Hoon Wei Lim (2006) On the Application of Identity-Based Cryptography in Grid Security.
Full text access: Open
This thesis examines the application of identity-based cryptography (IBC) in designing security infrastructures for grid applications. In this thesis, we propose a fully identity-based key infrastructure for grid (IKIG). Our proposal exploits some interesting properties of hierarchical identity-based cryptography (HIBC) to replicate security services provided by the grid security infrastructure (GSI) in the Globus Toolkit. The GSI is based on public key infrastructure (PKI) that supports standard X.509 certificates and proxy certificates. Since our proposal is certificate-free and has small key sizes, it offers a more lightweight approach to key management than the GSI. We also develop a one-pass delegation protocol that makes use of HIBC properties. This combination of lightweight key management and efficient delegation protocol has better scalability than the existing PKI-based approach to grid security. Despite the advantages that IKIG offers, key escrow remains an issue which may not be desirable for certain grid applications. Therefore, we present an alternative identity-based approach called dynamic key infrastructure for grid (DKIG). Our DKIG proposal combines both identity-based techniques and the conventional PKI approach. In this hybrid setting, each user publishes a fixed parameter set through a standard X.509 certificate. Although X.509 certificates are involved in DKIG, it is still more lightweight than the GSI as it enables the derivation of both long-term and proxy credentials on-the-fly based only on a fixed certificate. We also revisit the notion of secret public keys which was originally used as a cryptographic technique for designing secure password-based authenticated key establishment protocols. We introduce new password-based protocols using identity-based secret public keys. Our identity-based techniques can be integrated naturally with the standard TLS handshake protocol. We then discuss how this TLS-like identity-based secret public key protocol can be applied to securing interactions between users and credential storage systems, such as MyProxy, within grid environments.
This is a Published version This version's date is: 02/05/2006 This item is peer reviewed
https://repository.royalholloway.ac.uk/items/08ce37d7-7b99-3d52-b6ea-c7d1a0a81015/1/
Deposited by () on 12-Jul-2010 in Royal Holloway Research Online.Last modified on 13-Dec-2010
[1] M. Abdalla, O. Chevassut, and D. Pointcheval. One-time veri¯er-based en-crypted key exchange. In S. Vaudenay, editor, Proceedings of the 8th Interna-tional Workshop on Theory and Practice in Public Key Cryptography - PKC2005, pages 47{64. Springer-Verlag LNCS 3386, 2005.
[2] M. Abdalla, P. Fouque, and D. Pointcheval. Password-based authenticatedkey exchange in the three-party setting. In S. Vaudenay, editor, Proceedings of the 8th International Workshop on Theory and Practice in Public Key Cryp-tography - PKC 2005, pages 65{84. Springer-Verlag LNCS 3386, 2005.
[3] M. Abdalla and D. Pointcheval. Simple password-based encrypted key ex-change protocols. In A. Menezes, editor, Proceedings of the RSA Conference:Topics in Cryptology - the Cryptographers' Track (CT-RSA 2005), pages 191{208. Springer-Verlag LNCS 3376, 2005.
[4] M. Abe and T. Okamoto. A signature scheme with message recovery as secureas discrete logarithm. In K. Lam, E. Okamoto, and C. Xing, editors, Advancesin Cryptology - Proceedings of ASIACRYPT 1999, pages 378{389. Springer-Verlag LNCS 1716, 1999.
[5] S.S. Al-Riyami and K.G. Paterson. Certi¯cateless public key cryptography. InC.S. Laih, editor, Advances in Cryptology - Proceedings of ASIACRYPT 2003,pages 452{473. Springer-Verlag LNCS 2894, 2003.
[6] S.S. Al-Riyami and K.G. Paterson. Tripartite authenticated key agreementprotocols from pairings. In K.G. Paterson, editor, Proceedings of the 9thIMA International Conference on Cryptography and Coding, pages 332{359.Springer-Verlag LNCS 2898, 2003.
