Abstract
Certificate-based public key infrastructures are currently widely used in computational grids to support security services. From a user’s perspective, however, certificate acquisition is time-consuming and public/private key management is non-trivial. In this paper, we propose a security infrastructure for grid applications, in which users are authenticated using passwords. Our infrastructure allows a user to perform single sign-on based only on a password, without requiring a public key infrastructure. Moreover, hosting servers in our infrastructure are not required to have public key certificates. Nevertheless, our infrastructure supports essential grid security services, such as mutual authentication and delegation, using public key cryptographic techniques without incurring significant additional overheads in comparison with existing approaches.
Similar content being viewed by others
References
Abdalla, M., Bresson, E., Chevassut, O., Möller, B., Pointcheval, D.: Provably secure password-based authentication in TLS. In: Proceedings of the 1st ACM Symposium on Information, Computer and Communications Security (ASIACCS 2006), pp. 35–45. ACM Press (2006)
Abdalla, M., Fouque, P., Pointcheval, D.: Password-based authenticated key exchange in the three-party setting. In: Vaudenay, S. (ed.) Proceedings of the 8th International Workshop on Theory and Practice in Public Key Cryptography—PKC 2005, LNCS, vol. 3386, pp. 65–84. Springer (2005)
Alsaid, A., Mitchell, C.J.: Installing fake root keys in a PC. In: Chadwick, D., Zhao, G. (eds.) Proceedings of the 2nd European Public Key Infrastructure Workshop (EuroPKI 2005), LNCS, vol. 3545, pp. 227–239. Springer (2005)
Barreto, P.S.L.M., Kim, H.Y., Lynn, B., Scott, M.: Efficient algorithms for pairing-based cryptosystems. In: Yung, M. (ed.) Advances in Cryptology—Proceedings of CRYPTO 2002, LNCS, vol. 2442, pp. 354–368. Springer (2002)
Basney J., Humphrey M., Welch V.: The MyProxy online credential repository. J. Softw. Pract. Experience 35(9), 817–826 (2005)
Beckles, B.: Removing digital certificates from the end-user’s experience of grid environments. In: Proceedings of the UK e-Science All Hands Meeting 2004, pp. 756–762 (2004)
Beckles B., Welch V., Basney J.: Mechanisms for increasing the usability of grid security. Int. J. Human Comput. Stud. 63(1–2), 74–101 (2005)
Bellare, M., Pointcheval, D., Rogaway, P.: Authenticated key exchange secure against dictionary attacks. In: Preneel, B. (ed.) Advances in Cryptology—Proceedings of EUROCRYPT 2000, LNCS, vol. 1807, pp. 139–155. Springer (2000)
Bellare, M., Rogaway, P.: Random oracles are practical: a paradigm for designing efficient protocols. In: Proceedings of the 1st ACM Computer and Communications Security Conference (CCS ’93), pp. 62–73. ACM Press (1993)
Bellare, M., Rogaway, P.: The AuthA Protocol for Password-Based Authenticated Key Exchange. Contribution to IEEE P1363 (2000)
Blake-Wilson, S., Bolyard, N., Gupta, V., Hawk, C., Möller, B.: Elliptic curve cryptography (ECC) cipher suites for transport layer security (TLS). The Internet Engineering Task Force (IETF), RFC 4492 (2006)
Boneh, D., Boyen, X., Goh, E.: Hierarchical identity based encryption with constant size ciphertext. In: Cramer, R. (ed.) Advances in Cryptology—Proceedings of EUROCRYPT 2005, LNCS, vol. 3494, pp. 440–456. Springer (2005)
Boneh, D., Franklin, M.: Identity-based encryption from the Weil pairing. In: Kilian, J. (ed) Advances in Cryptology—Proceedings of CRYPTO 2001, LNCS, vol. 2139, pp. 213–229. Springer (2001)
Boyen, X., Martin, L.: Identity-based cryptography standard (IBCS) #1: supersingular curve implementations of the BF and BB1 cryptosystems. The Internet Engineering Task Force (IETF), RFC 5091 (2007)
Buyya R., Yeo C.S., Venugopal S., Broberg J., Brandic I.: Cloud computing and emerging IT platforms: vision, hype, and reality for delivering computing as the 5th utility. Future Gener. Comput. Syst. 25(6), 599–616 (2009)
Chu, D.C., Humphrey, M.: Mobile OGSI.NET: grid computing on mobile devices. In: Proceedings of 5th IEEE/ACM International Workshop on Grid Computing (GRID 2004), pp. 182–191. IEEE Computer Society Press (2004)
