基于单向哈希链和多重证书的网格安全方案  

A NEW GRID SECURITY SCHEME BASED ON ONE-WAY HASH CHAIN AND MULTIPLE CERTIFICATES

在线阅读下载全文

作  者:刘颖[1] 夏靖波[1] 汪胜荣[1] 刘佳[1] 

机构地区:[1]空军工程大学电讯工程学院,陕西西安710077

出  处:《计算机应用与软件》2005年第10期76-77,共2页Computer Applications and Software

基  金:陕西省自然科学基金项目(2004F14)

摘  要:本文分析了网格安全基础设施(Grid Security Infrastructure,GSI)中传统的证书撤销机制存在的问题,并提出了一种新的联合证书撤销方案。该方案使用单向哈希链和多重证书来改进证书撤销机制。CA的部分功能被分散到其它网格节点,避免了网格环境下的拥塞和单点失败。不同CA颁发的证书能够进行交叉认证,用户可以验证证书的有效性而无需从该证书的颁发CA重新获得撤销信息。因此该方案可以保证证书撤销的实时性。为了研究方案性能,和其他三种传统的证书撤销方案进行了对比实验。结果表明,相对传统的证书撤销机制本文所提出的联合证书撤销方案能使峰值请求率降低、峰值带宽变窄、安全风险降低。This paper analyses security drawbacks of traditional certificates revocation in GSI. And we bring forward a new united certificate revocation scheme. In our scheme, one-way hash chains, novel multiple certificates and CRLs shared mode are proposed to improve the revocation mechanism. So partaal functions of CA are distributed to other Grid nodes, congestion and single-point failure is avoided in Grid environments. The certificates issued by different CAs could carry out mutual authentication, and users can verify the validity of certificates without retrieving the revocation information from the CA which issues the certificates. So real-time of certificates revocation can be ensured in our scheme. To study the performance, three classical revocation schemes are used to compare with our united revocation scheme in the experiments. Results show that the peak request value of united revocation is lower than other three schemes and the peak bandwidth value is narrower and the risk is reduced.

关 键 词:网格网格安全基础设施 单向哈希链 多重证书 CRL共享模式 网格节点 证书 安全方案 多重 哈希 单向 

分 类 号:TP301.6[自动化与计算机技术—计算机系统结构] TP393.08[自动化与计算机技术—计算机科学与技术]

 

参考文献:

正在载入数据...

 

二级参考文献:

正在载入数据...

 

耦合文献:

正在载入数据...

 

引证文献:

正在载入数据...

 

二级引证文献:

正在载入数据...

 

同被引文献:

正在载入数据...

 

相关期刊文献:

正在载入数据...

相关的主题
相关的作者对象
相关的机构对象