[7] J. Almond and D. Snelling. UNICORE: Uniform access to supercomputingas an element of electronic commerce. Future Generation Computer Systems,15(5-6):539{548, October 1999.
[8] J. Astalos, R. Cecchini, B. Coghlan, R. Cowles, U. Epting, T. Genovese,J. Gomes, D. Groep, M. Gug, A. Hanushevsky, M. Helm, J. Jensen, C. Kanel-lopoulos, D. Kelsey, R. Marco, I. Neilson, S. Nicoud, D. O'Callaghan, D. Ques-nel, I. Schae®ner, L. Shamardin, D. Skow, M. Sova, A. WÄaÄanÄanen, and P. Wol-niewiczand W. Xing. International Grid CA interworking, peer review andpolicy manangement through the European DataGrid Certi¯cation AuthorityCoordination Group. In P.M.A. Sloot, A.G. Hoekstra, T. Priol, A. Reinefeld,and M. Bubak, editors, Proceedings of the European Grid Conference (EGC2005), pages 285{294. Springer-Verlag LNCS 3470, 2005.
[9] E. Barker, W. Barker, W. Burr, W. Polk, and Miles Smid, editors. Recomen-dation for Key Management Part 1: General. NIST Special Publication 800-57, August 2005. Available at http://csrc.nist.gov/publications/nistpubs/800-57/SP800-57-Part1.pdf, last accessed in January 2006.
[10] P. S. L. M. Barreto, S. D. Galbraith, C. ¶O ¶hEigeartaigh, and M. Scott.E±cient Pairing Computation on Supersingular Abelian Varieties. Cryp-tology ePrint Archive, Report 2004/375, September 2005. Available athttp://eprint.iacr.org/2004/375.
[11] P.S.L.M. Barreto. The Pairing-Based Crypto Lounge. Availableat http://paginas.terra.com.br/informatica/paulobarreto/pblounge.html, lastaccessed in November 2005.
[12] P.S.L.M. Barreto, H.Y. Kim, B. Lynn, and M. Scott. E±cient algorithms forpairing-based cryptosystems. In M. Yung, editor, Advances in Cryptology -Proceedings of CRYPTO 2002, pages 354{368. Springer-Verlag LNCS 2442,2002.
[13] P.S.L.M. Barreto, B. Lynn, and M. Scott. Constructing elliptic curves with prescribed embedding degrees. In S. Cimato, C. Galdi, and G. Persiano, editors, Proceedings of the 3rd International Conference on Security in Commu-nication Networks (SCN 2002), pages 263{273. Springer-Verlag LNCS 2576,2002.
[14] P.S.L.M. Barreto, B. Lynn, and M. Scott. On the selection of pairing-friendlygroups. In M. Matsui and R. Zuccherato, editors, Proceedings of the 10thInternational Workshop on Selected Areas in Cryptography(SAC 2003), pages17{25. Springer-Verlag LNCS 3006, 2004.
[15] J. Basney, M. Humphrey, and V. Welch. The MyProxy online credentialrepository. Journal of Software: Practice and Experience, 35(9):817{826, July2005.
[16] M. Bellare, A. Boldyreva, A. Desai, and D. Pointcheval. Key-privacy in public-key encryption. In C. Boyd, editor, Advances in Cryptology - Proceedings ofASIACRYPT 2001, pages 566{582. Springer-Verlag LNCS 2248, 2001.
[17] M. Bellare, D. Pointcheval, and P. Rogaway. Authenticated key exchangesecure against dictionary attacks. In B. Preneel, editor, Advances in Cryptology- Proceedings of EUROCRYPT 2000, pages 139{155. Springer-Verlag LNCS1807, 2000.
[18] M. Bellare and P. Rogaway. Optimal asymmetric encryption { how to encryptwith RSA. In A.D. Santis, editor, Advances in Cryptology - Proceedings ofEUROCRYPT '94, pages 92{111. Springer-Verlag LNCS 950, 1995.
