries often poses certain problems. As discussed in section 3, scalability should be seen from the perspective of the individual participant making bilateral trust decisions, as well as the total scale of the infrastructure and its ability to grow. It is the purpose of this chapter to give guidelines for building trusted infrastructures that will grow to a global scale.

Complete Chapter List

Search this Book:
Editorial Advisory Board
Table of Contents
Joanna Leng, Wes Sharrock
Chapter 1
Gabriele Jost, Alice E. Koniges
The upcoming years bring new challenges in high-performance computing (HPC) technology. Fundamental changes in the building blocks of HPC hardware... Sample PDF
Hardware Trends and Implications for Programming Models
Chapter 2
Ivan Girotto, Robert M. Farber
This chapter focuses on the technical/commercial dynamics of multi-threaded hardware architecture development, including a cost/benefit account of... Sample PDF
Multi-Threaded Architectures: Evolution, Costs, Opportunities
Chapter 3
Domingo Benitez
Many accelerator-based computers have demonstrated that they can be faster and more energy-efficient than traditional high-performance multi-core... Sample PDF
High-Performance Customizable Computing
Chapter 4
Rasit O. Topaloglu, Swati R. Manjari, Saroj K. Nayak
Interconnects in semiconductor integrated circuits have shrunk to nanoscale sizes. This size reduction requires accurate analysis of the quantum... Sample PDF
High-Performance Computing for Theoretical Study of Nanoscale and Molecular Interconnects
Chapter 5
Prashobh Balasundaram
This chapter presents a study of leading open source performance analysis tools for high performance computing (HPC). The first section motivates... Sample PDF
Effective Open-Source Performance Analysis Tools
Chapter 6
David Worth, Chris Greenough, Shawn Chin
The purpose of this chapter is to introduce scientific software developers to software engineering tools and techniques that will save them much... Sample PDF
Pragmatic Software Engineering for Computational Science
Chapter 7
Diane Kelly, Daniel Hook, Rebecca Sanders
The aim of this chapter is to provide guidance on the challenges and approaches to testing computational applications. Testing in our case is... Sample PDF
A Framework for Testing Code in Computational Applications
Chapter 8
Judith Segal, Chris Morris
There are significant challenges in developing scientific software for a broad community. In this chapter, we discuss how these challenges are... Sample PDF
Developing Software for a Scientific Community: Some Challenges and Solutions
Chapter 9
Fumie Costen, Akos Balasko
The computational architecture of Enabling Grids for E-sciencE is introduced as it made our code porting very challenging, and the discussion... Sample PDF
Opportunities and Challenges in Porting a Parallel Code from a Tightly-Coupled System to the Distributed EU Grid, Enabling Grids for E-sciencE
Chapter 10
Abid Yahya, Farid Ghani, R. Badlishah Ahmad, Mostafijur Rahman, Aini Syuhada, Othman Sidek, M. F. M. Salleh
This chapter presents performance of a new technique for constructing Quasi-Cyclic Low-Density Parity-Check (QC-LDPC) encrypted codes based on a row... Sample PDF
Development of an Efficient and Secure Mobile Communication System with New Future Directions
Chapter 11
Hubertus J. J. van Dam
Quantum chemistry was a compute intensive field from the beginning. It was also an early adopter of parallel computing, and hence, has more than... Sample PDF
Parallel Quantum Chemistry at the Crossroads
Chapter 12
Marc Hafner, Heinz Koeppl
With the advances in measurement technology for molecular biology, predictive mathematical models of cellular processes come in reach. A large... Sample PDF
Stochastic Simulations in Systems Biology
Chapter 13
C. T. J. Dodson
Many real processes have stochastic features which seem to be representable in some intuitive sense as `close to Poisson’, `nearly random’, `nearly... Sample PDF
Some Illustrations of Information Geometry in Biology and Physics
Chapter 14
Stefania Tomasiello
Though relatively unknown, the Differential Quadrature Method (DQM) is a promising numerical technique that produces accurate solutions with less... Sample PDF
DQ Based Methods: Theory and Application to Engineering and Physical Sciences
Chapter 15
Marco Evangelos Biancolini
Radial Basis Functions (RBF) mesh morphing, its theoretical basis, its numerical implementation, and its use for the solution of industrial... Sample PDF
Mesh Morphing and Smoothing by Means of Radial Basis Functions (RBF): A Practical Example Using Fluent and RBF Morph
Chapter 16
Joanna Leng, Theresa-Marie Rhyne, Wes Sharrock
This chapter focuses on state of the art at the intersection of visualization and CSE. From understanding current trends it looks to future... Sample PDF
Visualization: Future Technology and Practices for Computational Science and Engineering
Chapter 17
Peter Sarlin
Since the 1980s, two severe global waves of sovereign defaults have occurred in less developed countries (LDCs): the LDC defaults in the 1980s and... Sample PDF
Visualizing Indicators of Debt Crises in a Lower Dimension: A Self-Organizing Maps Approach
Chapter 18
Iain Barrass, Joanna Leng
Since infectious diseases pose a significant risk to human health many countries aim to control their spread. Public health bodies faced with a... Sample PDF
Improving Computational Models and Practices: Scenario Testing and Forecasting the Spread of Infectious Disease
Chapter 19
Eldon R. Rene, Sung Joo Kim, Dae Hee Lee, Woo Bong Je, Mirian Estefanía López, Hung Suck Park
Sequencing batch reactor (SBR) is a versatile, eco-friendly, and cost-saving process for the biological treatment of nutrient-rich wastewater, at... Sample PDF
Artificial Neural Network Modelling of Sequencing Batch Reactor Performance
Chapter 20
Joanna Leng, Wes Sharrock
Computational Science and Engineering (CSE) is an emerging, rapidly developing, and potentially very significant force in changing scientific... Sample PDF
The State of Development of CSE
Chapter 21
Kerstin Kleese van Dam, Mark James, Andrew M. Walker
This chapter describes the key principles and components of a good data management system, provides real world examples of how these can be... Sample PDF
Integrating Data Management and Collaborative Sharing with Computational Science Research Processes
Chapter 22
Jens Jensen, David L. Groep
Modern science increasingly depends on international collaborations. Large instruments are expensive and have to be funded by several countries, and... Sample PDF
Security and Trust in a Global Research Infrastructure
Chapter 23
Matt Ratto
Computational science and engineering (CSE) technologies and methods are increasingly considered important tools for the humanities and are being... Sample PDF
CSE as Epistemic Technologies: Computer Modeling and Disciplinary Difference in the Humanities
Chapter 24
Phillip L. Manning, Peter L. Falkingham
Dinosaurs successfully conjure images of lost worlds and forgotten lives. Our understanding of these iconic, extinct animals now comes from many... Sample PDF
Science Communication with Dinosaurs
About the Contributors