摘要： 针对网格安全基础设施中公钥基础设施(PKI)认证机制效率较低的缺点，提出一种基于Kerberos和HIBC的网格认证模型，分别设计域内、域间和私钥产生器之间的认证机制。一级信任域使用Kerberos完成认证，二级信任域通过HIBC完成相互认证。该模型能够实现相互认证、抗中间人攻击，具有不可抵赖性。分析结果表明，无论从计算量还是通信量方面，该模型均优于原有的公钥基础设施认证机制，具有较高的安全性且对系统参数无限制，能较好地满足网格的自治性。

关键词: 安全认证, 网格, 信任域, 私钥产生器, 公钥基础设施

Abstract: Because of the low efficiency of Public Key Infrastructure(PKI) authentication mechanism in Grid Security Infrastructure(GSI), this paper designs an authentication model based on Kerberos and Hierarchical ID-based Cryptography(HIBC). Authentication methods between two grid entities in a domain, from two domains and authentication method between PKG are illustrated. Entities in first domain authenticates to each other through Kerberos. Entities in second domain authenticates to each other through HIBC. This model can meet the demand of authentication need in large scale grid. Analysis result shows that the new model is better than previous PKI authentication method in computation and communication. At the same time, it has better security and meets demand of autonomous grid.

Key words: security authentication, grid, trust domain, Private Key Generator(PKG), Public Key Infrastructure(PKI)

中图分类号: 

• TP309.2