[19] M. Bellare and P. Rogaway. The AuthA Protocol for Password-Based Authen-ticated Key Exchange. Contribution to IEEE P1363, March 2000.
[20] M. Bellare and M. Yung. Certifying permutations. Journal of Cryptology,9(1):149{166, 1996.
[21] S.M. Bellovin and M. Merritt. Encrypted key exchange: Password-based pro-tocols secure against dictionary attacks. In Proceedings of the 1992 IEEESymposium on Security and Privacy, pages 72{84. IEEE Computer SocietyPress, 1992.
[22] S.M. Bellovin and M. Merritt. Augmented encrypted key exchange: Apassword-based protocol secure against dictionary attacks and password ¯lecompromise. In Proceedings of the 1st ACM Computer and CommunicationsSecurity Conference, pages 244{250. ACM Press, 1993.
[23] I.F. Blake, G. Seroussi, and N.P. Smart, editors. Elliptic Curve Cryptography.Cambridge University Press, LMS 265, Cambridge, 1999.
[24] S. Blake-Wilson, G. Karlinger, T. Kobayashi, and Y. Wang. Using the ellipticcurve signature algorithm (ECDSA) for XML digital signatures. The InternetEngineering Task Force (IETF), RFC 4050, April 2005.
[25] D. Boneh and M. Franklin. Identity-based encryption from the Weil pairing.In J. Kilian, editor, Advances in Cryptology - Proceedings of CRYPTO 2001,pages 213{229. Springer-Verlag LNCS 2139, 2001.
[26] D. Boneh and M. Franklin. Identity-based encryption from the Weil pairing.SIAM Journal on Computing, 32(3):586{615, 2003.
[27] D. Boneh, C. Gentry, B. Lynn, and H. Shacham. Aggregate and veri¯ably en-crypted signatures from bilinear maps. In E. Biham, editor, Advances in Cryp-tology - Proceedings of EUROCRYPT 2003, pages 416{432. Springer-VerlagLNCS 2656, 2003.
[28] D. Boneh, B. Lynn, and H. Shacham. Short signatures from the Weil pairing.In P. Gaudry and N. Gurel, editors, Advances in Cryptology - Proceedings ofASIACRYPT 2001, pages 514{532. Springer-Verlag LNCS 2248, 2001.
[29] D. Boneh, B. Lynn, and H. Shacham. Short signatures from the Weil pairing.Journal of Cryptology, 17(4):297{319, 2004.
[30] M.K. Boyarsky. Public-key cryptography and password protocols: The multi-user case. In Proceedings of the 6th ACM Computer and CommunicationsSecurity Conference, pages 63{72. ACM Press, 1999.
[31] C. Boyd and A. Mathuria. Protocols for Authentication and Key Establish-ment. Springer-Verlag, Berlin, 2003.
[32] X. Boyen. Multipurpose identity-based signcryption: A swiss army knife foridentity-based cryptography. In D. Boneh, editor, Advances in Cryptology -Proceedings of CRYPTO 2003, pages 383{399. Springer-Verlag LNCS 2729,2003.
[33] V. Boyko, P. MacKenzie, and S. Patel. Provably secure password authenticatedkey exchange using Di±e-Hellman. In B. Preneel, editor, Advances in Cryp-tology - Proceedings of EUROCRYPT 2000, pages 156{171. Springer-VerlagLNCS 1807, 2000.
[34] T. Bray, J. Paoli, C.M. Sperberg-McQueen, E. Maler, and F. Yergeau,editors.eXtensible Markup Language Version 1.0 (Third Edition), February 2004.Available at http://www.w3.org/TR/REC-xml/, last accessed in November2005.
[35] E. Bresson, O. Chevassut, and D. Pointcheval. Security proofs for an e±cient password-based key exchange. In Proceedings of the 10th ACM Computer and Communications Security Conference, pages 241{250. ACM Press, 2003.
