Using Hash Tree for Delegation Revocation in Grids  

作　　者：Chi-Tung Chen Ming-Tsun Lin Iuon-Chang Lin 

机构地区：[1]Department of Distribution Management, National Chin-Yi University of Technology [2]Department of Computer Science and Information Engineering, Asia University [3]Department of Management Information Systems, National Chung Hsing University [4]Department of Photonics and Communication Engineering, AsiaUniversity

出　　处：《Journal of Electronic Science and Technology》2012年第3期256-262,共7页电子科技学刊（英文版）

基　　金：supported by the National Science Council under Grant No. NSC100-2410-H-005-046

摘　　要：Grid security infrastructure （GSI） provides the security in grids by using proxy certificates to delegate the work of authentication. At present, revocation proxy certificate has two kinds of methods, one is using certificate revocation list （CRL） and the other is giving the certificate a short period of validity. However, when a lot of certifications are revoked, CRL will be the burden in the system. If the certificate has a short period of validity, entities should be often updating the certificate. In this paper, we propose a scheme for proxy certificate revocation using hash tree. Our scheme only needs hash value comparisons to achieve the purpose of certificate revocation. Previous two methods have to wait the expiration of the certificate. Therefore, our scheme is more flexible than previous methods.Grid security infrastructure （GSI） provides the security in grids by using proxy certificates to delegate the work of authentication. At present, revocation proxy certificate has two kinds of methods, one is using certificate revocation list （CRL） and the other is giving the certificate a short period of validity. However, when a lot of certifications are revoked, CRL will be the burden in the system. If the certificate has a short period of validity, entities should be often updating the certificate. In this paper, we propose a scheme for proxy certificate revocation using hash tree. Our scheme only needs hash value comparisons to achieve the purpose of certificate revocation. Previous two methods have to wait the expiration of the certificate. Therefore, our scheme is more flexible than previous methods.

关 键 词：DELEGATION grid computing gridsecurity hash tree. 

分 类 号：TP393.08[自动化与计算机技术—计算机应用技术] TP309[自动化与计算机技术—计算机科学与技术]