Skip to main content
SpringerLink
Log in

Identity-based cryptography for grid security

  • Regular Contribution
  • Published:
International Journal of Information Security Aims and scope Submit manuscript

Abstract

The majority of current security architectures for grid systems use public key infrastructure (PKI) to authenticate identities of grid members and to secure resource allocation to these members. Identity-based cryptography (IBC) has some attractive properties that seem to align well with the demands of grid computing. This paper presents a comprehensive investigation into the use of identity-based techniques to provide an alternative grid security architecture. We propose a customised identity-based key agreement protocol, which fits nicely with the grid security infrastructure (GSI). We also present a delegation protocol, which is simpler and more efficient than existing delegation methods. Our study shows that properties of IBC can be exploited to provide grid security services in a more natural and clean way than more conventional public key cryptosystems, such as RSA.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Agrawal, S., Boneh, D., Boyen, X.: Efficient lattice (H)IBE in the standard model. In: Gilbert, H. (ed.), Advances in Cryptology—Proceedings of EUROCRYPT 2010, pp. 553–572. Springer, LNCS 6110, June 2010

  2. Ahuja S.P., Myers J.R.: A survey on wireless grid computing. J. Supercomput. 37(1), 3–21 (2006)

    Article  Google Scholar 

  3. Al-Riyami, S.S., Paterson, K.G.: Certificateless public key cryptography. In: Laih, C.S. (ed.), Advances in Cryptology—Proceedings of ASIACRYPT 2003, pp. 452–473. Springer, LNCS 2894, November 2003

  4. Alfieri R., Cecchini R., Ciaschini V., dell’ Agnello L., Frohner Á., Lőrentey K., Spataro F.: From gridmap-file to VOMS: managing authorization in a Grid environment. Futur. Gener. Comput. Syst. 21(4), 549–558 (2005)

    Article  Google Scholar 

  5. Au, M.H., Liu, J.K., Yuen, T.H., Wong, D.S.: Practical hierarchical identity based encryption and signature schemes without random oracles. Cryptology ePrint Archive, Report 2006/368, December 2006. Available at http://eprint.iacr.org/2006/368

  6. Barr K., Asanović K.: Energy aware lossless data compression. ACM Trans. Comput. Syst. 24(3), 250–291 (2006)

    Article  Google Scholar 

  7. Barreto P.S.L.M., Galbraith S.D., Ó’ hÉigeartaigh C., Scott M.: Efficient pairing computation on supersingular abelian varieties. Des. Codes Cryptogr. 42(3), 239–271 (2007)

    Article  MATH  MathSciNet  Google Scholar 

  8. Barreto, P.S.L.M., Kim, H.Y., Lynn, B., Scott, M.: Efficient algorithms for pairing-based cryptosystems. In: Yung, M., (ed.) Advances in Cryptology—Proceedings of CRYPTO 2002, pp. 354–368. Springer, LNCS 2442 (2002)

  9. Basney J., Humphrey M., Welch V.: The MyProxy online credential repository. J. Softw. Pract. Exp 35(9), 817–826 (2005)

    Article  Google Scholar 

  10. Blake-Wilson, S., Johnson, D., Menezes, A.: Key agreement protocols and their security analysis. In: Darnell, M. (ed.) Proceedings of the 6th IMA International Conference on Cryptography and Coding (IMA ’97), pp. 30–45. Springer, LNCS 1355, December 1997

  11. Boneh, D., Boyen, X., Goh, E.: Hierarchical identity based encryption with constant size ciphertext. In: Cramer, R., (ed.), Advances in Cryptology—Proceedings of EUROCRYPT 2005, pp. 440–456. Springer, LNCS 3494, May 2005

  12. Boneh, D., Franklin, M.: Identity-based encryption from the Weil pairing. In: Kilian, J. (ed.), Advances in Cryptology—Proceedings of CRYPTO 2001, pp. 213–229. Springer, LNCS 2139, August 2001

  13. Boneh, D., Gentry, C., Hamburg, M.: Space-efficient identity based encryption without pairings. In: Proceedings of the 48th Annual Symposium on Foundations of Computer Science (FOCS 2007), pp. 647–657. IEEE Computer Society Press, October 2007

  14. Canetti, R.: Universally composable security: A new paradigm for cryptographic protocols. In Proceedings of the 42nd Annual Symposium on Foundations of Computer Science (FOCS 2002), pp. 136–145. IEEE Computer Society Press, October 2002

  15. Canvel, B., Hiltgen, A., Vaudenay, S., Vuagnoux, M.: Password interception in a SSL/TLS channel. In Boneh, D. (ed.), Advances in Cryptology—Proceedings of CRYPTO 2003, pp. 583–599. Springer, LNCS 2729 (2003)

