A virtual bridge certificate authority-based cross-domain authentication mechanism for distributed collaborative manufacturing systems

The virtual enterprise VE is a new collaborative intelligent manufacturing paradigm that pools the core competencies of its member enterprises through computer networks to exploit transient market opportunities. The successful operation of such an organization is strongly dependent on its information securities, in which cross-domain authentication among entities of different member enterprises is a crucial issue. This problem is particularly difficult in VEs because of their collaborative nature in terms of agility, market dynamics, low cost, and diversity of collaboration modes. In this paper, we put forward a novel virtual bridge certificate authority BCA trust model, based on which an efficient cross-domain authentication scheme is further presented. The proposed scheme is implemented by the distributed verifiable secret sharing protocol and the threshold elliptic curve cryptosystem signature algorithm. It has the same advantages of simple construction and short length of inter-enterprise certification paths as the BCA model but does not need to create and maintain a dedicated physical BCA. In addition, the proposed scheme has the merits of high bit security, high efficiency, low cost, conspiracy attack resistance, and adaptability to diverse collaboration modes of VE. Therefore, the scheme is suitable for cross-domain authentications in VEs, especially for resource-limited applications. Copyright © 2014 John Wiley & Sons, Ltd.

[1]  Yacine Challal,et al.  Certification-based trust models in mobile ad hoc networks: A survey and taxonomy , 2012, J. Netw. Comput. Appl..

[2]  Gui Yun Tian,et al.  Internet-based manufacturing: A review and a new infrastructure for distributed intelligent manufacturing , 2002, J. Intell. Manuf..

[3]  J. Linn Trust Models and Management in Public-Key Infrastructures , 2000 .

[4]  Gabriel López Millán,et al.  Out-of-band federated authentication for Kerberos based on PANA , 2013, Comput. Commun..

[5]  Ping Luo,et al.  A scalable authentication model based on public keys , 2008, J. Netw. Comput. Appl..

[6]  Wang Xiao-feng Interactive authentication scheme against collusion attack for virtual enterprises , 2008 .

[7]  Qiang Liu,et al.  The resource access authorization route problem in a collaborative manufacturing system , 2014, J. Intell. Manuf..

[8]  Geuk Lee,et al.  Structure design and test of enterprise security management system with advanced internal security , 2009, Future Gener. Comput. Syst..

[9]  Shensheng Zhang,et al.  Virtual certificate authority for virtual enterprises , 2001, Proceedings Third International Workshop on Advanced Issues of E-Commerce and Web-Based Information Systems. WECWIS 2001.

[10]  Kamel Rouibah,et al.  Dynamic data sharing and security in a collaborative product definition management system , 2007 .

[11]  Pierluigi Ritrovato,et al.  Dynamic security perimeters for inter-enterprise service integration , 2007, Future Gener. Comput. Syst..

[12]  HE Da-ke,et al.  An Improved VCA Interaction Model for Virtual Enterprises Based on Threshold RSA Signature , 2012 .

[13]  Jie Xu,et al.  Dynamic Authentication for Cross-Realm SOA-Based Business Processes , 2012, IEEE Transactions on Services Computing.

[14]  Muhammad Khurram Khan,et al.  Multimodal face and fingerprint biometrics authentication on space-limited tokens , 2008, Neurocomputing.

[15]  Berkant Ustaoglu,et al.  Integrating identity-based and certificate-based authenticated key exchange protocols , 2011, International Journal of Information Security.

[16]  Angappa Gunasekaran,et al.  Design and implementation of agile manufacturing systems , 1999 .

[17]  Srilekha Mudumbai,et al.  Certificate-based authorization policy in a PKI environment , 2003, TSEC.

[18]  Liqun Chen,et al.  Certification of Public Keys within an Identity Based System , 2002, ISC.

[19]  Yacine Challal,et al.  Reliable and fully distributed trust model for mobile ad hoc networks , 2009, Comput. Secur..

[20]  Antonio F. Gómez-Skarmeta,et al.  PrivaKERB: A user privacy framework for Kerberos , 2011, Comput. Secur..

[21]  Antonio F. Gómez-Skarmeta,et al.  PKI-based trust management in inter-domain scenarios , 2010, Comput. Secur..

[22]  Lein Harn,et al.  Group Authentication , 2013, IEEE Transactions on Computers.

[23]  Hamideh Afsarmanesh,et al.  Virtual Enterprise Modeling and Support Infrastructures: Applying Multi-agent System Approaches , 2001, EASSS.

[24]  Hu Jin,et al.  An ID-based client authentication with key agreement protocol for mobile client-server environment on ECC with provable security , 2012 .

[25]  Chin-Chen Chang,et al.  An ID-based remote mutual authentication with key agreement scheme for mobile devices on elliptic curve cryptosystem , 2009, Comput. Secur..

[26]  Hamideh Afsarmanesh,et al.  Elements of a base VE infrastructure , 2003, Comput. Ind..

[27]  Philip Robinson,et al.  Security architecture for virtual organizations of business web services , 2009, J. Syst. Archit..

[28]  Ian T. Foster,et al.  A National-Scale Authentication Infrastructur , 2000, Computer.

[29]  Chih-Ming Hsiao,et al.  A novel multi-server remote user authentication scheme using self-certified public keys for mobile clients , 2013, Future Gener. Comput. Syst..

[30]  Bao Xu-Hua,et al.  A Distributed Trust Model with High-Compatibility Based on Bridge CA , 2006 .

[31]  Hamideh Afsarmanesh,et al.  Infrastructures for Virtual Enterprises: Networking Industrial Enterprises, IFIP TC5 WG5.3 / PRODNET Working Conference on Infrastructures for Virtual Enterprises (PRO-VE '99), October 27-28, 1999, Porto, Portugal , 1999, Working Conference on Virtual Enterprises.

[32]  Zhou Fucai A PKI-Based Cross Heterogeneous Domain Authentication Model , 2011 .

[33]  Javier López,et al.  Pervasive authentication and authorization infrastructures for mobile users , 2010, Comput. Secur..

[34]  A. Luís Osório,et al.  Reliable and secure communications infrastructure for virtual enterprises , 2001, J. Intell. Manuf..