XSEDE12

Tech: A Framework for Federated Two-Factor Authentication Enabling Cost-Effective Secure Access to Distributed Cyberinfrastructure

Abstract: As cyber attacks become increasingly sophisticated, the security measures used to mitigate the risks must also increase in sophistication.One time password (OTP) systems provide strong authentication because security credentials are not reusable, thus thwarting credential replay attacks. The credential changes regularly, making brute-forceattacks significantly more difficult. In high performance computing,end users may require access to resources housed at several differentservice provider locations. The ability to share a strong token betweenmultiple computing resources reduces cost and complexity. The National Science Foundation (NSF) Extreme Science and EngineeringDiscovery Environment (XSEDE) provides access to digital resources,including supercomputers, data resources, and software tools. XSEDE willoffer centralized strong authentication for services amongst serviceproviders that leverage their own user databases and security profiles.This work implements a scalable framework built on standards to providefederated secure access to distributed cyberinfrastructure.