Identity-Based Cryptography for Grid Security

The majority of current security architectures for grid systems use public key infrastructure (PKI) to authenticate identities of grid members and to secure resource allocation to these members. Identity-based cryptography (IBC) has some attractive properties which seem to align well with the demands of grid computing. This paper presents a comprehensive investigation of the use of identity-based techniques to provide an alternative grid security architecture. We propose a customised identity-based key agreement protocol which fits nicely with the grid security infrastructure (GSI) and provides a more lightweight secure job submission environment for grid users. Single sign-on and delegation services are also supported in a very natural way in our identity-based architecture

[1]  Matthew J. B. Robshaw,et al.  On Identity-Based Cryptography and Grid Computing , 2004, International Conference on Computational Science.

[2]  Ian T. Foster,et al.  Security for Grid services , 2003, High Performance Distributed Computing, 2003. Proceedings. 12th IEEE International Symposium on.

[3]  Hugo Krawczyk,et al.  The Order of Encryption and Authentication for Protecting Communications (or: How Secure Is SSL?) , 2001, CRYPTO.

[4]  Kenneth G. Paterson,et al.  Certificateless Public Key Cryptography , 2003 .

[5]  Bruce Schneier,et al.  Analysis of the SSL 3.0 protocol , 1996 .

[6]  Srilekha Mudumbai,et al.  Certificate-based authorization policy in a PKI environment , 2003, TSEC.

[7]  Ian Foster,et al.  The Grid 2 - Blueprint for a New Computing Infrastructure, Second Edition , 1998, The Grid 2, 2nd Edition.

[8]  Alfred Menezes,et al.  Key Agreement Protocols and Their Security Analysis , 1997, IMACC.

[9]  Steven D. Galbraith,et al.  Implementing the Tate Pairing , 2002, ANTS.

[10]  Craig Gentry,et al.  Hierarchical ID-Based Cryptography , 2002, ASIACRYPT.

[11]  Hoon Wei Lim User-Friendly Grid Security Architecture and Protocols , 2005, Security Protocols Workshop.

[12]  Tsz Hon Yuen,et al.  Practical Hierarchical Identity Based Encryption and Signature schemes Without Random Oracles , 2006, IACR Cryptol. ePrint Arch..

[13]  Ian T. Foster,et al.  A security architecture for computational grids , 1998, CCS '98.

[14]  Ákos Frohner,et al.  From gridmap-file to VOMS: managing authorization in a Grid environment , 2005, Future Gener. Comput. Syst..

[15]  Paulo S. L. M. Barreto,et al.  Efficient pairing computation on supersingular Abelian varieties , 2007, IACR Cryptol. ePrint Arch..

[16]  Steven Tuecke,et al.  X.509 Proxy Certificates for Dynamic Delegation , 2004 .

[17]  Geraint Price PKI Challenges: An Industry Analysis , 2005, IWAP.

[18]  Dennis Gannon,et al.  Performance comparison of security mechanisms for grid services , 2004, Fifth IEEE/ACM International Workshop on Grid Computing.

[19]  Matthew J. B. Robshaw,et al.  A Dynamic Key Infrastructure for Grid , 2005, EGC.

[20]  Peter Gutmann,et al.  PKI: It's Not Dead, Just Resting , 2002, Computer.

[21]  John Linn,et al.  Generic Security Service Application Program Interface Version 2, Update 1 , 2000, RFC.

[22]  Bengt Eliasson Outflow Boundary Conditions for the Fourier Transformed One-Dimensional Vlasov–Poisson System , 2001, J. Sci. Comput..

[23]  Kenneth G. Paterson,et al.  A comparison between traditional public key infrastructures and identity-based cryptography , 2003, Inf. Secur. Tech. Rep..

[24]  Donald E. Eastlake,et al.  (Extensible Markup Language) XML-Signature Syntax and Processing , 2002, RFC.

[25]  Thomas Phan,et al.  Challenge: integrating mobile wireless devices into the computational grid , 2002, MobiCom '02.

[26]  Steven D. Galbraith,et al.  Supersingular Curves in Cryptography , 2001, ASIACRYPT.