  16. Chadwick D.W., Otenko A.: The PERMIS X.509 role based privilege management infrastructure. Futur. Gener. Comput. Syst. 19(2), 277–289 (2003)

    Article  Google Scholar 

  17. Chiu, K., Govindaraju, M., Bramley, R.: Investigating the limits of SOAP performance for scientific computing. In: Proceedings of 11th IEEE Symposium on High Performance Distributed Computing, pp. 246–254. IEEE Computer Society Press, July 2002

  18. Crampton, J., Lim, H.W., Paterson, K.G., Price, G.: A certificate-free grid security infrastructure supporting password-based user authentication. In: Proceedings of the 6th Annual PKI R&D Workshop 2007, pp. 103–118. NIST Interagency Report 7427, September 2007

  19. Dierks, T., Allen, C.: The TLS protocol version 1.0. The Internet Engineering Task Force (IETF). RFC 2246, January 1999

  20. Eastlake, D., Reagle, J.M., Solo, D.: (Extensible Markup Language) XML-Signature syntax and processing. The Internet Engineering Task Force (IETF). RFC 3275, March 2002

  21. Eastlake, D., Reagle, J.M. (eds.) XML Encryption Syntax and Processing. December 2002. Available at http://www.w3.org/TR/xmlenc-core/

  22. Ellison C., Schneier B.: Ten risks of PKI: what you’re not being told about public key infrastructure. Comput. Secur. J. 16(1), 1–7 (2000)

    Article  Google Scholar 

  23. Foster I., Kesselman C.: Globus: a metacomputing infrastructure toolkit. Int. J. Supercomput. Appl. 11(2), 115–128 (1997)

    Article  Google Scholar 

  24. Foster, I., Kesselman, C. (eds): The Grid 2: Blueprint for a New Computing Infrastructure. Elsevier, San Francisco (2004)

    Google Scholar 

  25. Foster, I., Kesselman, C., Tsudik, G., Tuecke, S.: A security architecture for computational Grids. In: Proceedings of the 5th ACM Computer and Communications Security Conference (CCS ’98), pp. 83–92. ACM Press, November 1998

  26. Foster I., Kesselman C., Tuecke S.: The anatomy of the Grid: enabling scalable virtual organizations. Int. J. High Perform. Comput. Appl. 15(3), 200–222 (2001)

    Article  Google Scholar 

  27. Freeman D., Scott M., Teske E.: A taxonomy of pairing-friendly elliptic curves. J. Cryptol. 23(2), 224–280 (2010)

    Article  MATH  MathSciNet  Google Scholar 

  28. Frey G., Müller M., Rück H.: The Tate pairing and the discrete logarithm applied to elliptic curve cryptosystems. IEEE Trans. Inf. Theor. 45(5), 1717–1719 (1999)

    Article  MATH  Google Scholar 

  29. Gajek, S., Manulis, M., Pereira, O., Sadeghi, A., Schwenk, J.: Universally composable security analysis of TLS. In: Baek, J., Bao, F., Chen, K., Lai, X. (eds.) Proceedings of the 2nd International Conference on Provable Security (ProvSec 2008), pp. 313–327. Springer, LNCS 5324, October 2008

  30. Galbraith, S.D.: Supersingular curves in cryptography. In: Boyd, C., (ed), Advances in Cryptology—Proceedings of ASIACRYPT 2001, pp. 495–513. Springer, LNCS 2248, December 2001

  31. Galbraith, S.D.: Pairings. In: Blake, I.F., Seroussi, G., Smart, N.P., (eds.) Chapter 9 of Advances in Elliptic Curve Cryptography, pp. 183–213. Cambridge University, Cambridge Press, LMS 317 (2005)

  32. Galbraith, S.D., Harrison, K., Soldera, D.: Implementing the Tate pairing. In: Fieker, C., Kohel, D.R., (eds.) Proceedings of the 5th International Symposium on Algorithmic Number Theory (ANTS-V), pp. 324–337. Springer, LNCS 2369 (2002)

  33. Galbraith S.D., Paterson K.G., Smart N.P.: Pairings for cryptographers. Discret. Appl. Math. 156(16), 3113–3121 (2008)

    Article  MATH  MathSciNet  Google Scholar 

  34. Gentry, C., Silverberg, A.: Hierarchical ID-based cryptography. In: Zheng, Y. (ed) Advances in Cryptology—Proceedings of ASIACRYPT 2002, pp. 548–566. Springer, LNCS 2501, December 2002

