Research On Secure Authentication Mechanism Of Multi-user Collaboration In Grid

Grid computing is a new net computing technic, which has important innovativethinking and great evolution potential. It has taken lots of attentions of the academeand the enterprises. As the base of grid computing, the important of grid securityspeak for itself. The ID authentication is standing on a high position on securitysystem. It is the base of security. Once the authentication system broken, the othersecure mechanism will have no means. Authentication technic provides guarantee ofsomebody or something.Because the grid is large-scale, complicated, dynamic, the Authentication of thegrid became more difficult. Nowadays, the grid security authentication has used theX.509 proxy certificates mechanism. The distinct characteristic is every entity, whichowns proxy certificate, can vise proxy certificate to the other one based on itscertificate property. As the application of resourse accumulated, it will form a proxycertificate chain that origins from the applicant of the grid application. Comparingwith other mechanism such as password authentication or Kerberos, the X.509 proxycertificates mechanism will fit the grid much better on the dynamic and the uncertainaspects. However, the middle nodes of grid task chains will break when the proxycertificates chains broken for some reasons. It has no suitable methods to solve thisproblem. This thesis does research on Security Authentication in Grid. It analyzescurrent anthentication mechanisms include Kerberos and X.509 proxy certificate,emphasizes the X.509 proxy certificates mechanism using in grid authentication andproxy certificates chains mechanism. It points out the limitation of current grid proxycertificates chain mechanism that the proxy certificates chains will broken when themiddle node of grid task chains broken. It brings forward the improving project forgrid proxy certificates, presents the description of the improved proxy certificates andit produces mechanism and validates policy, analyzes the security of improved proxycertificates mechanism. This project is based on the X.509 proxy certificate. It hasextended the property field. It also has double signature. It solves the problem ofbroken proxy certificates chain with the cost of the certificates date redundancy andthe additional management complexity. It provides the basic security authenticationfor the further research on solving the problem of the grid broken application chainproblem.