Skip to main content
SpringerLink
Log in

User-friendly and certificate-free grid security infrastructure

  • Regular Contribution
  • Published:
International Journal of Information Security Aims and scope Submit manuscript

Abstract

Certificate-based public key infrastructures are currently widely used in computational grids to support security services. From a user’s perspective, however, certificate acquisition is time-consuming and public/private key management is non-trivial. In this paper, we propose a security infrastructure for grid applications, in which users are authenticated using passwords. Our infrastructure allows a user to perform single sign-on based only on a password, without requiring a public key infrastructure. Moreover, hosting servers in our infrastructure are not required to have public key certificates. Nevertheless, our infrastructure supports essential grid security services, such as mutual authentication and delegation, using public key cryptographic techniques without incurring significant additional overheads in comparison with existing approaches.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Abdalla, M., Bresson, E., Chevassut, O., Möller, B., Pointcheval, D.: Provably secure password-based authentication in TLS. In: Proceedings of the 1st ACM Symposium on Information, Computer and Communications Security (ASIACCS 2006), pp. 35–45. ACM Press (2006)

  2. Abdalla, M., Fouque, P., Pointcheval, D.: Password-based authenticated key exchange in the three-party setting. In: Vaudenay, S. (ed.) Proceedings of the 8th International Workshop on Theory and Practice in Public Key Cryptography—PKC 2005, LNCS, vol. 3386, pp. 65–84. Springer (2005)

  3. Alsaid, A., Mitchell, C.J.: Installing fake root keys in a PC. In: Chadwick, D., Zhao, G. (eds.) Proceedings of the 2nd European Public Key Infrastructure Workshop (EuroPKI 2005), LNCS, vol. 3545, pp. 227–239. Springer (2005)

  4. Barreto, P.S.L.M., Kim, H.Y., Lynn, B., Scott, M.: Efficient algorithms for pairing-based cryptosystems. In: Yung, M. (ed.) Advances in Cryptology—Proceedings of CRYPTO 2002, LNCS, vol. 2442, pp. 354–368. Springer (2002)

  5. Basney J., Humphrey M., Welch V.: The MyProxy online credential repository. J. Softw. Pract. Experience 35(9), 817–826 (2005)

    Article  Google Scholar 

  6. Beckles, B.: Removing digital certificates from the end-user’s experience of grid environments. In: Proceedings of the UK e-Science All Hands Meeting 2004, pp. 756–762 (2004)

  7. Beckles B., Welch V., Basney J.: Mechanisms for increasing the usability of grid security. Int. J. Human Comput. Stud. 63(1–2), 74–101 (2005)

    Article  Google Scholar 

  8. Bellare, M., Pointcheval, D., Rogaway, P.: Authenticated key exchange secure against dictionary attacks. In: Preneel, B. (ed.) Advances in Cryptology—Proceedings of EUROCRYPT 2000, LNCS, vol. 1807, pp. 139–155. Springer (2000)

  9. Bellare, M., Rogaway, P.: Random oracles are practical: a paradigm for designing efficient protocols. In: Proceedings of the 1st ACM Computer and Communications Security Conference (CCS ’93), pp. 62–73. ACM Press (1993)

  10. Bellare, M., Rogaway, P.: The AuthA Protocol for Password-Based Authenticated Key Exchange. Contribution to IEEE P1363 (2000)

  11. Blake-Wilson, S., Bolyard, N., Gupta, V., Hawk, C., Möller, B.: Elliptic curve cryptography (ECC) cipher suites for transport layer security (TLS). The Internet Engineering Task Force (IETF), RFC 4492 (2006)

  12. Boneh, D., Boyen, X., Goh, E.: Hierarchical identity based encryption with constant size ciphertext. In: Cramer, R. (ed.) Advances in Cryptology—Proceedings of EUROCRYPT 2005, LNCS, vol. 3494, pp. 440–456. Springer (2005)

  13. Boneh, D., Franklin, M.: Identity-based encryption from the Weil pairing. In: Kilian, J. (ed) Advances in Cryptology—Proceedings of CRYPTO 2001, LNCS, vol. 2139, pp. 213–229. Springer (2001)

