A Grid Authentication System with Revocation Guarantees

Credential revocation is a critical problem in grid environments and remains unaddressed in existing grid security solutions. We present a novel grid authentication system that solves the revocation problem. It guarantees instantaneous revocation of both long-term digital identities of hosts/users and short-lived identities of user proxies. With our approach, revocation information is guaranteed to be fresh with high time-granularity. Our system employs mediated RSA (mRSA), adapts Boneh’s notion of semi-trusted mediators to suit security in virtual organizations and propagates proxy revocation information as in Micali’s NOVOMODO system. Our approach’s added benefits include a configuration-free security model for end-users of the grid and fine-grained management of users’ delegation capabilities.

[1]  Aggelos Kiayias,et al.  Self Protecting Pirates and Black-Box Traitor Tracing , 2001, CRYPTO.

[2]  Yvo Desmedt,et al.  Is hierarchical public-key certification the next target for hackers? , 2004, CACM.

[3]  Antoine Joux,et al.  A One Round Protocol for Tripartite Diffie–Hellman , 2000, Journal of Cryptology.

[4]  Loren M. Kohnfelder,et al.  Towards a practical public-key cryptosystem. , 1978 .

[5]  Warren Smith,et al.  A Resource Management Architecture for Metacomputing Systems , 1998, JSSPP.

[6]  Barbara M. Chapman,et al.  An OGSI-compliant portal for campus grids , 2003, ISPE CE.

[7]  Ami Marowka,et al.  The GRID: Blueprint for a New Computing Infrastructure , 2000, Parallel Distributed Comput. Pract..

[8]  Adi Shamir,et al.  Identity-Based Cryptosystems and Signature Schemes , 1984, CRYPTO.

[9]  D. Byun,et al.  Review of the Governing Equations, Computational Algorithms, and Other Components of the Models-3 Community Multiscale Air Quality (CMAQ) Modeling System , 2006 .

[10]  Ben Lynn,et al.  Authenticated Identity-Based Encryption , 2002, IACR Cryptol. ePrint Arch..

[11]  N. Koblitz A Course in Number Theory and Cryptography , 1987 .

[12]  Carlisle M. Adams,et al.  X.509 Internet Public Key Infrastructure Online Certificate Status Protocol - OCSP , 1999, RFC.

[13]  Ian T. Foster,et al.  Resource co-allocation in computational grids , 1999, Proceedings. The Eighth International Symposium on High Performance Distributed Computing (Cat. No.99TH8469).

[14]  Hans Peter Schmid,et al.  Meteorological Research Needs for Improved Air Quality Forecasting Report of the 11th Prospectus Development Team of the U.S. Weather Research Program , 2004 .

[15]  G. Grell,et al.  A description of the fifth-generation Penn State/NCAR Mesoscale Model (MM5) , 1994 .

[16]  Guido Appenzeller,et al.  Minimal-Overhead IP Security using Identity Based Encryption , 2002 .

[17]  Steven Tuecke,et al.  Internet X.509 Public Key Infrastructure (PKI) Proxy Certificate Profile , 2004, RFC.

[18]  Ian T. Foster,et al.  Data management and transfer in high-performance computational grid environments , 2002, Parallel Comput..

[19]  Steven Tuecke,et al.  An online credential repository for the Grid: MyProxy , 2001, Proceedings 10th IEEE International Symposium on High Performance Distributed Computing.

[20]  Craig Gentry,et al.  Certificate-Based Encryption and the Certificate Revocation Problem , 2003, EUROCRYPT.

[21]  Jeffrey M. Vukovich,et al.  Supporting Real-Time Air Quality Forecasting using the SMOKE modeling system , 2001 .

[22]  Ronald L. Rivest,et al.  Can We Eliminate Certificate Revocations Lists? , 1998, Financial Cryptography.

[23]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[24]  S. Micali,et al.  NOVOMODO : Scalable Certificate Validation and Simplified PKI Management , 2002 .

[25]  B. Chapman,et al.  GRID ENVIRONMENT WITH WEB-BASED PORTAL ACCESS FOR AIR QUALITY MODELLING , 2022 .

[26]  Ian T. Foster,et al.  Globus: a Metacomputing Infrastructure Toolkit , 1997, Int. J. High Perform. Comput. Appl..

[27]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[28]  Jeffrey M. Vukovich,et al.  Emission inventory development and processing for the Seasonal Model for Regional Air Quality (SMRAQ) project , 2000 .

[29]  Wan-Sup Um,et al.  An Authentication System for Open Network Systems , 1998 .

[30]  Steven J. M. Jones,et al.  Sun Grid Engine Package for OSCAR - A Google Summer Of Code 2005 Project , 2006, 20th International Symposium on High-Performance Computing in an Advanced Collaborative Environment (HPCS'06).

[31]  Ian Foster,et al.  The Grid 2 - Blueprint for a New Computing Infrastructure, Second Edition , 1998, The Grid 2, 2nd Edition.

[32]  Dan Boneh,et al.  Fine-grained control of security capabilities , 2004, TOIT.

[33]  Ian T. Foster,et al.  The anatomy of the grid: enabling scalable virtual organizations , 2001, Proceedings First IEEE/ACM International Symposium on Cluster Computing and the Grid.

[34]  Ian T. Foster,et al.  A security architecture for computational grids , 1998, CCS '98.

[35]  Barbara M. Chapman,et al.  Addressing credential revocation in grid environments , 2005, The 6th IEEE/ACM International Workshop on Grid Computing, 2005..

[36]  D. Byun,et al.  Chapter 12 METEOROLOGY-CHEMISTRY INTERFACE PROCESSOR ( MCIP ) FOR MODELS-3 COMMUNITY MULTISCALE AIR QUALITY ( CMAQ ) MODELING SYSTEM , 1999 .

[37]  Ian T. Foster,et al.  The Globus project: a status report , 1998, Proceedings Seventh Heterogeneous Computing Workshop (HCW'98).

[38]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[39]  B. Clifford Neuman,et al.  Kerberos: An Authentication Service for Open Network Systems , 1988, USENIX Winter.