Crampton, J., Lim, H.W.: Role signatures for access control in open distributed systems. In: Jajodia, S., Samarati, P., Cimato, S. (eds.) Proceedings of the IFIP TC-11 23rd International Information Security Conference (SEC 2008), pp. 205–219. Springer (2008)
Crampton, J., Lim, H.W., Paterson, K.G., Price, G.: A certificate-free grid security infrastructure supporting password-based user authentication. In: Proceedings of the 6th Annual PKI R&D Workshop 2007, pp. 103–118. NIST Interagency Report 7427 (2007)
Dierks, T., Allen, C.: The TLS protocol version 1.0. The Internet Engineering Task Force (IETF), RFC 2246 (1999)
Du, S., Joshi, J.B.D.: Supporting authorization query and inter-domain role mapping in presence of hybrid role hierarchy. In: Proceedings of the 11th ACM Symposium on Access Control Models and Technologies (SACMAT 2006), pp. 228–236. ACM Press (2006)
Foster I., Kesselman C.: Globus: a metacomputing infrastructure toolkit. Int. J. Supercomput. Appl. 11(2), 115–128 (1997)
Foster, I., Kesselman, C. (eds): The Grid 2: Blueprint for a New Computing Infrastructure. Elsevier, San Francisco (2004)
Foster, I., Kesselman, C., Tsudik, G., Tuecke, S.: A security architecture for computational Grids. In: Proceedings of the 5th ACM Computer and Communications Security Conference (CCS ’98), pp. 83–92. ACM Press (1998)
Foster I., Kesselman C., Tuecke S.: The anatomy of the Grid: enabling scalable virtual organizations. Int. J. High Perform. Comput. Appl. 15(3), 200–222 (2001)
Galbraith, S.D.: Supersingular curves in cryptography. In: Boyd, C. (ed.) Advances in Cryptology—Proceedings of ASIACRYPT 2001, LNCS, vol. 2248, pp. 495–513. Springer (2001)
Galbraith, S.D., Harrison, K., Soldera, D.: Implementing the Tate pairing. In: Fieker, C., Kohel, D.R. (eds.) Proceedings of the 5th International Symposium on Algorithmic Number Theory (ANTS-V), LNCS, vol. 2369, pp. 324–337. Springer (2002)
Galbraith S.D., Paterson K.G., Smart N.P.: Pairings for cryptographers. Discrete Appl. Math. 156(16), 3113–3121 (2008)
Gentry, C., Silverberg, A.: Hierarchical ID-based cryptography. In: Zheng, Y. (ed.) Advances in Cryptology—Proceedings of ASIACRYPT 2002, LNCS vol. 2501, pp. 548–566. Springer (2002)
GridCafé.: Grid Projects in the World. Available at http://gridcafe.web.cern.ch/
Gutmann, P.: Plug-and-play PKI: a PKI your mother can use.In: Proceedings of the 12th USENIX Security Symposium, pp. 45–58 (2003)
Hayes, J.M.: The problem with multiple roots in web browsers—certificate masquerading. In: Proceedings of the IEEE 7th International Workshop on Enabling Technologies: Infrastructure for Collaborative Enterprise, pp. 306–311. IEEE Computer Society Press (1998)
Horwitz, J., Lynn, B.: Towards hierarchical identity-based encryption. In: Knudsen, L.R. (ed.) Advances in Cryptology—Proceedings of EUROCRYPT 2002, LNCS, vol. 2332, pp. 466–481. Springer (2002)
Housley, R., Polk, W., Ford, W., Solo, D.: Internet X.509 public key infrastructure certificate and certificate revocation list (CRL) profile. The Internet Engineering Task Force (IETF), RFC 3280 (2002)
Humphrey M., Thompson M.R., Jackson K.R.: Security for grids. Proc. IEEE 93(3), 644–652 (2005)
Kleinjung, T., Aoki, K., Franke, J., Lenstra, A., Thomé, E., Bos, J., Gaudry, P., Kruppa, A., Montgomery, P., Osvik, D.A. te Riele, H., Timofeev, A., Zimmermann, P.: Factorization of a 768-bit RSA modulus. Cryptology ePrint Archive, Report 2010/006 (2010). Available at http://eprint.iacr.org/2010/006
Kornievskaia, O., Honeyman, P., Doster, B., Coffman, K.: Kerberized credential translation: a solution to web access control. In: Proceedings of the 10th USENIX Security Symposium, pp. 235–250 (2001)
Krawczyk, H.: The order of encryption and authentication for protecting communications (or: how secure is SSL?) In: Kilian, J. (ed.) Advances in Cryptology—Proceedings of CRYPTO 2001, LNCS, vol. 2139, pp. 310–331. Springer (2001)
Lim, H.W.: On the Application of Identity-Based Cryptography in Grid Security. Ph.D thesis, University of London (2006)
Lim, H.W., Paterson, K.G.: Identity-based cryptography for grid security. In: Stockinger, H., Buyya, R., Perrott, R. (eds.) Proceedings of the 1st IEEE International Conference on e-Science and Grid Computing (e-Science 2005), pp. 395–404. IEEE Computer Society Press (2005)
