Proxy signatures for delegating signing operation
CCS '96 Proceedings of the 3rd ACM conference on Computer and communications security
The grid: blueprint for a new computing infrastructure
The grid: blueprint for a new computing infrastructure
Communications of the ACM
Wallet Databases with Observers
CRYPTO '92 Proceedings of the 12th Annual International Cryptology Conference on Advances in Cryptology
CRYPTO '97 Proceedings of the 17th Annual International Cryptology Conference on Advances in Cryptology
Optimal-resilience proactive public-key cryptosystems
FOCS '97 Proceedings of the 38th Annual Symposium on Foundations of Computer Science
A practical scheme for non-interactive verifiable secret sharing
SFCS '87 Proceedings of the 28th Annual Symposium on Foundations of Computer Science
Hi-index | 0.00 |
A correctly and continually working authorization and authentication service is essential for the grid computing system, so it is very necessary to maintain efficient this service with high availability and integrity in the face of a variety of attacks. An intrusion-resilient framework of authorization and authentication service for grid computing system is presented in this paper. This service is able to provide fault tolerance and security even in the presence of a fraction of corrupted authorization and authentication servers, avoiding any single point of failure. We use a cryptographic (f, n) secret sharing scheme to distribute parts of the clients’ proxy certificates and use a secure multi-party computation scheme to perform the signatures such that the proxy certificate can be issued in a distributed fashion without reassembly when a legal client registrant at the Globus host. By using Non-Malleable Proof, the “man-in-the-middle attack” can be prevented; by distributing the secret data across several authorization and authentication servers, the compromise of a few servers will not compromise the availability of data. And, under the assumption of a Diffie-Hellman decisional problem, a passive adversary gets zero knowledge about the system’s private key X, and so cannot to issue the certification for any client, neither to impersonate a legal authorization and authentication server.