基于身份的网格安全体系结构研究
Research on ID-based Grid Security Architecture
作者:于代荣(济南大学信息科学与工程学院);杨扬(北京科技大学 信息工程学院,北京 100083);李盛阳(中国科学院 光电研究院,北京 100190)
Author:YU Dai-Rong(School of Information and Science Engineering, Jinan University);杨扬(Info. Eng. School, Univ. of Sci. and Technol.,Beijing 100083,China);李盛阳(Academy of OptoElectronics, Chinese Academy of Sciences,Beijing 100190,China)
收稿日期:2008-06-23 年卷(期)页码:2009,41(2):200-205
期刊名称:工程科学与技术
Journal Name:Advanced Engineering Sciences
关键字:网格; 安全体系结构; IBC(ID-based cryptography); HIBC(hierarchical ID-based cryptography); GSI(Grid Security Infrastructure)
Key words:Grid, security architecture, IBC (ID-based cryptography), HIBC(hierarchical ID-based cryptography), GSI (Grid Security Infrastructure)
基金项目:国家自然科学基金; 高校基金
中文摘要
为了克服PKI证书机制对GSI规模化发展的制约, 本文在分析GSI中证书机制局限性的基础上, 将HIBC引入到GSI中, 使用HIBC签名方案代替GSI中的PKI数字证书签名并进行扩展, 提出一种基于身份的网格安全体系结构IBGSI(ID-based GSI), 进而给出了结合HIBC方案改进TLS握手协议的方法, 并通过一组协议控制下的实体交互过程定义IBGSI的协议结构. 论文从分层身份结构、认证结构和协议结构三个方面对IBGSI进行了研究, 研究结果表明IBGSI体系结构融合了GSI与IBC的优势, 能够重用GSI的安全服务且便于部署, 并获得IBC轻量、高效的优点.
英文摘要
In order to improve the scalability of GSI which is restricted by PKI’s certification mechanism, a grid security architecture named IBGSI(ID-based GSI) was proposed in which PKI signature scheme was substituted by HIBC signature scheme. Furthermore, TLS handshake protocol was improved to fit for HIBC scheme. At last, IBGSI’s protocol architecture was defined by designing a set of entity interaction operation sequences. In this paper, hierarchical identity architecture, authentication architecture and protocol architecture were researched on about IBGSI. The result showed that IBGSI have advantages of lightweight and efficiency of IBC and advantages of security service of GSI, as well as easy to deploy.
【关闭】
