A Mediated RSA-Based End Entity Certificates Revocation Mechanism with Secure Concerned in Grid

Authors

Weifeng Sun, Dalian University of TechnologyFollow
Juanyun Wang, Dalian University of TechnologyFollow
Boxiang Dong, Montclair State UniversityFollow
Mingchu Li, Dalian University of TechnologyFollow
Zhenquan Qin, Dalian University of Technology

Document Type

Article

Publication Date

12-1-2010

Abstract

The End Entity Certificates (EECs) revocation mechanism in Grid Security Infrastructure (GSI) adopts Certificate Revocation List (CRL) currently. However, CRL is an inefficient mechanism with drawbacks of "time granularity problem" and unmanageable sizes. This paper presents a new EECs revocation mechanism MEECRM (Mediated RSA-based End Entity Certificates Revocation Mechanism) to eliminate "key escrow" problem. MEECRM combines with MyProxy - the online credential repository in Globus Tookit (GT). And some Schemes, such as HMAC, multi-SEM support and PVSS, have been introduced into MEECRM to increase the security and efficiency. MEECRM can ensure instantaneous revocation of invalid EECs in grid environments and can be used in many large-scale grid projects because of inheriting from MyProxy. Analyses also prove that MEECRM is secure.

DOI

10.4156/ijipm.vol1.issue2.13

Montclair State University Digital Commons Citation

Sun, Weifeng; Wang, Juanyun; Dong, Boxiang; Li, Mingchu; and Qin, Zhenquan, "A Mediated RSA-Based End Entity Certificates Revocation Mechanism with Secure Concerned in Grid" (2010). Department of Computer Science Faculty Scholarship and Creative Works. 39.
https://digitalcommons.montclair.edu/compusci-facpubs/39