Although I'm not a site, I'll give my opinion. (The SCG chair is
currently rotated to me anyway.)
I do not think this is an appropriate activity for the biomed VO, and I
think it is stretching credibility for the user to say they are trying
to find how long it would take to break a 768 bit code because the
biomed has the most severe security needs.
Having said that, it is encouraging that when someone is trying to break
RSA codes it got noticed by sites and the activity was stopped by many.
This means I hope that if a user were to try and break codes in a more
malicious way, e.g. to break a bank's certificate there is a fair chance
it would be spotted. :-)
Maybe should add to one of the policy documents (not sure which one)
something on the lines that users must not use resources to crack
certificates or for any other research into circumventing security
unless this is specifically allowed by the VO operations Policy.
Possibly add to VO operations policy that members must not do this
unless it is specifically allowed in the policy.
Linda
> -----Original Message-----
> From: Testbed Support for GridPP member institutes [mailto:TB-
> [log in to unmask]] On Behalf Of Graeme Stewart
> Sent: 01 November 2007 11:04
> To: [log in to unmask]
> Subject: Re: Heinz' Challenge
>
> On 1 Nov 2007, at 10:37, Coles, J (Jeremy) wrote:
>
> > Dear All
> >
> > I have further information on the code use and why the user thought
> > biomed an appropriate VO for it:
> >
> > " The main idea is to factor prime numbers in order to show how
> > long it
> > would take to break a 768-bit code (also referred to as "sieving").
> > Since PKI certificates use 1024 or 2048 bit codes, and biomed has
> > typically the most severe security, I thought it would be fine to
use
> > the VO for that. However, if people do not agree with that opinion,
> > I'm happy to explore other solutions.
> >
> > Seems that some people were concerned since they thought that there
> > might be a price in USD awarded if a code is cracked. This is
> > _not_ the
> >
> > case, and the sieving exercise is pure computer science research."
>
> Biomed are not a computer science VO. Again, from the biomed card on
> the CIC portal:
>
> "These VO covers the areas related to health sciences. Currently, it
> is divided in 3 sectors: medical imaging, bioinformatics and drug
> discovery."
>
> Honestly, saying that biomed have security concerns s a fig leaf over
> what was clearly an activity well outside the VO's remit.
>
> It sounds to me like the biomed VO (which has received wide support
> in the EGEE project) have been just as much abused as the sites.
> (Which is why we didn't ban the VO.)
>
> >
> > For this work Heinz has been working with Proj. Lenstra from the
EPFL,
> > one of the most well-known persons in the field of cryptography and
> > number sieving.
> >
> > And on the method employed:
> >
> > " ... one more point on number sieving. It is not "brute force" but
it
> > involves complex algorithms that reduces the actual run time of the
> > overall "challenge". One result of the work can be new more
efficient
> > sieving algorithms: important for PKI and GSI".
> >
> > The question now coming from within the biomed VO is whether based
on
> > this explanation sites would re-authorise the user or whether an
> > alternative route needs to be found for the activity - such as the
> > setting up of a new VO. Though I can probably guess your replies you
> > should let me know your opinions. Since we are not working in
> > isolation,
> > once I've got a feel for the response here I will push the matter
> > to the
> > ROC manager's for further discussion.
>
> Let me state in the strongest possible terms, this is clearly not a
> legitimate activity for the biomed VO as currently constituted.
>
> Either they change the nature of the VO, and we will consider whether
> we want to continue to support them in their different guise, or they
> set-up a new VO.
>
> Graeme
>
> >
> > Jeremy
> >
> >
> >
> >> -----Original Message-----
> >> From: Testbed Support for GridPP member institutes [mailto:TB-
> >> [log in to unmask]] On Behalf Of Alessandra Forti
> >> Sent: 01 November 2007 09:33
> >> To: [log in to unmask]
> >> Subject: Re: Heinz' Challenge
> >>
> >> Hi Jeremy,
> >>
> >> I'm not sure biomed was aware of this. I don't have those jobs on
my
> >> cluster and I was keen to give Heinz the benefit of the doubt as I
> >> met
> >> him and seemed a reasonable guy. But this is even worst than I
> > expected.
> >> Since it comes from the management and violates all the rules of
> >> trust
> >> that this grid is built upon. I mean so long for policies and AUPs.
