An Intrusion-Resilient Authorization and Authentication Framework for Grid Computing Infrastructure

A correctly and continually working authorization and authentication service is essential for the grid computing system, so it is very necessary to maintain efficient this service with high availability and integrity in the face of a variety of attacks. An intrusion-resilient framework of authorization and authentication service for grid computing system is presented in this paper. This service is able to provide fault tolerance and security even in the presence of a fraction of corrupted authorization and authentication servers, avoiding any single point of failure. We use a cryptographic (f, n) secret sharing scheme to distribute parts of the clients’ proxy certificates and use a secure multi-party computation scheme to perform the signatures such that the proxy certificate can be issued in a distributed fashion without reassembly when a legal client registrant at the Globus host. By using Non-Malleable Proof, the “man-in-the-middle attack” can be prevented; by distributing the secret data across several authorization and authentication servers, the compromise of a few servers will not compromise the availability of data. And, under the assumption of a Diffie-Hellman decisional problem, a passive adversary gets zero knowledge about the system’s private key X, and so cannot to issue the certification for any client, neither to impersonate a legal authorization and authentication server.