Identity-based cryptography for grid security

The majority of current security architectures for grid systems use public key infrastructure (PKI) to authenticate identities of grid members and to secure resource allocation to these members. Identity-based cryptography (IBC) has some attractive properties that seem to align well with the demands of grid computing. This paper presents a comprehensive investigation into the use of identity-based techniques to provide an alternative grid security architecture. We propose a customised identity-based key agreement protocol, which fits nicely with the grid security infrastructure (GSI). We also present a delegation protocol, which is simpler and more efficient than existing delegation methods. Our study shows that properties of IBC can be exploited to provide grid security services in a more natural and clean way than more conventional public key cryptosystems, such as RSA.

[1]  Paulo S. L. M. Barreto,et al.  Efficient Algorithms for Pairing-Based Cryptosystems , 2002, CRYPTO.

[2]  Srilekha Mudumbai,et al.  Certificate-based authorization policy in a PKI environment , 2003, TSEC.

[3]  L. McKnight,et al.  Wireless Grids , 2022 .

[4]  Sanjay P. Ahuja,et al.  A Survey on Wireless Grid Computing , 2006, The Journal of Supercomputing.

[5]  Bruce Schneier,et al.  Ten Risks of PKI , 2004 .

[6]  Steven D. Galbraith,et al.  Implementing the Tate Pairing , 2002, ANTS.

[7]  Kenneth G. Paterson,et al.  Pairings for Cryptographers , 2008, IACR Cryptol. ePrint Arch..

[8]  Steven D. Galbraith,et al.  Supersingular Curves in Cryptography , 2001, ASIACRYPT.

[9]  Kenneth G. Paterson,et al.  Certificateless Public Key Cryptography , 2003 .

[10]  Serge Vaudenay,et al.  Password Interception in a SSL/TLS Channel , 2003, CRYPTO.

[11]  Jim Basney,et al.  The case for using Bridge Certificate Authorities for Grid computing , 2005, Softw. Pract. Exp..

[12]  Ian T. Foster,et al.  A community authorization service for group collaboration , 2002, Proceedings Third International Workshop on Policies for Distributed Systems and Networks.

[13]  David W. Chadwick,et al.  The PERMIS X.509 role based privilege management infrastructure , 2003, Future Gener. Comput. Syst..

[14]  Donald E. Eastlake,et al.  (Extensible Markup Language) XML-Signature Syntax and Processing , 2002, RFC.

[15]  Thomas Phan,et al.  Challenge: integrating mobile wireless devices into the computational grid , 2002, MobiCom '02.

[16]  Ben Lynn,et al.  Toward Hierarchical Identity-Based Encryption , 2002, EUROCRYPT.

[17]  Ian T. Foster,et al.  Globus: a Metacomputing Infrastructure Toolkit , 1997, Int. J. High Perform. Comput. Appl..

[18]  Lawrence C. Paulson,et al.  Inductive analysis of the Internet protocol TLS , 1999, TSEC.

[19]  Ran Canetti,et al.  Universally composable security: a new paradigm for cryptographic protocols , 2001, Proceedings 2001 IEEE International Conference on Cluster Computing.

[20]  Madhusudhan Govindaraju,et al.  Investigating the limits of SOAP performance for scientific computing , 2002, Proceedings 11th IEEE International Symposium on High Performance Distributed Computing.

[21]  Dan Boneh,et al.  Hierarchical Identity Based Encryption with Constant Size Ciphertext , 2005, EUROCRYPT.

[22]  Christopher Allen,et al.  The TLS Protocol Version 1.0 , 1999, RFC.

[23]  Dennis Gannon,et al.  Performance comparison of security mechanisms for grid services , 2004, Fifth IEEE/ACM International Workshop on Grid Computing.

[24]  Kenneth G. Paterson,et al.  A comparison between traditional public key infrastructures and identity-based cryptography , 2003, Inf. Secur. Tech. Rep..

[25]  Craig Gentry,et al.  Space-Efficient Identity Based EncryptionWithout Pairings , 2007, 48th Annual IEEE Symposium on Foundations of Computer Science (FOCS'07).

[26]  Adi Shamir,et al.  Identity-Based Cryptosystems and Signature Schemes , 1984, CRYPTO.

[27]  Kenneth G. Paterson,et al.  Identity-Based Cryptography for Grid Security , 2005, e-Science.

[28]  Michael Scott,et al.  Computing the Tate Pairing , 2005, CT-RSA.

[29]  Gerhard Frey,et al.  The Tate pairing and the discrete logarithm applied to elliptic curve cryptosystems , 1999, IEEE Trans. Inf. Theory.