  35. Gutmann P.: PKI: it’s not dead, just resting. IEEE Comput. 35(8), 41–49 (2002)

    Google Scholar 

  36. Hey T., Trefethen A.E.: The UK e-Science core programme and the grid. Futur. Gener. Comput. Syst. 18(8), 1017–1031 (2002)

    Article  MATH  Google Scholar 

  37. Horwitz, J., Lynn, B.: Towards hierarchical identity-based encryption. In: Knudsen, L.R. (ed.) Advances in Cryptology— Proceedings of EUROCRYPT 2002, pp. 466–481. Springer, LNCS 2332, May 2002

  38. Housley, R., Polk, W., Ford, W., Solo, D.: Internet X.509 public key infrastructure certificate and certificate revocation list (CRL) profile. The Internet Engineering Task Force (IETF). RFC 3280, April 2002

  39. Huang, X., Chen, L., Huang, L., Li, M.: An identity-based grid security infrastructure model. In: Deng, R.H., Bao, F., Pang, H., Zhou, J., (eds.) Proceedings of the 1st International Conference on Information Security Practice and Experience (ISPEC 2005), pp. 314–325. Springer, LNCS 3439 (2005)

  40. Kemp, J., Cantor, S., Mishra, P., Philpott, R., Maler, E. (eds). Assertions and Protocols for the OASIS Security Assertion Markup Language (SAML) Version 2.0. OASIS Standard 200503, March 2005

  41. Kornievskaia, O., Honeyman, P., Doster, B., Coffman, K.: Kerberized credential translation: A solution to web access control. In: Proceedings of the 10th USENIX Security Symposium, pp. 235–250, August 2001

  42. Krawczyk, H.: The order of encryption and authentication for protecting communications (or: How secure is SSL?). In: Kilian, J., (ed.) Advances in Cryptology—Proceedings of CRYPTO 2001, pp. 310–331. Springer, LNCS 2139, August 2001

  43. Lim, H.W., Paterson, K.G.: Identity-based cryptography for grid security. In: Stockinger, H., Buyya, R., Perrott, R. (eds.) Proceedings of the 1st IEEE International Conference on e-Science and Grid Computing (e-Science 2005), pp. 395–404. IEEE Computer Society Press, December 2005

  44. Lim, H.W., Robshaw, M.J.B.: On identity-based cryptography and Grid computing. In: Bubak, M., Albada G.D.V., Sloot, P.M.A., Dongarra, J.J. (eds.) Proceedings of the 4th International Conference on Computational Science (ICCS 2004), pp. 474–477. Springer, LNCS 3036, June 2004

  45. Linn, J.: Generic security service application program interface version 2, update1. The Internet Engineering Task Force (IETF). RFC 2743, January 2000

  46. Mao, W.: An identity-based non-interactive authentication framework for computational Grids. HP Lab, Technical Report HPL-2004-96, June 2004

  47. McKnight L.W., Howison J., Bradner S.: Wireless grids: distributed resource sharing by mobile, nomadic, and fixed devices. IEEE Internet Comput. 8(4), 24–31 (2004)

    Article  Google Scholar 

  48. Meder, S., Welch, V., Tuecke, S., Engert, D.: GSS-API Extensions. Global Grid Forum (GGF) Grid Security Infrastructure Working Group, June 2004. Available at http://www.ggf.org/documents/GFD.24.pdf, last accessed in July 2007

  49. Morrissey, P., Smart, N.P., Warinschi, B.: A modular security analysis of the TLS handshake protocol. In: Pieprzyk, J., (ed.) Advances in Cryptology—Proceedings of ASIACRYPT 2008, pp. 55–73. Springer, LNCS 5350, December 2008

  50. Moses, T. (ed.): eXtensible Access Control Markup Language (XACML) Version 2.0. OASIS Standard 200502, February 2005

  51. Neuman B.C., Ts’o T.: Kerberos: an authentication service for computer networks. IEEE Commun. 32(9), 33–38 (1994)

    Article  Google Scholar 

  52. Novotny, J., Tuecke, S., Welch, V.: An online credential repository for the Grid: MyProxy. In Proceedings of the 10th IEEE International Symposium on High Performance Distributed Computing (HPDC-10 2001), pp. 104–111. IEEE Computer Society Press, August (2001)

  53. The OpenSSL Project. OpenSSL: The Open Source Toolkit for SSL/TLS. 2010. Available at http://www.openssl.org/

  54. Paterson, K.G.: Cryptography from pairings. In: Blake, I.F., Seroussi, G., Smart, N.P. (eds.) Chapter 10 of Advances in Elliptic Curve Cryptography, pp. 215–251. Cambridge, 2005. Cambridge University Press, LMS 317

  55. Paterson K.G., Price G.: A comparison between traditional public key infrastructures and identity-based cryptography. Inf. Secur. Tech. Report. 8(3), 57–72 (2003)