Lim, H.W., Robshaw, M.J.B.: On identity-based cryptography and Grid computing. In: Bubak, M., Albada, G.D.v., Sloot, P.M.A., Dongarra, J.J. (eds.) Proceedings of the 4th International Conference on Computational Science (ICCS 2004), LNCS, vol. 3036, pp. 474–477. Springer (2004)
Linn, J.: Generic security service application program interface version 2, update1. The Internet Engineering Task Force (IETF), RFC 2743 (2000)
Mao, W.: An Identity-based Non-interactive Authentication Framework for Computational Grids. HP Lab, Technical Report HPL-2004-96 (2004)
Moore, P.C., Johnson, W.R., Detry, R.J.: Adapting Globus and Kerberos for a secure ASCI Grid. In: Proceedings of the 2001 ACM/IEEE Conference on Supercomputing (SC2001), CD-ROM, p. 21. ACM Press (2001)
Neuman B.C., Ts’o T.: Kerberos: an authentication service for computer networks. IEEE Commun. 32(9), 33–38 (1994)
Novotny, J., Tuecke, S., Welch, V.: An online credential repository for the Grid: MyProxy. In: Proceedings of the 10th IEEE International Symposium on High Performance Distributed Computing (HPDC-10 2001), pp. 104–111. IEEE Computer Society Press (2001)
The OpenSSL Project: OpenSSL: The Open Source Toolkit for SSL/TLS (2010). Available at http://www.openssl.org/
Paterson K.G., Price G.: A comparison between traditional public key infrastructures and identity-based cryptography. Inf. Secur. Tech. Report 8(3), 57–72 (2003)
Paulson L.C.: Inductive analysis of the Internet protocol TLS. ACM Trans. Inf. Syst. Secur. 2(3), 332–351 (1999)
Phan, T., Huang, L., Dulan, C.: Challenge: integrating mobile wireless devices into the computational grid. In: Proceedings of the 8th ACM International Conference on Mobile Computing and Networking (MOBICOM 2002), pp. 271–278. ACM Press (2002)
Price, G., Mitchell, C.J.: Interoperation between a conventional PKI and an ID-based infrastructure. In: Chadwick, D., Zhao, G. (eds.) Proceedings of the 2nd European Public Key Infrastructure Workshop (EuroPKI 2005), LNCS, vol. 3545, pp. 73–85. Springer (2005)
Sandhu, R.S., Bellare, M., Ganesan, R.: Password-enabled PKI: virtual smartcards versus virtual soft tokens. In: Proceedings of the 1st Annual PKI R&D Workshop, pp. 89–96 (2002)
Shamir, A.: Identity-based cryptosystems and signature schemes. In: Blakley, G.R., Chaum, D. (eds.) Advances in Cryptology—Proceedings of CRYPTO ’84, LNCS, vol. 196, pp. 47–53. Springer (1985)
Shamus Software Ltd.: MIRACL. Available at http://www.shamus.ie/
Steiner M., Buhler P., Eirich T., Waidner M.: Secure password-based cipher suite for TLS. ACM Trans. Inf. Syst. Secur. 4(2), 134–157 (2001)
The TeraGrid Project.: TeraGrid. Available at http://www.teragrid.org/. Last accessed Jan 2009
Tuecke, S., Welch, V., Engert, D., Pearlman L., Thompson M.R.: Internet X.509 public key infrastructure proxy certificate profile. The Internet Engineering Task Force (IETF), RFC 3820 (2004)
Wagner, D., Schneier, B.: Analysis of the SSL 3.0 protocol. In: Proceedings of the 2nd USENIX Workshop on Electronic Commerce, pp. 29–40 (1996)
Welch, V., Foster, I., Kesselman, C., Mulmo, O., Pearlman, L., Tuecke, S., Gawor, J., Meder, S., Siebenlist, F.: X.509 proxy certificates for dynamic delegation. In: Proceedings of the 3rd Annual PKI R&D Workshop, pp. 42–58. NIST Interagency Report (2004)
Welch, V., Siebenlist, F., Foster, I., Bresnahan, J., Czajkowski, K., Gawor, J., Kesselman, C., Meder, S., Pearlman, L., Tuecke, S.: Security for Grid services. In: Proceedings of the 12th IEEE International Symposium on High Performance Distributed Computing (HPDC-12 2003), pp. 48–61. IEEE Computer Society Press (2003)
Author information
Authors and Affiliations
Corresponding author
Additional information
A preliminary version of this work appeared in the Proceedings of the 6th Annual PKI R&D Workshop 2007 [18]. The research in this paper was supported by the UK Engineering and Physical Sciences Research Council (EPSRC) through Grant EP/D051878/1. The second author was supported in part by the Singapore National Research Foundation under Research Grant NRF-CRP2-2007-03.
Rights and permissions
About this article
Cite this article
Crampton, J., Lim, H.W., Paterson, K.G. et al. User-friendly and certificate-free grid security infrastructure. Int. J. Inf. Secur. 10, 137–153 (2011). https://doi.org/10.1007/s10207-011-0123-8
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10207-011-0123-8