[27]  Jim Basney,et al.  The case for using Bridge Certificate Authorities for Grid computing , 2005, Softw. Pract. Exp..

[28]  K. Paterson Advances in Elliptic Curve Cryptography: Cryptography from Pairings , 2005 .

[29]  Ian T. Foster,et al.  A community authorization service for group collaboration , 2002, Proceedings Third International Workshop on Policies for Distributed Systems and Networks.

[30]  David W. Chadwick,et al.  The PERMIS X.509 role based privilege management infrastructure , 2003, Future Gener. Comput. Syst..

[31]  Von Welch,et al.  GSS-API Extensions , 2003 .

[32]  Steven Tuecke,et al.  Internet X.509 Public Key Infrastructure (PKI) Proxy Certificate Profile , 2004, RFC.

[33]  Christopher Allen,et al.  The TLS Protocol Version 1.0 , 1999, RFC.

[34]  Gerhard Frey,et al.  The Tate pairing and the discrete logarithm applied to elliptic curve cryptosystems , 1999, IEEE Trans. Inf. Theory.

[35]  Serge Vaudenay,et al.  Security Flaws Induced by CBC Padding - Applications to SSL, IPSEC, WTLS , 2002, EUROCRYPT.

[36]  Russ Housley,et al.  Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile , 2002, RFC.

[37]  Michael Scott,et al.  Computing the Tate Pairing , 2005, CT-RSA.

[38]  Peter Honeyman,et al.  Kerberized Credential Translation: A Solution to Web Access Control , 2001, USENIX Security Symposium.

[39]  Paulo S. L. M. Barreto,et al.  Efficient Algorithms for Pairing-Based Cryptosystems , 2002, CRYPTO.

[40]  Sanjay P. Ahuja,et al.  A Survey on Wireless Grid Computing , 2006, The Journal of Supercomputing.

[41]  Bruce Schneier,et al.  Ten Risks of PKI , 2004 .

[42]  Theodore Y. Ts'o,et al.  Kerberos: an authentication service for computer networks , 1994, IEEE Communications Magazine.

[43]  Anne E. Trefethen,et al.  The UK e-Science Core Programme and the Grid , 2002, Future Gener. Comput. Syst..

[44]  Lee W. McKnight,et al.  Guest Editors' Introduction: Wireless Grids--Distributed Resource Sharing by Mobile, Nomadic, and Fixed Devices , 2004, IEEE Internet Comput..

[45]  Steven Tuecke,et al.  An online credential repository for the Grid: MyProxy , 2001, Proceedings 10th IEEE International Symposium on High Performance Distributed Computing.

[46]  Adi Shamir,et al.  Identity-Based Cryptosystems and Signature Schemes , 1984, CRYPTO.

[47]  Serge Vaudenay,et al.  Password Interception in a SSL/TLS Channel , 2003, CRYPTO.

[48]  Krste Asanovic,et al.  Energy-aware lossless data compression , 2006, TOCS.

[49]  Linpeng Huang,et al.  An Identity-Based Grid Security Infrastructure Model , 2005, ISPEC.

[50]  Ian T. Foster,et al.  Globus: a Metacomputing Infrastructure Toolkit , 1997, Int. J. High Perform. Comput. Appl..

[51]  Ian T. Foster,et al.  The Anatomy of the Grid: Enabling Scalable Virtual Organizations , 2001, Int. J. High Perform. Comput. Appl..

[52]  Lawrence C. Paulson,et al.  Inductive analysis of the Internet protocol TLS , 1999, TSEC.

[53]  Ran Canetti,et al.  Universally composable security: a new paradigm for cryptographic protocols , 2001, Proceedings 2001 IEEE International Conference on Cluster Computing.

[54]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[55]  Jim Basney,et al.  The MyProxy online credential repository , 2005, Softw. Pract. Exp..

[56]  Madhusudhan Govindaraju,et al.  Investigating the limits of SOAP performance for scientific computing , 2002, Proceedings 11th IEEE International Symposium on High Performance Distributed Computing.

[57]  Dan Boneh,et al.  Hierarchical Identity Based Encryption with Constant Size Ciphertext , 2005, EUROCRYPT.