    Article  Google Scholar 

  56. Paulson L.C.: Inductive analysis of the Internet protocol TLS. ACM Tran. Inf. Syst. Secur. 2(3), 332–351 (1999)

    Article  Google Scholar 

  57. Pearlman, L., Welch, V., Foster, I., Kesselman, C., Tuecke, S.: A community authorization service for group collaboration. In: Proceedings of the 3rd IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY’02), pp. 50–59. IEEE Computer Society Press, June 2002

  58. Phan, T., Huang, L., Dulan, C.: Challenge: Integrating mobile wireless devices into the computational grid. In: Proceedings of the 8th ACM International Conference on Mobile Computing and Networking (MOBICOM 2002), pp. 271–278. ACM Press (2002)

  59. Rice, G.: PKI challenges: An industry analysis. In: Zhou, J., Kang, M-C., Bao, F., Pang, H.-H. (eds.), Proceedings of the 4th International Workshop for Applied PKI (IWAP 2005), pp. 3–16. Volume 128 of FAIA, IOS Press (2005)

  60. Sakai, R., Ohgishi, K., Kasahara, M.: Cryptosystems based on pairing. In Proceedings of the 2000 Symposium on Cryptography and Information Security (SCIS 2000). January 2000

  61. Scott, M.: Computing the Tate pairing. In Menezes, A. (ed.), Proceedings of the RSA Conference: Topics in Cryptology—the Cryptographers’ Track (CT-RSA 2005), pp. 293–304. Springer, LNCS 3376 (2005)

  62. Shamir, A.: Identity-based cryptosystems and signature schemes. In: Blakley, G.R., Chaum, D. (eds.), Advances in Cryptology—Proceedings of CRYPTO ’84, pp. 47–53. Springer, LNCS 196, August 1985

  63. Shamus Software Ltd. MIRACL. Available at http://www.shamus.ie/

  64. Shirasuna, S., Slominski, A., Fang, L., Gannon, D.: Performance comparison of security mechanisms for grid services. In: Proceedings of 5th IEEE/ACM International Workshop on Grid Computing (GRID2004), pp. 360–364. IEEE Computer Society Press, November 2004

  65. Thompson M.R., Essiari A., Mudumbai S.: Certificate-based authorization policy in a PKI environment. ACM Trans Inf. Syst. Secur. 6(4), 566–588 (2003)

    Article  Google Scholar 

  66. Tuecke, S., Welch, V., Engert, D., Pearlman, L., Thompson, M.R.: Internet X.509 public key infrastructure proxy certificate profile. The Internet Engineering Task Force (IETF). RFC 3820, June 2004

  67. Vaudenay, S.: Security flaws induced by CBC padding— applications to SSL, IPSEC, WTLS... In: Knudsen, L.R. (ed.), Advances in Cryptology—Proceedings of EUROCRYPT 2002, pp. 534–546. Springer, LNCS 2332 (2002)

  68. Wagner, D., Schneier, B.: Analysis of the SSL 3.0 protocol. In: Proceedings of the 2nd USENIX Workshop on Electronic Commerce, pp. 29–40, November 1996

  69. Welch, V., Foster, I., Kesselman, C., Mulmo, O., Pearlman, L., Tuecke, S., Gawor, J., Meder, S., Siebenlist, F.: X.509 proxy certificates for dynamic delegation. In: Proceedings of the 3rd Annual PKI R&D Workshop, pp. 42–58. NIST Interagency Report, April 2004

  70. Welch, V., Siebenlist, F., Foster, I., Bresnahan, J., Czajkowski, K., Gawor, J., Kesselman, C., Meder, S., Pearlman, L., Tuecke, S.: Security for Grid services. In: Proceedings of the 12th IEEE International Symposium on High Performance Distributed Computing (HPDC-12 2003), pp. 48–61. IEEE Computer Society Press, June 2003

Download references

Author information

Authors and Affiliations

  1. Coding and Cryptography Research Group, Nanyang Technological University, Singapore, Singapore

    Hoon Wei Lim

  2. Information Security Group, Royal Holloway, University of London, London, UK

    Kenneth G. Paterson

Authors
  1. Hoon Wei Lim
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Kenneth G. Paterson
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Hoon Wei Lim.

Additional information

A preliminary version of this work appeared in [43].

Rights and permissions

Reprints and permissions

About this article

Cite this article

Lim, H.W., Paterson, K.G. Identity-based cryptography for grid security. Int. J. Inf. Secur. 10, 15–32 (2011). https://doi.org/10.1007/s10207-010-0116-z

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10207-010-0116-z

Keywords

Search

Navigation