[30]  Peter Honeyman,et al.  Kerberized Credential Translation: A Solution to Web Access Control , 2001, USENIX Security Symposium.

[31]  Geraint Price PKI Challenges: An Industry Analysis , 2005, IWAP.

[32]  Ian T. Foster,et al.  Security for Grid services , 2003, High Performance Distributed Computing, 2003. Proceedings. 12th IEEE International Symposium on.

[33]  R. V. van Nieuwpoort,et al.  The Grid 2: Blueprint for a New Computing Infrastructure , 2003 .

[34]  Bruce Schneier,et al.  Analysis of the SSL 3.0 protocol , 1996 .

[35]  K. Paterson Advances in Elliptic Curve Cryptography: Cryptography from Pairings , 2005 .

[36]  Matthew J. B. Robshaw,et al.  On Identity-Based Cryptography and Grid Computing , 2004, International Conference on Computational Science.

[37]  Ian T. Foster,et al.  The anatomy of the grid: enabling scalable virtual organizations , 2001, Proceedings First IEEE/ACM International Symposium on Cluster Computing and the Grid.

[38]  OpenSSL OpenSSL : The open source toolkit for SSL/TSL , 2002 .

[39]  Ian T. Foster,et al.  A security architecture for computational grids , 1998, CCS '98.

[40]  Liqun Chen,et al.  User-Friendly Grid Security Architecture and Protocols , 2005, Security Protocols Workshop.

[41]  Ákos Frohner,et al.  From gridmap-file to VOMS: managing authorization in a Grid environment , 2005, Future Gener. Comput. Syst..

[42]  K. Paterson,et al.  A Certificate-Free Grid Security Infrastructure Supporting Password-Based User Authentication ∗ , 2007 .

[43]  Tsz Hon Yuen,et al.  Practical Hierarchical Identity Based Encryption and Signature schemes Without Random Oracles , 2006, IACR Cryptol. ePrint Arch..

[44]  Von Welch,et al.  GSS-API Extensions , 2003 .

[45]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[46]  Jim Basney,et al.  The MyProxy online credential repository , 2005, Softw. Pract. Exp..

[47]  Krste Asanovic,et al.  Energy-aware lossless data compression , 2006, TOCS.

[48]  Linpeng Huang,et al.  An Identity-Based Grid Security Infrastructure Model , 2005, ISPEC.

[49]  Theodore Y. Ts'o,et al.  Kerberos: an authentication service for computer networks , 1994, IEEE Communications Magazine.

[50]  Anne E. Trefethen,et al.  The UK e-Science Core Programme and the Grid , 2002, Future Gener. Comput. Syst..

[51]  Wenbo Mao,et al.  An Identity-based Non-interactive Authentication Framework for Computational Grids , 2004 .

[52]  Hugo Krawczyk,et al.  The Order of Encryption and Authentication for Protecting Communications (or: How Secure Is SSL?) , 2001, CRYPTO.

[53]  Steven Tuecke,et al.  Internet X.509 Public Key Infrastructure (PKI) Proxy Certificate Profile , 2004, RFC.

[54]  Russ Housley,et al.  Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile , 2002, RFC.

[55]  S. Galbraith,et al.  Advances in Elliptic Curve Cryptography: Pairings , 2005 .

[56]  Steven Tuecke,et al.  An online credential repository for the Grid: MyProxy , 2001, Proceedings 10th IEEE International Symposium on High Performance Distributed Computing.

[57]  Alfred Menezes,et al.  Key Agreement Protocols and Their Security Analysis , 1997, IMACC.

[58]  Craig Gentry,et al.  Hierarchical ID-Based Cryptography , 2002, ASIACRYPT.

[59]  Matthew J. B. Robshaw,et al.  A Dynamic Key Infrastructure for Grid , 2005, EGC.

[60]  Serge Vaudenay,et al.  Security Flaws Induced by CBC Padding - Applications to SSL, IPSEC, WTLS , 2002, EUROCRYPT.

[61]  Paulo S. L. M. Barreto,et al.  Efficient pairing computation on supersingular Abelian varieties , 2007, IACR Cryptol. ePrint Arch..

[62]  Steven Tuecke,et al.  X.509 Proxy Certificates for Dynamic Delegation , 2004 .

[63]  Peter Gutmann,et al.  PKI: It's Not Dead, Just Resting , 2002, Computer.

[64]  John Linn,et al.  Generic Security Service Application Program Interface Version 2, Update 1 , 2000, RFC.

[65]  Bengt Eliasson Outflow Boundary Conditions for the Fourier Transformed One-Dimensional Vlasov–Poisson System , 2001, J. Sci. Comput..

[66]  D. Eastlake,et al.  XML Encryption Syntax and Processing , 2003 .