Study Of Authentication Mechanism In Grid Computing Environments

Grid Computing is one of the most representative distributed computing models, which develops rapidly with the wide spread of Internet. Grid computing model was originally designed as a solution addressing complicated scientific computing problems. The inherent strategy of grid is to integrate all available or unoccupied resources in physically scattered locations or different autonomous domains into a virtual supercomputer. With the evolvement of theoretical research and industrial application, grid computing is able to realize the pervasive goal of"consume as you need and provide as you can"by syncretizing current standards and protocols to eliminate isolated information island. It is therefore considered more as an infrastructure for resource sharing and coordinated working in large-scale virtual organizations.Grid security is one of key issues in grid computing due to its significant importance in the application and generalization of grid technology. Grid security, also referred to as AAAA mechanism, includes grid authentication, grid authorization, grid accounting and grid auditing. Among these security problems, grid authentication, which acts like a gate to the execution of grid service, has been recognized as one of the most crucial components in grid security.Grid authentication mechanisms are traditionally based more or less on the well-known Public Key Infrastructure (PKI) and certificate techniques, which pay little attention to the exclusive dynamic and heterogeneous characteristics of grid, such as the most representative and influential grid project Globus. The Grid Security Infrastructure (GSI) of Globus fulfills secure authentication with the employment of PKI and X.509 certificates. With the development of grid computing and the diverse environment of grid application, grid security is however faced with new challenges. Traditional authentication techniques can no longer effectively satisfy the demand on grid authentication in application environments. It therefore becomes an urgent issue which necessitates new techniques to address. Efforts have been made in two dimensions: one is cryptography-based dimension, to continue theoretical research in authentication related cryptography, in pursuit of an optimized model of PKI or new mechanisms which may realize secure or efficient authentication behavior to replace PKI. The other is trust-based dimension, to apply new techniques such as theory of trust mechanism into realization of behavior authentication.This dissertation is to address grid authentication mechanism in grid computing environments. With a critical analysis of new challenges to grid security and key issues that grid authentication has to accommodate, it is to be proposed that grid authentication should focus on both identity authentication and behavior authentication. Main research work can be categorized into following two parts:One part is research work in the field of identity authentication. This dissertation addresses identity authentication by a systematic analysis and a further research work in the field of cryptography, especially on encryption and signature schemes which can be adapted to grid authentication. Aiming at an improvement of PKI-based grid authentication efficiency and the resolvation of some existing problems in GSI authentication, Chapter 2 proposes a Two-Step Mobile Agent Based (TSMAB) grid authentication model by the employment of mobile agent technology. Chapter 3 tries to address grid identity authentication with identity based cryptography (IBC). After presenting a new identity based signature (IBS) scheme, an IBC-based grid authentication model is proposed. Chapter 4 endeavors to design a grid authentication mechanism based upon combined public key (CPK) cryptography. With the adoption of elliptic curve cryptography (ECC), a CPK-based grid authentication mechanism is constructed successfully.The other part is research work related to behavior authentication. To address behavior authentication in grid environments, Chapter 5 borrows the idea of autonomous trust negotiation (ATN) and adapts it to grid authentication. A novel trust negotiation-based mechanism for grid authentication is proposed in this Chapter. In the meantime, Chapter 6 aims to realize behavior authentication with trust models. After enriching trust with new meaning in grid settings, a trust enhanced grid behavior authentication mechanism (TEGBAM) is proposed, resulting in a dynamic establishment of trust relationship between grid entities. In order to realize efficient surveillance of all entities'behaviors, traditional assumption of a trusted third party is abolished and trust is expanded to trust on grid entity and trust on third party. Further, to guarantee a fine-grained trust evaluation on grid entity, trust is classified into trust as service consumer and trust as service provider. Based on TEGBAM, Chapter 6 also presents potential solution to the integration of identity authentication with behavior authentication. At the end of Chapter 6, architecture for a trusted computing-based grid trust platform is constructed. With the employment of mobile agent technology, a prototype for grid trust platform is also designed. Procedure of trust-based grid service exemplifies the validity, advancement, and initiative for the integration of trusted computing technology, trust mechanism and mobile agent technology into the construction of grid trust platform.