User-friendly and certificate-free grid security infrastructure

Certificate-based public key infrastructures are currently widely used in computational grids to support security services. From a user’s perspective, however, certificate acquisition is time-consuming and public/private key management is non-trivial. In this paper, we propose a security infrastructure for grid applications, in which users are authenticated using passwords. Our infrastructure allows a user to perform single sign-on based only on a password, without requiring a public key infrastructure. Moreover, hosting servers in our infrastructure are not required to have public key certificates. Nevertheless, our infrastructure supports essential grid security services, such as mutual authentication and delegation, using public key cryptographic techniques without incurring significant additional overheads in comparison with existing approaches.

[1]  Matthew J. B. Robshaw,et al.  On Identity-Based Cryptography and Grid Computing , 2004, International Conference on Computational Science.

[2]  Ian T. Foster,et al.  Globus: a Metacomputing Infrastructure Toolkit , 1997, Int. J. High Perform. Comput. Appl..

[3]  Thomas Phan,et al.  Challenge: integrating mobile wireless devices into the computational grid , 2002, MobiCom '02.

[4]  Ian T. Foster,et al.  The Anatomy of the Grid: Enabling Scalable Virtual Organizations , 2001, Int. J. High Perform. Comput. Appl..

[5]  Jason Crampton,et al.  Role Signatures for Access Control in Open Distributed Systems , 2008, SEC.

[6]  Bodo Möller,et al.  Network Working Group Elliptic Curve Cryptography (ecc) Cipher Suites for Transport Layer Security (tls) , 2006 .

[7]  Lawrence C. Paulson,et al.  Inductive analysis of the Internet protocol TLS , 1999, TSEC.

[8]  Peter Honeyman,et al.  Kerberized Credential Translation: A Solution to Web Access Control , 2001, USENIX Security Symposium.

[9]  R. Sandhu,et al.  Password-Enabled PKI : Virtual Smartcards vs. Virtual Soft Tokens , 2002 .

[10]  Chris J. Mitchell,et al.  Installing Fake Root Keys in a PC , 2005, EuroPKI.

[11]  Francine D. Berman,et al.  The Teragrid Project , 2002 .

[12]  Bruce Beckles Removing digital certificates from the end-user ’ s experience of grid environments , 2004 .

[13]  Hugo Krawczyk,et al.  The Order of Encryption and Authentication for Protecting Communications (or: How Secure Is SSL?) , 2001, CRYPTO.

[14]  Hoon Wei Lim,et al.  On the application of identity-based cryptography in grid security , 2006 .

[15]  John Linn,et al.  Generic Security Service Application Program Interface, Version 2 , 1997, RFC.

[16]  Xavier Boyen,et al.  Identity-Based Cryptography Standard (IBCS) #1: Supersingular Curve Implementations of the BF and BB1 Cryptosystems , 2007, RFC.

[17]  Adi Shamir,et al.  Identity-Based Cryptosystems and Signature Schemes , 1984, CRYPTO.

[18]  Marty Humphrey,et al.  Security for Grids , 2005, Proceedings of the IEEE.

[19]  Steven Tuecke,et al.  Internet X.509 Public Key Infrastructure (PKI) Proxy Certificate Profile , 2004, RFC.

[20]  Steven Tuecke,et al.  An online credential repository for the Grid: MyProxy , 2001, Proceedings 10th IEEE International Symposium on High Performance Distributed Computing.

[21]  Dan Boneh,et al.  Hierarchical Identity Based Encryption with Constant Size Ciphertext , 2005, EUROCRYPT.

[22]  David Pointcheval,et al.  Password-Based Authenticated Key Exchange in the Three-Party Setting , 2005, Public Key Cryptography.

[23]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[24]  Ben Lynn,et al.  Toward Hierarchical Identity-Based Encryption , 2002, EUROCRYPT.

[25]  Mihir Bellare,et al.  Random oracles are practical: a paradigm for designing efficient protocols , 1993, CCS '93.

[26]  Kenneth G. Paterson,et al.  A comparison between traditional public key infrastructures and identity-based cryptography , 2003, Inf. Secur. Tech. Rep..

[27]  Steven D. Galbraith,et al.  Supersingular Curves in Cryptography , 2001, ASIACRYPT.