  14. Boyen, X., Martin, L.: Identity-based cryptography standard (IBCS) #1: supersingular curve implementations of the BF and BB1 cryptosystems. The Internet Engineering Task Force (IETF), RFC 5091 (2007)

  15. Buyya R., Yeo C.S., Venugopal S., Broberg J., Brandic I.: Cloud computing and emerging IT platforms: vision, hype, and reality for delivering computing as the 5th utility. Future Gener. Comput. Syst. 25(6), 599–616 (2009)

    Article  Google Scholar 

  16. Chu, D.C., Humphrey, M.: Mobile OGSI.NET: grid computing on mobile devices. In: Proceedings of 5th IEEE/ACM International Workshop on Grid Computing (GRID 2004), pp. 182–191. IEEE Computer Society Press (2004)

  17. Crampton, J., Lim, H.W.: Role signatures for access control in open distributed systems. In: Jajodia, S., Samarati, P., Cimato, S. (eds.) Proceedings of the IFIP TC-11 23rd International Information Security Conference (SEC 2008), pp. 205–219. Springer (2008)

  18. Crampton, J., Lim, H.W., Paterson, K.G., Price, G.: A certificate-free grid security infrastructure supporting password-based user authentication. In: Proceedings of the 6th Annual PKI R&D Workshop 2007, pp. 103–118. NIST Interagency Report 7427 (2007)

  19. Dierks, T., Allen, C.: The TLS protocol version 1.0. The Internet Engineering Task Force (IETF), RFC 2246 (1999)

  20. Du, S., Joshi, J.B.D.: Supporting authorization query and inter-domain role mapping in presence of hybrid role hierarchy. In: Proceedings of the 11th ACM Symposium on Access Control Models and Technologies (SACMAT 2006), pp. 228–236. ACM Press (2006)

  21. Foster I., Kesselman C.: Globus: a metacomputing infrastructure toolkit. Int. J. Supercomput. Appl. 11(2), 115–128 (1997)

    Article  Google Scholar 

  22. Foster, I., Kesselman, C. (eds): The Grid 2: Blueprint for a New Computing Infrastructure. Elsevier, San Francisco (2004)

    Google Scholar 

  23. Foster, I., Kesselman, C., Tsudik, G., Tuecke, S.: A security architecture for computational Grids. In: Proceedings of the 5th ACM Computer and Communications Security Conference (CCS ’98), pp. 83–92. ACM Press (1998)

  24. Foster I., Kesselman C., Tuecke S.: The anatomy of the Grid: enabling scalable virtual organizations. Int. J. High Perform. Comput. Appl. 15(3), 200–222 (2001)

    Article  Google Scholar 

  25. Galbraith, S.D.: Supersingular curves in cryptography. In: Boyd, C. (ed.) Advances in Cryptology—Proceedings of ASIACRYPT 2001, LNCS, vol. 2248, pp. 495–513. Springer (2001)

  26. Galbraith, S.D., Harrison, K., Soldera, D.: Implementing the Tate pairing. In: Fieker, C., Kohel, D.R. (eds.) Proceedings of the 5th International Symposium on Algorithmic Number Theory (ANTS-V), LNCS, vol. 2369, pp. 324–337. Springer (2002)

  27. Galbraith S.D., Paterson K.G., Smart N.P.: Pairings for cryptographers. Discrete Appl. Math. 156(16), 3113–3121 (2008)

    Article  MathSciNet  MATH  Google Scholar 

  28. Gentry, C., Silverberg, A.: Hierarchical ID-based cryptography. In: Zheng, Y. (ed.) Advances in Cryptology—Proceedings of ASIACRYPT 2002, LNCS vol. 2501, pp. 548–566. Springer (2002)

  29. GridCafé.: Grid Projects in the World. Available at http://gridcafe.web.cern.ch/

  30. Gutmann, P.: Plug-and-play PKI: a PKI your mother can use.In: Proceedings of the 12th USENIX Security Symposium, pp. 45–58 (2003)