> > They
> >> couldn't do more damage.
> >>
> >> I also agree with Kostas that "Sorry" is not enough.
> >>
> >> cheers
> >> alessandra
> >>
> >> Coles, J (Jeremy) wrote:
> >>> Hi Kostas/Graeme/All
> >>>
> >>> I agree that this needs to be escalated and it will be. First
though
> > I
> >>> would like biomed representatives and Heinz to explain/respond - I
> > can
> >>> not think of a justification on their side but that does not mean
> > there
> >>> isn't one. Once everyone has responded directly (or if the ticket
> > goes
> >>> without a proper response) then it can be taken further.
> > Tier-2s/sites
> >>> are of course able to decide themselves if they wish to take more
> >>> immediate action as some have already done.
> >>>
> >>> Regards,
> >>> Jeremy
> >>>
> >>>
> >>>
> >>>> -----Original Message-----
> >>>> From: Testbed Support for GridPP member institutes [mailto:TB-
> >>>> [log in to unmask]] On Behalf Of Kostas Georgiou
> >>>> Sent: 01 November 2007 02:19
> >>>> To: [log in to unmask]
> >>>> Subject: Re: Heinz' Challenge
> >>>>
> >>>> On Thu, Nov 01, 2007 at 12:19:26AM +0000, Graeme Stewart wrote:
> >>>>
> >>>>> From the CIC portal, biomed described itself as:
> >>>>>
> >>>>> "These VO covers the areas related to health sciences.
Currently,
> > it
> >>>>> is divided in 3 sectors: medical imaging, bioinformatics and
drug
> >>>>> discovery."
> >>>>>
> >>>>> We support the VO for it to engage in _that_ work, and we're
happy
> >>> to
> >>>>> have done work related to malaria, avian flu, etc. However, I
> > don't
> >>>>> see anything about rsa768 factorisation.
> >>>>>
> >>>>> So, this is, to my mind, even worse. This is not just Heinz
being
> > a
> >>>>> loose cannon, but sites being conned by top level EGEE
management
> >>>>> into running jobs to which they had in no way agreed to run.
> >>>>>
> >>>>> The problem was then exacerbated by the way that Heinz wrote the
> >>>>> code, which resulted in biomed being able to grab far more of
> > many,
> >>>>> many clusters in the UK than was reasonable. (And so much for
EGEE
> >>>>> promoting push model RBs - just send in the pilots and watch our
> >>>>> fairsharing go all to hell.)
> >>>> This is exactly what I was going to say (better worded and
probably
> >>> far
> >>>> more polite though).
> >>>>
> >>>>> Frankly, as the UK, I think we should give them a bloody rocket
> > for
> >>>>> this. They've shown huge disrespect to sites - and how on earth
> > can
> >>>>> they expect other EGEE users and VOs to play by the rules when
> > then
> >>>>> engage in such a gross violation of our trust?
> >>>> ...
> >>>>> We haven't banned biomed - we've banned Heinz. And I am in no
> > hurry
> >>>>> to unban him. I'd expect an apology at the very least, as well
as
> > an
> >>>>> assurance that this will not happen again.
> >>>> People should keep in mind that we are going to have similar
cases
> > in
> >>>> the future. If our responce today is going to be "a sorry is
> > enough"
> >>>> what is going to stop the next user doing the same thing tomorrow
> >>>> considering how hard it is for us to spot an abuse? Unless there
is
> >>>> a strong repsonce people will think "If I am not found (quite
> > likely)
> >>>> great, if I am found a sorry will solve everything".
> >>>>
> >>>> Cheers,
> >>>> Kostas
> >>>>
> >>>> PS> BTW if the management agrees that breaking rsa768 is fine
then
> >>> I'll
> >>>> have a go as well or is it only Heinz/biomed that can have a go?
> >>>
> >>
> >> --
> >> ***********************************
> >> * Alessandra Forti *
> >> * NorthGrid Technical Coordinator *
> >> * University of Manchester *
> >> ***********************************
>
> --
> Dr Graeme Stewart - http://wiki.gridpp.ac.uk/wiki/User:Graeme_stewart
> ScotGrid - http://www.scotgrid.ac.uk/ http://scotgrid.blogspot.com/
|