Research Of Grid Authentication Model Based On Kerberos And X.509

Grid is information application service which serves users like a supercomputer by means of using geographically widely distributed computation resources, storage resources, network resources, software resources and information resources etc. Grid technologies have extensive perspective and development scope, but researches concerning it are still on the first step. There are many key technologies which need to be solved. On one hand, the powerful functions of Grid technologies can bring great convenience to scientific researches,on the other hand, much attention must be given to the security of the grid while using the fast and convenient functions and services.Grid security is not only the first defense line, but also the most important defense line, so the authentication technology receives the attention generally. Existing Grid security certificate models include: centralized CA (Certificate Authority) model, mufti-CA model and crossed certificate model. But these models have various defects. While using centralized CA model or mufti CA model, managing certificates will be very complicated and the amount of data and update amounts are great by means of adopting general management mode of the centralized model. When adopting crossed certificate model, the selection of the path will arises.This thesis researches and designs a certificate model based on X.509 and Kerberos. In this model, terminal user certificate's promulgation is similar with the management to the central model, some independent authentication center carries on issues, and goes upstream finally to a root authentication center, here name it the second-level trust territory, has own certificate strategy and the authentication mechanism in this trust territory, like X.509 authentication and Kerberos authentication; In order to enable the different authentication mechanism between the grid territory user to be possible to visit mutually, composes a first-level trust territory the grid environment's in second-level trust territory, the first-level trust territory does not participate in the terminal user and intermediate level CA certificate promulgation with the supervisory work, only carries on the certificate to the second-level trust territory's root authentication center to issue and to manage, carries on the first-level trust territory based on the X.509 PKI authentication.This model has designed grid isomerism domain authentication model based on Kerberos and the X.509. This model including the security policy, the authentication agreement, the working pattern and the module and the authentication technology's design, makes authentication more convenient and safe in grid isomerism territory.The authentication model has not only solved many questions between the centralized certificate model and the crossed certificate model, but also solved user's authentication between grid isomerism territories which based on Kerberos and X.509.