  31. Hayes, J.M.: The problem with multiple roots in web browsers—certificate masquerading. In: Proceedings of the IEEE 7th International Workshop on Enabling Technologies: Infrastructure for Collaborative Enterprise, pp. 306–311. IEEE Computer Society Press (1998)

  32. Horwitz, J., Lynn, B.: Towards hierarchical identity-based encryption. In: Knudsen, L.R. (ed.) Advances in Cryptology—Proceedings of EUROCRYPT 2002, LNCS, vol. 2332, pp. 466–481. Springer (2002)

  33. Housley, R., Polk, W., Ford, W., Solo, D.: Internet X.509 public key infrastructure certificate and certificate revocation list (CRL) profile. The Internet Engineering Task Force (IETF), RFC 3280 (2002)

  34. Humphrey M., Thompson M.R., Jackson K.R.: Security for grids. Proc. IEEE 93(3), 644–652 (2005)

    Article  Google Scholar 

  35. Kleinjung, T., Aoki, K., Franke, J., Lenstra, A., Thomé, E., Bos, J., Gaudry, P., Kruppa, A., Montgomery, P., Osvik, D.A. te Riele, H., Timofeev, A., Zimmermann, P.: Factorization of a 768-bit RSA modulus. Cryptology ePrint Archive, Report 2010/006 (2010). Available at http://eprint.iacr.org/2010/006

  36. Kornievskaia, O., Honeyman, P., Doster, B., Coffman, K.: Kerberized credential translation: a solution to web access control. In: Proceedings of the 10th USENIX Security Symposium, pp. 235–250 (2001)

  37. Krawczyk, H.: The order of encryption and authentication for protecting communications (or: how secure is SSL?) In: Kilian, J. (ed.) Advances in Cryptology—Proceedings of CRYPTO 2001, LNCS, vol. 2139, pp. 310–331. Springer (2001)

  38. Lim, H.W.: On the Application of Identity-Based Cryptography in Grid Security. Ph.D thesis, University of London (2006)

  39. Lim, H.W., Paterson, K.G.: Identity-based cryptography for grid security. In: Stockinger, H., Buyya, R., Perrott, R. (eds.) Proceedings of the 1st IEEE International Conference on e-Science and Grid Computing (e-Science 2005), pp. 395–404. IEEE Computer Society Press (2005)

  40. Lim, H.W., Robshaw, M.J.B.: On identity-based cryptography and Grid computing. In: Bubak, M., Albada, G.D.v., Sloot, P.M.A., Dongarra, J.J. (eds.) Proceedings of the 4th International Conference on Computational Science (ICCS 2004), LNCS, vol. 3036, pp. 474–477. Springer (2004)

  41. Linn, J.: Generic security service application program interface version 2, update1. The Internet Engineering Task Force (IETF), RFC 2743 (2000)

  42. Mao, W.: An Identity-based Non-interactive Authentication Framework for Computational Grids. HP Lab, Technical Report HPL-2004-96 (2004)

  43. Moore, P.C., Johnson, W.R., Detry, R.J.: Adapting Globus and Kerberos for a secure ASCI Grid. In: Proceedings of the 2001 ACM/IEEE Conference on Supercomputing (SC2001), CD-ROM, p. 21. ACM Press (2001)

  44. Neuman B.C., Ts’o T.: Kerberos: an authentication service for computer networks. IEEE Commun. 32(9), 33–38 (1994)

    Article  Google Scholar 

  45. Novotny, J., Tuecke, S., Welch, V.: An online credential repository for the Grid: MyProxy. In: Proceedings of the 10th IEEE International Symposium on High Performance Distributed Computing (HPDC-10 2001), pp. 104–111. IEEE Computer Society Press (2001)

  46. The OpenSSL Project: OpenSSL: The Open Source Toolkit for SSL/TLS (2010). Available at http://www.openssl.org/

  47. Paterson K.G., Price G.: A comparison between traditional public key infrastructures and identity-based cryptography. Inf. Secur. Tech. Report 8(3), 57–72 (2003)