[36] K. Brincat. On the use of RSA as a secret key cryptosystem. Designs, Codes,and Cryptography, 22(3):317{329, 2001.
[37] S. Cantor, J. Kemp, R. Philpott, and E. Maler, editors. Assertions and Proto-cols for the OASIS Security Assertion Markup Language(SAML) Version 2.0.OASIS Standard 200503, March 2005.
[38] B. Canvel, A. Hiltgen, S. Vaudenay, and M. Vuagnoux. Password intercep-tion in a SSL/TLS channel. In D. Boneh, editor, Advances in Cryptology -Proceedings of CRYPTO 2003, pages 583{599. Springer-Verlag LNCS 2729,2003.
[39] J.C. Cha and J.H. Cheon. An identity-based signature from Gap Di±e-Hellman groups. In Y.G. Desmedt, editor, Proceedings of the 6th InternationalWorkshop on Theory and Practice in Public Key Cryptography - PKC 2003,pages 18{30. Springer-Verlag LNCS 2567, 2003.
[40] D. Chaum, E.v. Heijst, and B. P¯tzmann. Cryptographically strong unde-niable signatures, unconditionally secure for the signer. In J. Feigenbaum,editor, Advances in Cryptology - Proceedings of CRYPTO'91, pages 470{484.Springer-Verlag LNCS 576, 1992.
[41] L. Chen, K. Harrison, A. Moss, D. Soldera, and N.P. Smart. Certi¯cation of public keys within an identity based system. In A.H. Chan and V. Gligor,editors, Proceedings of the 5th International Information Security Conference(ISC2002), pages 322{333. Springer-Verlag LNCS 2433, 2002.
[42] L. Chen and C. Kudla. Identity-based authenticated key agreement protocolsfrom pairings. In Proceedings of 16th IEEE Computer Security FoundationsWorkshop (CSFW'03), pages 219{233. IEEE Computer Society Press, 2003.
[43] L. Chen, H.W. Lim, and W. Mao. User-friendly grid security architectureand protocols. In Proceedings of the 13th International Workshop on SecurityProtocols 2005, to appear.
[44] R. Chinnici, J. Moreau, A. Ryman, and S. Weerawarana, editors. Web Ser-vices Description Language (WSDL) Version 2.0 Part 1: Core Language, May2005. Available at http://www.w3.org/TR/2005/WD-wsdl20-20050510/, lastaccessed in November 2005.
[45] K. Chiu, M. Govindaraju, and R. Bramley. Investigating the limits of SOAPperformance for scienti¯c computing. In Proceedings of 11th IEEE Symposiumon High Performance Distributed Computing, pages 246{254. IEEE ComputerSociety Press, 2002.
[46] D. Clark. Face-to-face with peer-to-peer networking. IEEE Computer,34(1):18{21, January 2001.
[47] C. Cocks. An identity based encryption scheme based on quadratic residues.In B. Honary, editor, Proceedings of the 8th IMA International Conference onCryptography and Coding, pages 360{363. Springer-Verlag LNCS 2260, 2001.
[48] C.R. Dalton. The NHS as a proving ground for cryptosystems. InformationSecurity Technical Report, 8(3):73{88, 2003.
[49] Y. Desmedt and J. Quisquater. Public-key systems based on the di±culty oftampering. In A.M. Odlyzko, editor, Advances in Cryptology - Proceedings ofCRYPTO'86, pages 111{117. Springer-Verlag LNCS 263, 1987.
[50] T. Dierks and C. Allen. The TLS protocol version 1.0. The Internet Engi-neering Task Force (IETF), RFC 2246, January 1999.
[51] W. Di±e and M.E. Hellman. New directions in cryptography. IEEE Transac-tions on Information Theory, 22(6):644{654, November 1976.
