User-Friendly Grid Security Architecture and Protocols

  • Liqun Chen
  • Hoon Wei Lim
  • Wenbo Mao
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4631)


We examine security protocols for the Grid Security Infrastructure (GSI) version 2 and identify a weakness of poor scalability as a result of GSI’s authentication framework requiring heavy interactions between a user-side client machine and resource suppliers. We improve the GSI architecture and protocols by proposing an alternative authentication framework for GSI, which uses dynamic public/private key pairs to avoid frequent communications to a significant extent. The improvement to the GSI security protocols is enabled by a novel application of an emerging cryptographic technique from bilinear pairings.


Security Protocols Grid Security Grid Security Infrastructure Public-key Authentication Framework Dynamic Public Keys 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Barreto, P.S.L.M., Kim, H.Y., Lynn, B., Scott, M.: Efficient algorithms for pairing-based cryptosystems. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 354–368. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  2. 2.
    Boneh, D., Gentry, C., Lynn, B., Shacham, H.: Aggregate and verifiably encrypted signatures frombilinear maps. In: Biham, E. (ed.) EUROCRPYT 2003. LNCS, vol. 2656, p. 416. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  3. 3.
    Boneh, D., Franklin, M.: Identity based encryption from the Weil pairing. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 213–229. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  4. 4.
    Cha, J.C., Cheon, J.H.: An identity-based signature from gap Diffie-Hellman groups. In: Desmedt, Y.G. (ed.) PKC 2003. LNCS, vol. 2567, pp. 18–30. Springer, Heidelberg (2002)Google Scholar
  5. 5.
    Cocks, C.: An Identity-Based Encryption Scheme Based on Quadratic Residues. In: Honary, B. (ed.) Cryptography and Coding. LNCS, vol. 2260, pp. 360–363. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  6. 6.
    Diffie, W., Hellman, M.E.: New directions in cryptography. IEEE Trans. Info. Theory IT-22(6), 644–654 (1976)CrossRefMathSciNetGoogle Scholar
  7. 7.
    Dodis, Y., Katz, J., Xu, S., Yung, M.: Key-Insulated Public Key Cryptosystems. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 65–82. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  8. 8.
    Foster, I., Kesselman, C.: The Grid: Blueprint for a New Computing Infrastructure. In: Computational Grids, ch. 2, pp. 15–51. Morgan Kaufmann, San Francisco (1999)Google Scholar
  9. 9.
    Foster, I., Kesselman, C., Tsudik, G., Tuecke, S.: A security architecture for Computational Grids. In: Proceedings of the 5th ACM Conference on Computer and Communications Security, pp. 83–92 (1998)Google Scholar
  10. 10.
    Foster, I., Kesselman, C., Tuecke, S.: The anatomy of the Grid: Enabling scalable virtual organizations. International Journal of High Performance Computing Applications 15(3), 200–222 (2001)CrossRefGoogle Scholar
  11. 11.
    Galbraith, S.D., Harrison, K., Soldera, D.: Implementing the Tate pairing. In: Fieker, C., Kohel, D.R. (eds.) Algorithmic Number Theory. LNCS, vol. 2369, pp. 324–337. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  12. 12.
    ITU-T. Rec. X.509 (revised) the Directory — Authentication Framework, International Telecommunication Union, Geneva, Switzerland (equivalent to ISO/IEC 9594-8:1995.) (1993)Google Scholar
  13. 13.
    Novotny, J., Tuecke, S., Welch, V.: An online credential repository for the Grid: MyProxy. In: HPDC-10 2001. Proceedings of the 10th IEEE International Symposium on High Performance Distributed Computing, pp. 104–111. IEEE Computer Society, Los Alamitos (2001)Google Scholar
  14. 14.
    Rivest, R.L., Shamir, A., Adleman, L.: A method for obtaining digital signatures and public-key cryptosystems. Communications of the ACM 21(2), 120–126 (1978)zbMATHCrossRefMathSciNetGoogle Scholar
  15. 15.
    Sakai, R., Kasahara, M.: ID based Cryptosystems with Pairing on Elliptic Curve. Cryptology ePrint Archive, Report 2003/054Google Scholar
  16. 16.
    Sakai, R., Ohgishi, K., Kasahara, M.: Cryptosystems Based on Pairing. In: The 2000 Symposium on Cryptography and Information Security, Okinawa, Japan (January 2000)Google Scholar
  17. 17.
    Sakai, R., Ohgishi, K., Kasahara, M.: Cryptosystems Based on Pairing over Elliptic Curve. In: The 2001 Symposium on Cryptography and Information Security, Oiso, Japan (January 2001) (In Japanese)Google Scholar
  18. 18.
    Shamir, A.: Identity-Based Cryptosystems and Signature Schemes. In: Blakely, G.R., Chaum, D. (eds.) CRYPTO 1984. LNCS, vol. 196, pp. 47–53. Springer, Heidelberg (1985)CrossRefGoogle Scholar
  19. 19.
    Tzeng, W., Tzeng, Z.: Robust Key-Evolving Public Key Encryption Schemes. In: Deng, R.H., Qing, S., Bao, F., Zhou, J. (eds.) ICICS 2002. LNCS, vol. 2513, pp. 61–72. Springer, Heidelberg (2002)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2007

Authors and Affiliations

  • Liqun Chen
    • 1
  • Hoon Wei Lim
    • 2
  • Wenbo Mao
    • 1
  1. 1.Hewlett-Packard Laboratories, Filton Road, Stoke Gifford, Bristol BS34 8QZUK
  2. 2.Information Security Group, Royal Holloway, University of London, Egham, Surrey TW20 0EXUK

Personalised recommendations