摘要: 代理证书是网格安全基础设施(GSI)中关键机制之一,用户需要通过代理证书访问网格服务,但目前的GSI方案中缺乏有效的代理证书管理机制。针对代理证书的生命周期控制不灵活、证书容易受到攻击等问题,该文提出一种基于多级单向哈希链的网格代理证书管理方案。多级单向哈希链由2层或2层以上哈希链构成,每个代理证书都由一个哈希值保护,其有效时间能够得到自适应控制,增强了网格代理证书管理的安全性和任务成功率。实验表明网格环境下该方案计算和通信开销较小。
关键词:
网格安全基础设施,
代理证书,
多级单向哈希链,
哈希值
Abstract: Proxy Certificates(PCs) is one of key mechanisms in Grid Security Infrastructure(GSI). Users need PCs to access grid services. But there is no effective mechanism to manage the PCs in GSI. An adaptive proxy certificates management scheme based on hierarchical one-way hash chains in grids is presented to solve the problem that PCs’ lifetime does not be controlled neatly and PCs would be attacked easily. A hierarchical one-way chain consists of two or more levels of chains, where values of a first-level chain act as roots of a set of second-level chains and each PC is protected by a hash value, so the PCs’ available time can be controlled adaptively. Results show that the security of PCs management and success rate of tasks are improved. Experiments indicate computation and communication costs much lower in grid environments.
Key words:
Grid Security Infrastructure(GSI),
Proxy Certificates(PCs),
hierarchical one-way hash chains,
hash value
中图分类号:
刘 颖;余侃民;魏 军;姬正洲. 基于多级单向哈希链的网格代理证书管理[J]. 计算机工程, 2008, 34(5): 107-109.
LIU Ying; YU Kan-min; WEI Jun; JI Zheng-zhou. Grid Proxy Certificates Management Scheme Based on Hierarchical One-way Hash Chains[J]. Computer Engineering, 2008, 34(5): 107-109.