Using Hash Tree for Delegation Revocation in Grids

Grid security infrastructure (GSI) pro-vides the security in grids by using proxy certificates to delegate the work of authentication. At present, revoca-tion proxy certificate has two kinds of methods, one is using certificate revocation list (CRL) and the other is giving the certificate a short period of validity. However, when a lot of certifications are revoked, CRL will be the burden in the system. If the certificate has a short pe-riod of validity, entities should be often updating the certificate. In this paper, we propose a scheme for proxy certificate revocation using hash tree. Our scheme only needs hash value comparisons to achieve the purpose of certificate revocation. Previous two methods have to wait the expiration of the certificate. Therefore, our scheme is more flexible than previous methods.

[1]  Mingchu Li,et al.  Recovery mechanism of online certification chain in grid computing , 2006, First International Conference on Availability, Reliability and Security (ARES'06).

[2]  C. V. Ramamoorthy,et al.  Knowledge and Data Engineering , 1989, IEEE Trans. Knowl. Data Eng..

[3]  Sugato Bagchi Simulation of grid computing infrastructure: challenges and solutions , 2005, Proceedings of the Winter Simulation Conference, 2005..

[4]  Ian Foster,et al.  The Grid 2 - Blueprint for a New Computing Infrastructure, Second Edition , 1998, The Grid 2, 2nd Edition.

[5]  Andrew S. Grimshaw,et al.  A philosophical and technical comparison of Legion and Globus , 2004, IBM J. Res. Dev..

[6]  Ian T. Foster,et al.  The anatomy of the grid: enabling scalable virtual organizations , 2001, Proceedings First IEEE/ACM International Symposium on Cluster Computing and the Grid.

[7]  Hoon Wei Lim,et al.  On the application of identity-based cryptography in grid security , 2006 .

[8]  Anirban Chakrabarti,et al.  Grid Computing Security: A Taxonomy , 2008, IEEE Security & Privacy.

[9]  H. Raghav Rao,et al.  Security in grid computing: A review and synthesis , 2008, Decis. Support Syst..

[10]  Steven Tuecke,et al.  X.509 Proxy Certificates for Dynamic Delegation , 2004 .

[11]  David Snelling,et al.  Explicit Trust Delegation: Security for dynamic Grids , 2004 .

[12]  Yannis A. Dimitriadis,et al.  Grid Characteristics and Uses: A Grid Definition , 2003, European Across Grids Conference.

[13]  Christian Grimm,et al.  A Comprehensive Approach to Self-Restricted Delegation of Rights in Grids , 2008, 2008 Eighth IEEE International Symposium on Cluster Computing and the Grid (CCGRID).

[14]  Min-Shiang Hwang,et al.  A Practical (t, n) Threshold Proxy Signature Scheme Based on the RSA Cryptosystem , 2003, IEEE Trans. Knowl. Data Eng..

[15]  Weidong Kou,et al.  The security analyses of RosettaNet in Grid , 2007, Comput. Stand. Interfaces.

[16]  William Stallings,et al.  Cryptography and Network Security: Principles and Practice , 1998 .

[17]  Yih-Chun Hu,et al.  Wormhole attacks in wireless networks , 2006, IEEE Journal on Selected Areas in Communications.

[18]  Akshai Aggarwal,et al.  A Framework for Revocation of Proxy Certificates in a Grid , 2007 .

[19]  Steven Tuecke,et al.  An online credential repository for the Grid: MyProxy , 2001, Proceedings 10th IEEE International Symposium on High Performance Distributed Computing.

[20]  Changqin Huang,et al.  Supporting secure collaborative computing in grid environments , 2004, 8th International Conference on Computer Supported Cooperative Work in Design.

[21]  Yuan-Shun Dai,et al.  Reliability analysis of grid computing systems , 2002, 2002 Pacific Rim International Symposium on Dependable Computing, 2002. Proceedings..

[22]  Akshai K. Aggarwal,et al.  PKI-Based Authentication Mechanisms in Grid Systems , 2007, 2007 International Conference on Networking, Architecture, and Storage (NAS 2007).

[23]  B. Bitzer,et al.  Load Balancing for Distributed and Integrated Power Systems using Grid Computing , 2007, 2007 International Conference on Clean Electrical Power.

[24]  Wenjing Lou,et al.  On Broadcast Authentication in Wireless Sensor Networks , 2007 .

[25]  Seunghun Jin,et al.  Grid ID Management based on Distributed Agents using SPML , 2006, 2006 IEEE International Symposium on Consumer Electronics.

[26]  Atul Negi,et al.  Dynamic delegation approach for access control in grids , 2005, First International Conference on e-Science and Grid Computing (e-Science'05).

[27]  Armin R. Mikler,et al.  Secure agent computation: X.509 Proxy Certificates in a multi-lingual agent framework , 2005, J. Syst. Softw..