Abstract
We examine security protocols for the Grid Security Infrastructure (GSI) version 2 and identify a weakness of poor scalability as a result of GSI’s authentication framework requiring heavy interactions between a user-side client machine and resource suppliers. We improve the GSI architecture and protocols by proposing an alternative authentication framework for GSI, which uses dynamic public/private key pairs to avoid frequent communications to a significant extent. The improvement to the GSI security protocols is enabled by a novel application of an emerging cryptographic technique from bilinear pairings.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Barreto, P.S.L.M., Kim, H.Y., Lynn, B., Scott, M.: Efficient algorithms for pairing-based cryptosystems. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 354–368. Springer, Heidelberg (2002)
Boneh, D., Gentry, C., Lynn, B., Shacham, H.: Aggregate and verifiably encrypted signatures frombilinear maps. In: Biham, E. (ed.) EUROCRPYT 2003. LNCS, vol. 2656, p. 416. Springer, Heidelberg (2003)
Boneh, D., Franklin, M.: Identity based encryption from the Weil pairing. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 213–229. Springer, Heidelberg (2001)
Cha, J.C., Cheon, J.H.: An identity-based signature from gap Diffie-Hellman groups. In: Desmedt, Y.G. (ed.) PKC 2003. LNCS, vol. 2567, pp. 18–30. Springer, Heidelberg (2002)
Cocks, C.: An Identity-Based Encryption Scheme Based on Quadratic Residues. In: Honary, B. (ed.) Cryptography and Coding. LNCS, vol. 2260, pp. 360–363. Springer, Heidelberg (2001)
Diffie, W., Hellman, M.E.: New directions in cryptography. IEEE Trans. Info. Theory IT-22(6), 644–654 (1976)
Dodis, Y., Katz, J., Xu, S., Yung, M.: Key-Insulated Public Key Cryptosystems. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 65–82. Springer, Heidelberg (2002)
Foster, I., Kesselman, C.: The Grid: Blueprint for a New Computing Infrastructure. In: Computational Grids, ch. 2, pp. 15–51. Morgan Kaufmann, San Francisco (1999)
Foster, I., Kesselman, C., Tsudik, G., Tuecke, S.: A security architecture for Computational Grids. In: Proceedings of the 5th ACM Conference on Computer and Communications Security, pp. 83–92 (1998)
Foster, I., Kesselman, C., Tuecke, S.: The anatomy of the Grid: Enabling scalable virtual organizations. International Journal of High Performance Computing Applications 15(3), 200–222 (2001)
Galbraith, S.D., Harrison, K., Soldera, D.: Implementing the Tate pairing. In: Fieker, C., Kohel, D.R. (eds.) Algorithmic Number Theory. LNCS, vol. 2369, pp. 324–337. Springer, Heidelberg (2002)
ITU-T. Rec. X.509 (revised) the Directory — Authentication Framework, International Telecommunication Union, Geneva, Switzerland (equivalent to ISO/IEC 9594-8:1995.) (1993)
Novotny, J., Tuecke, S., Welch, V.: An online credential repository for the Grid: MyProxy. In: HPDC-10 2001. Proceedings of the 10th IEEE International Symposium on High Performance Distributed Computing, pp. 104–111. IEEE Computer Society, Los Alamitos (2001)
Rivest, R.L., Shamir, A., Adleman, L.: A method for obtaining digital signatures and public-key cryptosystems. Communications of the ACM 21(2), 120–126 (1978)
Sakai, R., Kasahara, M.: ID based Cryptosystems with Pairing on Elliptic Curve. Cryptology ePrint Archive, Report 2003/054
Sakai, R., Ohgishi, K., Kasahara, M.: Cryptosystems Based on Pairing. In: The 2000 Symposium on Cryptography and Information Security, Okinawa, Japan (January 2000)
Sakai, R., Ohgishi, K., Kasahara, M.: Cryptosystems Based on Pairing over Elliptic Curve. In: The 2001 Symposium on Cryptography and Information Security, Oiso, Japan (January 2001) (In Japanese)
Shamir, A.: Identity-Based Cryptosystems and Signature Schemes. In: Blakely, G.R., Chaum, D. (eds.) CRYPTO 1984. LNCS, vol. 196, pp. 47–53. Springer, Heidelberg (1985)
Tzeng, W., Tzeng, Z.: Robust Key-Evolving Public Key Encryption Schemes. In: Deng, R.H., Qing, S., Bao, F., Zhou, J. (eds.) ICICS 2002. LNCS, vol. 2513, pp. 61–72. Springer, Heidelberg (2002)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2007 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Chen, L., Lim, H.W., Mao, W. (2007). User-Friendly Grid Security Architecture and Protocols. In: Christianson, B., Crispo, B., Malcolm, J.A., Roe, M. (eds) Security Protocols. Security Protocols 2005. Lecture Notes in Computer Science, vol 4631. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-77156-2_17
Download citation
DOI: https://doi.org/10.1007/978-3-540-77156-2_17
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-77155-5
Online ISBN: 978-3-540-77156-2
eBook Packages: Computer ScienceComputer Science (R0)