Browse > Article

Privilege Delegation Protocol Providing Delegation Traceability Using ID-based Cryptosystem in X.509 Proxy Certificate Environment  

Lee, Youn-Ho (한국과학기술원 정보전자연구소)
Kim, Byung-Ho (경성대학교 컴퓨터공학과)
Publication Information
Journal of KIISE:Computer Systems and Theory / v.35, no.9_10, 2008 , pp. 441-451 More about this Journal
Abstract
Currently, the X.509 proxy certificate is widely used to delegate an entity's right to another entity in the computational grid environment. However it has two drawbacks: the potential security threat caused by intraceability of a delegation chain and the inefficiency caused by an interactive communication between the right grantor and the right grantee on the delegation protocol. To address these problems for computational grids, we propose a new delegation protocol without additional cost. We use an ID-based key generation technique to generate a proxy private key which is a means to exercise the delegated signing right. By applying the ID-based key generation technique, the proposed protocol has the delegation traceability and the non-interactive delegation property. Since the right delegation occurs massively in the computational grid environment, our protocol can contribute the security enhancement by providing the delegation traceability and the efficiency enhancement by reducing the inter-domain communication cost.
Keywords
Grid security; X.509 Proxy Certificate; Secure Delegation; Proxy Signature;
Citations & Related Records
연도 인용수 순위
  • Reference
1 F. Hess, "Efficient identity based signature schemes based on pairings," Proc. Selected Areas in Cryptography - SAC'02, Lecture Notes in Computer Science, Vol.2595, pp. 310-324, 2002
2 L. Perlman, V. Welch, I. Foster, C. Kesselman and S. Tuecke, "Internet X.509 Public Key Infrastructure (PKI) Proxy Certificate Profile," RFC 3820, 2004
3 V. Welch, I. Foster, C. Kesselman, O. Mulmo, L. Peralman, S. Tuecke, J. Gawor, S. Meder and F. Siebenlist, "X.509 Proxy Certificates for Dynamic Delegation," Proc. 3rd Annual PKI Workshop, 2003
4 K. Paterson, "ID-based signatures from pairings on elliptic curves," Electronics Letters, Vol.38, No.18, pp. 1025-1026, 2002   DOI   ScienceOn
5 Y. Kawahara, T. Takagi, E. Okamoto, "Efficient Implementation of Tate Pairing on Mobile Phone using Java," International Conferences on Computational Intelligence and Security, CIS 2006, pp. 1247-1251
6 A. Shamir, "Identity-based cryptosystems and signature schemes," Proc. of Crypto'84, Lecture Notes in Computer Science, Vol. 196, pp. 47-53, 1985
7 Globus project, http://www.globus.org
8 R. P. Brent, "Recent Progress and Prospects for Integer Factorisation Algorithms," Computing and Combinatorics: 6th Annual International Conference - COCOOON 2000, LNCS, Vol.1858, pp. 3-22, 2000
9 The Globus Alliance Website, http://www.globus. org/toolkit/downloads/4.0.5/#source
10 I. Foster, C. Kesselman, and S. Tuecke, "The Anatomy of the Grid: Enabling Scalable Virtual Organizations," The international journal of high performance computing applications, Vol.15, No.3, pp. 200-222, 2001   DOI   ScienceOn
11 PBC Library (The Pairing-based Cryptography Library) http://crypto.stanford.edu/pbc
12 C. Cha and J. Cheon, "An identity-based signature from gap Diffie-Hellman groups," Proc. Public Key Cryptography - PKC 2003, Lecture Notes in Computer Science, Vol.2139, pp. 18-30, 2003. 11
13 I. Foster, C. Kesselman, G. Tsudik and S. Tuecke, "A Security Architecture for Computational Grids," Proc. 5th ACM Conference on Computers and Communications Security, pp. 83-91, 1998
14 B. Neuman, "Proxy-based authorization and accounting for distributed systems," Proc. 13th International Conference of Distributed Computing Systems, pp. 283-291, 1993
15 Teraflops Research Chip. http://techresearch.intel.com/ articles/Tera-Scale/1449.htm