Analyses And Research On Grid Security Based On PKI Technology

With the development of science technology rapidly, computer communication and micro-electronics technology are promoting the information revolution which has the trait of network, digital. All kinds of activities in society are increasingly depending on information network. With grid computation have been investigated deeply, grid built by based on the theory of grid computation has already become one of the new critic technique of network which has taken place of the old one gradually. Therefore, the subsequent problem is how to safeguard the secure communication in grid. It need offer these fundamental secure service, such as,authentication and integrity and so on.The aim of this paper is to investigare the way to safeguard grid security on the bases of the prevalent PKI at present. After the conception, standard, content of PKI and grid were understood fully, a scheme for safeguarding the security of grid has been given.In this scheme bridge trust model is used to make rootCA of authentication system achieve cross certification each other, and distribute the functionCA to two servers. One is to sign certification off-line (the means can prevent malicious attack effectively).The other is to publish information on the line and accomplish other on-line service of CA. In addition, the LDAP sever is designed to devide two layers in the scheme.The LDAP is placed in rootCA and functionLDAP is in every VO.The design can effectively enhance speed of the retrieve/download.An improved project on certificate revocation search is offered in the paper. There is a problem on certificate revocation search in certification management of PKI(After revocated certificate enter CRL, because users need know whether the certificate owner communicating themselves is credible and whether certificate is revocated status). Generally, the users compare certificate serial number with those numbers in CRL word for word. But the way leads to slow retrieving and low efficiency. According to the point, the search way is bettered in the paper. The improved way is to make certificate serial number accomplish Quick Sort and form an Index Table, to achieve index sequential search by the software. Thus, the means can enhance the speed of revocation certificate search and efficiency, and to be convenient to the users...