计算机工程 ›› 2013, Vol. 39 ›› Issue (5): 140-143,147.doi: 10.3969/j.issn.1000-3428.2013.05.030

• 安全技术 • 上一篇    下一篇

基于Kerberos和HIBC的网格认证模型

刘 军,樊琳娜,吴兆峰,郭继斌   

  1. (解放军理工大学通信工程学院,南京 210007)
  • 收稿日期:2012-06-19 出版日期:2013-05-15 发布日期:2013-05-14
  • 作者简介:刘 军(1969-),男,副教授、硕士,主研方向:信息安全,软件工程;樊琳娜、吴兆峰、郭继斌,硕士
  • 基金项目:
    江苏省自然科学基金资助项目“时间相关密码协议逻辑系统研究”(BK2008090)

Grid Authentication Model Based on Kerberos and HIBC

LIU Jun, FAN Lin-na, WU Zhao-feng, GUO Ji-bin   

  1. (Institute of Communication Engineering, PLA University of Science and Technology, Nanjing 210007, China)
  • Received:2012-06-19 Online:2013-05-15 Published:2013-05-14

摘要: 针对网格安全基础设施中公钥基础设施(PKI)认证机制效率较低的缺点,提出一种基于Kerberos和HIBC的网格认证模型,分别设计域内、域间和私钥产生器之间的认证机制。一级信任域使用Kerberos完成认证,二级信任域通过HIBC完成相互认证。该模型能够实现相互认证、抗中间人攻击,具有不可抵赖性。分析结果表明,无论从计算量还是通信量方面,该模型均优于原有的公钥基础设施认证机制,具有较高的安全性且对系统参数无限制,能较好地满足网格的自治性。

关键词: 安全认证, 网格, 信任域, 私钥产生器, 公钥基础设施

Abstract: Because of the low efficiency of Public Key Infrastructure(PKI) authentication mechanism in Grid Security Infrastructure(GSI), this paper designs an authentication model based on Kerberos and Hierarchical ID-based Cryptography(HIBC). Authentication methods between two grid entities in a domain, from two domains and authentication method between PKG are illustrated. Entities in first domain authenticates to each other through Kerberos. Entities in second domain authenticates to each other through HIBC. This model can meet the demand of authentication need in large scale grid. Analysis result shows that the new model is better than previous PKI authentication method in computation and communication. At the same time, it has better security and meets demand of autonomous grid.

Key words: security authentication, grid, trust domain, Private Key Generator(PKG), Public Key Infrastructure(PKI)

中图分类号: