Advertisement

User-Friendly Grid Security Architecture and Protocols

  • Liqun Chen
  • Hoon Wei Lim
  • Wenbo Mao
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4631)

Abstract

We examine security protocols for the Grid Security Infrastructure (GSI) version 2 and identify a weakness of poor scalability as a result of GSI’s authentication framework requiring heavy interactions between a user-side client machine and resource suppliers. We improve the GSI architecture and protocols by proposing an alternative authentication framework for GSI, which uses dynamic public/private key pairs to avoid frequent communications to a significant extent. The improvement to the GSI security protocols is enabled by a novel application of an emerging cryptographic technique from bilinear pairings.

Keywords

Security Protocols Grid Security Grid Security Infrastructure Public-key Authentication Framework Dynamic Public Keys 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Barreto, P.S.L.M., Kim, H.Y., Lynn, B., Scott, M.: Efficient algorithms for pairing-based cryptosystems. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 354–368. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  2. 2.
    Boneh, D., Gentry, C., Lynn, B., Shacham, H.: Aggregate and verifiably encrypted signatures frombilinear maps. In: Biham, E. (ed.) EUROCRPYT 2003. LNCS, vol. 2656, p. 416. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  3. 3.
    Boneh, D., Franklin, M.: Identity based encryption from the Weil pairing. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 213–229. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  4. 4.
    Cha, J.C., Cheon, J.H.: An identity-based signature from gap Diffie-Hellman groups. In: Desmedt, Y.G. (ed.) PKC 2003. LNCS, vol. 2567, pp. 18–30. Springer, Heidelberg (2002)Google Scholar
  5. 5.
    Cocks, C.: An Identity-Based Encryption Scheme Based on Quadratic Residues. In: Honary, B. (ed.) Cryptography and Coding. LNCS, vol. 2260, pp. 360–363. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  6. 6.
    Diffie, W., Hellman, M.E.: New directions in cryptography. IEEE Trans. Info. Theory IT-22(6), 644–654 (1976)CrossRefMathSciNetGoogle Scholar
  7. 7.
    Dodis, Y., Katz, J., Xu, S., Yung, M.: Key-Insulated Public Key Cryptosystems. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 65–82. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  8. 8.
    Foster, I., Kesselman, C.: The Grid: Blueprint for a New Computing Infrastructure. In: Computational Grids, ch. 2, pp. 15–51. Morgan Kaufmann, San Francisco (1999)Google Scholar
  9. 9.
    Foster, I., Kesselman, C., Tsudik, G., Tuecke, S.: A security architecture for Computational Grids. In: Proceedings of the 5th ACM Conference on Computer and Communications Security, pp. 83–92 (1998)Google Scholar
  10. 10.
    Foster, I., Kesselman, C., Tuecke, S.: The anatomy of the Grid: Enabling scalable virtual organizations. International Journal of High Performance Computing Applications 15(3), 200–222 (2001)CrossRefGoogle Scholar
  11. 11.
    Galbraith, S.D., Harrison, K., Soldera, D.: Implementing the Tate pairing. In: Fieker, C., Kohel, D.R. (eds.) Algorithmic Number Theory. LNCS, vol. 2369, pp. 324–337. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  12. 12.
    ITU-T. Rec. X.509 (revised) the Directory — Authentication Framework, International Telecommunication Union, Geneva, Switzerland (equivalent to ISO/IEC 9594-8:1995.) (1993)Google Scholar
  13. 13.
    Novotny, J., Tuecke, S., Welch, V.: An online credential repository for the Grid: MyProxy. In: HPDC-10 2001. Proceedings of the 10th IEEE International Symposium on High Performance Distributed Computing, pp. 104–111. IEEE Computer Society, Los Alamitos (2001)Google Scholar
  14. 14.
    Rivest, R.L., Shamir, A., Adleman, L.: A method for obtaining digital signatures and public-key cryptosystems. Communications of the ACM 21(2), 120–126 (1978)zbMATHCrossRefMathSciNetGoogle Scholar
  15. 15.
    Sakai, R., Kasahara, M.: ID based Cryptosystems with Pairing on Elliptic Curve. Cryptology ePrint Archive, Report 2003/054Google Scholar
  16. 16.
    Sakai, R., Ohgishi, K., Kasahara, M.: Cryptosystems Based on Pairing. In: The 2000 Symposium on Cryptography and Information Security, Okinawa, Japan (January 2000)Google Scholar
  17. 17.
    Sakai, R., Ohgishi, K., Kasahara, M.: Cryptosystems Based on Pairing over Elliptic Curve. In: The 2001 Symposium on Cryptography and Information Security, Oiso, Japan (January 2001) (In Japanese)Google Scholar
  18. 18.
    Shamir, A.: Identity-Based Cryptosystems and Signature Schemes. In: Blakely, G.R., Chaum, D. (eds.) CRYPTO 1984. LNCS, vol. 196, pp. 47–53. Springer, Heidelberg (1985)CrossRefGoogle Scholar
  19. 19.
    Tzeng, W., Tzeng, Z.: Robust Key-Evolving Public Key Encryption Schemes. In: Deng, R.H., Qing, S., Bao, F., Zhou, J. (eds.) ICICS 2002. LNCS, vol. 2513, pp. 61–72. Springer, Heidelberg (2002)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2007

Authors and Affiliations

  • Liqun Chen
    • 1
  • Hoon Wei Lim
    • 2
  • Wenbo Mao
    • 1
  1. 1.Hewlett-Packard Laboratories, Filton Road, Stoke Gifford, Bristol BS34 8QZUK
  2. 2.Information Security Group, Royal Holloway, University of London, Egham, Surrey TW20 0EXUK

Personalised recommendations