Research On Grid Security Infrastructure Based On Trusted Computing

Grid Computing provides general access interfaces for users through usage of cross-domain computing and storage resources. Because of different adscription of these resources, security is very important problem in grid system. In Grid Security Infrastructure of Globus Project, a type of public key infrastructure based on X.509 certificates is used to construct the scheme of authentication and authorization. Trusted Computing innovated by Trusted Computing Group is a new security technology which consists secure storage, platform integrity measurement, attestation and inner-hardware cryptography modules. It could be used to enhance the security of GSI.A platform attestation mechanism based on terminal property is introduced to strengthen the nodes of grid virtual organization security, which mechanism adds property policy to the establishment of Virtual Organization(VO). Between trusting and untrusting members of VO a sharing model is imported to make the trusted nodes bearing more tasks. Three protocols include remote agreement; key migration and attestation are designed to assist the process. Credential repository is protected by trusted computing module in order to focus the security resource on the weakest point. In any terminal of grid, there need more methods to save private keys correlating to users'certificates. Trusted Computing can be used to enhance the security of private keys by secure storage and hardware RSA module.Research shows that grid security infrastructure based on the Trusted Computing can be achieved to improve grid system security requirements. The improvement over grid modules based on GSI gains ours ends. Calculated performance of experiment is in the acceptable range of achieving a balance between security and performance. Trusted Grid Security Infrastructure is also propitious to enhance the credibility of the current scope of application.