A Grid Authentication System with Revocation Guarantees
نویسندگان
چکیده
Credential revocation is a critical problem in grid environments and remains unaddressed in existing grid security solutions. We present a novel grid authentication system that solves the revocation problem. It guarantees instantaneous revocation of both long-term digital identities of hosts/users and short-lived identities of user proxies. With our approach, revocation information is guaranteed to be fresh with high time-granularity. Our system employs mediated RSA (mRSA), adapts Boneh's notion of semi-trusted mediators to suit security in virtual organizations and propagates proxy revocation information as in Micali's NOVOMODO system. Our approach's added benefits include a configuration-free security model for end-users of the grid and fine-grained management of users' delegation capabilities.
منابع مشابه
DoS-Resistant Attribute-Based Encryption in Mobile Cloud Computing with Revocation
Security and privacy are very important challenges for outsourced private data over cloud storages. By taking Attribute-Based Encryption (ABE) for Access Control (AC) purpose we use fine-grained AC over cloud storage. In this paper, we extend previous Ciphertext Policy ABE (CP-ABE) schemes especially for mobile and resource-constrained devices in a cloud computing environment in two aspects, a ...
متن کاملA Mediated RSA-based End Entity Certificates Revocation Mechanism with Secure Concerned in Grid
The End Entity Certificates (EECs) revocation mechanism in Grid Security Infrastructure (GSI) adopts Certificate Revocation List (CRL) currently. However, CRL is an inefficient mechanism with drawbacks of “time granularity problem” and unmanageable sizes. This paper presents a new EECs revocation mechanism MEECRM (Mediated RSA-based End Entity Certificates Revocation Mechanism) to eliminate “ke...
متن کاملPUCA: A pseudonym scheme with strong privacy guarantees for vehicular ad-hoc networks
Pseudonym certificates are the state-of-the-art approach for secure and privacy-friendly message authentication in vehicular ad-hoc networks. However, most of the proposed pseudonym schemes focus on privacy among participants. Privacy towards backend providers is usually (if at all) only protected by separation of responsibilities. The protection can be overridden, when the entities collaborate...
متن کاملA Lightweight Privacy-preserving Authenticated Key Exchange Scheme for Smart Grid Communications
Smart grid concept is introduced to modify the power grid by utilizing new information and communication technology. Smart grid needs live power consumption monitoring to provide required services and for this issue, bi-directional communication is essential. Security and privacy are the most important requirements that should be provided in the communication. Because of the complex design of s...
متن کاملA Lightweight Mutual Authentication Based on Proxy Certificate Trust List
We propose Proxy Certificate Trust List (PCTL) to efficiently record delegation traces for grid computing. Our security solution based on PCTL provides functions as follows: (1) On-demand inquiries about real time delegation information of grid computing underway; (2) Lightweight mutual authentication that is beneficial for proxy nodes with limited computation power as wireless devices in mobil...
متن کامل