| Grid is a compositive resource could be dynamic shared and collaborative computed by organization of leave unused resources in different places to provide super data-handling capacity. The research of grid Technology in science,national statistical, business services, and other areas has a wide prospects. The most basic problem of grid is grid security which will restrict the development of grid. Authentication, as the first line of defense of gird security, is also the most essential partment and plays an important role.The authentication technologies in traditional network are getting mature. Now Kerberos authentication mechanism and authentication mechanism based on X.509certificate are the most widely application. But the two mechanism can not be adopted for grid environment separately. So KX.509was put forward which can turn the Kerberos tickes into x.509certificate. At meantime, the diversion is one-way. Existing Grid security certificate models include:centralized CA model, multi-CA model and crossed certificate model. In order to adapt with the dynamic and real-time in grid environment, an improved model should be advanced.On the basis of research on the authentication technologies and models, this paper will design a layer-based hierarchic certificate model. This model divides the grid environment in to three layers:first trust region, second trust region and third trust region. The first trust region provides the way to turn the x.509certificate into Kerberos tickets, and the second trust region is opposite function. The third trust region is to authenticate users in the same region. In the paper, the authentication security of the Kerberos mechanism in the third trust region will be discussed, then an optimized protocol against password guessing attacks will be promoted by adopting a new and independent way of the user’s passwords to generate the secret key. At last, the security of the improved protocol can be verified advanced based on the test experiment and theoretical analysis. |
PDF Full Text Request