Abstract
This paper analyses security drawbacks of traditional certificates revocation in GSI. And we bring forward a new united certificate revocation scheme. In our scheme, one-way hash chains, novel multiple certificates and CRLs shared mode are proposed to improve the revocation mechanism. So partial functions of CA are distributed to other Grid nodes, congestion and single-point failure is avoided in Grid environments. The certificates issued by different CAs could carry out mutual authentication, and users can verify the validity of certificates without retrieving the revocation information from the CA which issues the certificates. To study the performance, three classical revocation schemes are used to compare with our united revocation scheme in the experiments. Simulation results and analysis show that the peak request value of united revocation is lower than other three schemes and the peak bandwidth value is narrower and the risk is reduced.
This research is supported by Shaanxi Provincial Natural Science Foundation of China under Grant No. 2004F14.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Welch, V.: Security for Grid Services. In: Twelfth International Symposium on High Performance Distributed Computing (HPDC 12). IEEE Press, Los Alamitos (2003)
Kocher, P.: On Certificate Revocation and Validation. In: Hirschfeld, R. (ed.) FC 1998. LNCS, vol. 1465, pp. 172–177. Springer, Heidelberg (1998)
Gassko, I., Gemmell, P.S., MacKenzie, P.: Efficient and Fresh Certification. In: Imai, H., Zheng, Y. (eds.) PKC 2000. LNCS, vol. 1751, pp. 342–353. Springer, Heidelberg (2000)
Rivest, R.: Can We Eliminate Certificate Revocation Lists. In: Hirschfeld, R. (ed.) FC 1998. LNCS, vol. 1465, pp. 178–183. Springer, Heidelberg (1998)
Berson, T.A., Gong, L., Lomas, T.M.A.: Secure, Keyed, and Collisionful Hash Functions. Technical Report. SRI-CSL-94-08. SRI International (1994)
Cooper, D.: A More Efficient Use of Delta-CRLs. Security and Privacy, 190–202 (2000)
Andre, A., Mike, J., Steve, L.: Selecting revocation solutions for PKI. In: Proceedings of The Fifth Nordic Workshop on Secure IT Systems (NORDSEC 2000), Reykjavik Iceland, pp. 360–376 (2000)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Liu, Y., Wang, Sr., Xia, Jb., Wei, J. (2005). A New United Certificate Revocation Scheme in Grid Environments. In: Zhuge, H., Fox, G.C. (eds) Grid and Cooperative Computing - GCC 2005. GCC 2005. Lecture Notes in Computer Science, vol 3795. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11590354_16
Download citation
DOI: https://doi.org/10.1007/11590354_16
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-30510-1
Online ISBN: 978-3-540-32277-1
eBook Packages: Computer ScienceComputer Science (R0)