    Article  Google Scholar 

  48. Paulson L.C.: Inductive analysis of the Internet protocol TLS. ACM Trans. Inf. Syst. Secur. 2(3), 332–351 (1999)

    Article  Google Scholar 

  49. Phan, T., Huang, L., Dulan, C.: Challenge: integrating mobile wireless devices into the computational grid. In: Proceedings of the 8th ACM International Conference on Mobile Computing and Networking (MOBICOM 2002), pp. 271–278. ACM Press (2002)

  50. Price, G., Mitchell, C.J.: Interoperation between a conventional PKI and an ID-based infrastructure. In: Chadwick, D., Zhao, G. (eds.) Proceedings of the 2nd European Public Key Infrastructure Workshop (EuroPKI 2005), LNCS, vol. 3545, pp. 73–85. Springer (2005)

  51. Sandhu, R.S., Bellare, M., Ganesan, R.: Password-enabled PKI: virtual smartcards versus virtual soft tokens. In: Proceedings of the 1st Annual PKI R&D Workshop, pp. 89–96 (2002)

  52. Shamir, A.: Identity-based cryptosystems and signature schemes. In: Blakley, G.R., Chaum, D. (eds.) Advances in Cryptology—Proceedings of CRYPTO ’84, LNCS, vol. 196, pp. 47–53. Springer (1985)

  53. Shamus Software Ltd.: MIRACL. Available at http://www.shamus.ie/

  54. Steiner M., Buhler P., Eirich T., Waidner M.: Secure password-based cipher suite for TLS. ACM Trans. Inf. Syst. Secur. 4(2), 134–157 (2001)

    Article  Google Scholar 

  55. The TeraGrid Project.: TeraGrid. Available at http://www.teragrid.org/. Last accessed Jan 2009

  56. Tuecke, S., Welch, V., Engert, D., Pearlman L., Thompson M.R.: Internet X.509 public key infrastructure proxy certificate profile. The Internet Engineering Task Force (IETF), RFC 3820 (2004)

  57. Wagner, D., Schneier, B.: Analysis of the SSL 3.0 protocol. In: Proceedings of the 2nd USENIX Workshop on Electronic Commerce, pp. 29–40 (1996)

  58. Welch, V., Foster, I., Kesselman, C., Mulmo, O., Pearlman, L., Tuecke, S., Gawor, J., Meder, S., Siebenlist, F.: X.509 proxy certificates for dynamic delegation. In: Proceedings of the 3rd Annual PKI R&D Workshop, pp. 42–58. NIST Interagency Report (2004)

  59. Welch, V., Siebenlist, F., Foster, I., Bresnahan, J., Czajkowski, K., Gawor, J., Kesselman, C., Meder, S., Pearlman, L., Tuecke, S.: Security for Grid services. In: Proceedings of the 12th IEEE International Symposium on High Performance Distributed Computing (HPDC-12 2003), pp. 48–61. IEEE Computer Society Press (2003)

Download references

Author information

Authors and Affiliations

  1. Information Security Group, University of London, Royal Holloway, London, UK

    Jason Crampton, Kenneth G. Paterson & Geraint Price

  2. Coding and Cryptography Research Group, Nanyang Technological University, Singapore, Singapore

    Hoon Wei Lim

Authors
  1. Jason Crampton
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Hoon Wei Lim
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Kenneth G. Paterson
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Geraint Price
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Hoon Wei Lim.

Additional information

A preliminary version of this work appeared in the Proceedings of the 6th Annual PKI R&D Workshop 2007 [18]. The research in this paper was supported by the UK Engineering and Physical Sciences Research Council (EPSRC) through Grant EP/D051878/1. The second author was supported in part by the Singapore National Research Foundation under Research Grant NRF-CRP2-2007-03.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Crampton, J., Lim, H.W., Paterson, K.G. et al. User-friendly and certificate-free grid security infrastructure. Int. J. Inf. Secur. 10, 137–153 (2011). https://doi.org/10.1007/s10207-011-0123-8

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10207-011-0123-8

Keywords

Search

Navigation