A New United Certificate Revocation Scheme in Grid Environments

A New United Certificate Revocation Scheme in Grid Environments

This paper analyses security drawbacks of traditional certificates revocation in GSI. And we bring forward a new united certificate revocation scheme. In our scheme, one-way hash chains, novel multiple certificates and CRLs shared mode are proposed to improve the revocation mechanism. So partial fun...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Liu, Ying, Wang, Sheng-rong, Xia, Jing-bo, Wei, Jun
Format: Tagungsbericht
Sprache:eng
Schlagworte:
Applied sciences
Computer science
control theory
systems
Computer systems and distributed systems. User interface
Exact sciences and technology
Globus Toolkit
Grid Environment
Grid Node
Grid Service
Mutual Authentication
Software
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:This paper analyses security drawbacks of traditional certificates revocation in GSI. And we bring forward a new united certificate revocation scheme. In our scheme, one-way hash chains, novel multiple certificates and CRLs shared mode are proposed to improve the revocation mechanism. So partial functions of CA are distributed to other Grid nodes, congestion and single-point failure is avoided in Grid environments. The certificates issued by different CAs could carry out mutual authentication, and users can verify the validity of certificates without retrieving the revocation information from the CA which issues the certificates. To study the performance, three classical revocation schemes are used to compare with our united revocation scheme in the experiments. Simulation results and analysis show that the peak request value of united revocation is lower than other three schemes and the peak bandwidth value is narrower and the risk is reduced.
ISSN:0302-9743
1611-3349
DOI:10.1007/11590354_16