[28]  Michael Waidner,et al.  Secure password-based cipher suite for TLS , 2001, NDSS.

[29]  Bodo Möller,et al.  Provably secure password-based authentication in TLS , 2005, ASIACCS '06.

[30]  Mihir Bellare,et al.  Authenticated Key Exchange Secure against Dictionary Attacks , 2000, EUROCRYPT.

[31]  Ian T. Foster,et al.  Security for Grid services , 2003, High Performance Distributed Computing, 2003. Proceedings. 12th IEEE International Symposium on.

[32]  R. V. van Nieuwpoort,et al.  The Grid 2: Blueprint for a New Computing Infrastructure , 2003 .

[33]  Bruce Schneier,et al.  Analysis of the SSL 3.0 protocol , 1996 .

[34]  Marty Humphrey,et al.  Mobile OGSI.NET: grid computing on mobile devices , 2004, Fifth IEEE/ACM International Workshop on Grid Computing.

[35]  Jim Basney,et al.  The case for using Bridge Certificate Authorities for Grid computing , 2005, Softw. Pract. Exp..

[36]  Rajkumar Buyya,et al.  Article in Press Future Generation Computer Systems ( ) – Future Generation Computer Systems Cloud Computing and Emerging It Platforms: Vision, Hype, and Reality for Delivering Computing as the 5th Utility , 2022 .

[37]  James B. D. Joshi,et al.  Supporting authorization query and inter-domain role mapping in presence of hybrid role hierarchy , 2006, SACMAT '06.

[38]  David Cooper,et al.  Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile , 2008, RFC.

[39]  Mihir Bellare,et al.  The AuthA Protocol for Password-Based Authenticated Key Exchange , 2000 .

[40]  Jim Basney,et al.  The MyProxy online credential repository , 2005, Softw. Pract. Exp..

[41]  Kenneth G. Paterson,et al.  Identity-based cryptography for grid security , 2005, First International Conference on e-Science and Grid Computing (e-Science'05).

[42]  Christopher Allen,et al.  The TLS Protocol Version 1.0 , 1999, RFC.

[43]  Jim Basney,et al.  Mechanisms for increasing the usability of grid security , 2005, Int. J. Hum. Comput. Stud..

[44]  Steven Tuecke,et al.  X.509 Proxy Certificates for Dynamic Delegation , 2004 .

[45]  R. Sandhu Password-Enabled PKI : Virtual Smartcards versus Virtual Soft Tokens , 2002 .

[46]  Peter Gutmann,et al.  Plug-and-Play PKI: A PKI Your Mother Can Use , 2003, USENIX Security Symposium.

[47]  Craig Gentry,et al.  Hierarchical ID-Based Cryptography , 2002, ASIACRYPT.

[48]  Paulo S. L. M. Barreto,et al.  Efficient Algorithms for Pairing-Based Cryptosystems , 2002, CRYPTO.

[49]  Richard J. Detry,et al.  Adapting globus and kerberos for a secure ASCI grid , 2001, SC.

[50]  Arjen K. Lenstra,et al.  Factorization of a 768-Bit RSA Modulus , 2010, CRYPTO.

[51]  James M. Hayes The problem with multiple roots in Web browsers-certificate masquerading , 1998, Proceedings Seventh IEEE International Workshop on Enabling Technologies: Infrastucture for Collaborative Enterprises (WET ICE '98) (Cat. No.98TB100253).

[52]  Chris J. Mitchell,et al.  Interoperation Between a Conventional PKI and an ID-Based Infrastructure , 2005, EuroPKI.

[53]  Steven D. Galbraith,et al.  Implementing the Tate Pairing , 2002, ANTS.

[54]  Ian T. Foster,et al.  A security architecture for computational grids , 1998, CCS '98.

[55]  K. Paterson,et al.  A Certificate-Free Grid Security Infrastructure Supporting Password-Based User Authentication ∗ , 2007 .

[56]  Theodore Y. Ts'o,et al.  Kerberos: an authentication service for computer networks , 1994, IEEE Communications Magazine.

[57]  Wenbo Mao,et al.  An Identity-based Non-interactive Authentication Framework for Computational Grids , 2004 .

[58]  Kenneth G. Paterson,et al.  Pairings for Cryptographers , 2008, IACR Cryptol. ePrint Arch..