[52] Y. Ding and P. Horster. Undetectable on-line password guessing attacks. ACMOperating Systems Review, 29(4):77{86, 1995.
[53] D. Eastlake, J.M. Reagle, and D. Solo. (Extensible Markup Language)XML-Signature syntax and processing. The Internet Engineering Task Force(IETF), RFC 3275, March 2002.
[54] D. Eastlake and J.M. Reagle, editors. XML Encryption Syntax and Process-ing, December 2002. Available at http://www.w3.org/TR/xmlenc-core/, lastaccessed in November 2005.
[55] The Enabling Grids for E-SciencE Project. EGEE. Available athttp://public.eu-egee.org/, last accessed in November 2005.
[56] The European DataGrid Project. DataGrid. Available at http://eu-datagrid.web.cern.ch/eu-datagrid/, last accessed in November 2005.
[57] A. Fiat and A. Shamir. How to prove yourself: Practical solutions to identication and signature problems. In A.M. Odlyzko, editor, Advances in Cryptology - Proceedings of CRYPTO '86, pages 186{194. Springer-Verlag LNCS263, 1987.
[58] I. Foster. The Grid: A new infrastructure for 21st century science. Physics Today, 55(2):42{47, February 2002.
[59] I. Foster. The Grid: Computing without bounds. Scienti¯c American,288(4):78{85, April 2003.
[60] I. Foster, J. Geisler, W. Nickless, W. Smith, and S. Tuecke. Software infras-tructure for the I-WAY high performance distributed computing experiment.In Proceedings of 5th IEEE Symposium on High Performance Distributed Com-puting, pages 562{571. IEEE Computer Society Press, 1997.
[61] I. Foster and A. Iamnitchi. On death, taxes, and the convergence of Peer-to-Peer and Grid computing. In F. Kaashoek and I. Stoica, editors, Proceedings of 2nd International Workshop on Peer-to-Peer Systems (IPTPS'03), pages 118{128. Springer-Verlag LNCS 2735, 2003.
[62] I. Foster and C. Kesselman. Globus: A metacomputing infrastructure toolkit.International Journal of Supercomputing Applications, 11(2):115{128, 1997.
[63] I. Foster and C. Kesselman. Computational grids. In I. Foster and C. Kessel-man, editors, Chapter 2 of The Grid: Blueprint for a New Computing Infras-tructure, pages 15{51, San Francisco, 1999. Morgan Kaufmann.
[64] I. Foster and C. Kesselman, editors. The Grid: Blueprint for a New ComputingInfrastructure. Morgan Kaufmann, San Francisco, 1999.
[65] I. Foster and C. Kesselman. The grid in a nutshell. In J.Weglarz, J. Nabrzyski,J. Schopf, and M. Stroinski, editors, Chapter 1 of Grid Resource Management:State of the Art and Future Trends, pages 3{13, Boston, 2003. Kluwer Aca-demic.
[66] I. Foster and C. Kesselman. Concepts and architecture. In I. Foster andC. Kesselman, editors, Chapter 4 of The Grid: Blueprint for a New ComputingInfrastructure, pages 37{63, San Francisco, 2004. Elsevier.
[67] I. Foster and C. Kesselman, editors. The Grid 2: Blueprint for a New Com-puting Infrastructure. Elsevier, San Francisco, 2004.
[68] I. Foster, C. Kesselman, J.M. Nick, and S. Tuecke. The Physiology of the Grid: An Open Grid Services Architecture for Distributed Systems Integration. Open Grid Service Infrastructure Working Group, Global Grid Forum, June 2002.
[69] I. Foster, C. Kesselman, G. Tsudik, and S. Tuecke. A security architecture forcomputational Grids. In Proceedings of the 5th ACM Computer and Commu-nications Security Conference, pages 83{92. ACM Press, 1998.
[70] I. Foster, C. Kesselman, and S. Tuecke. The anatomy of the Grid: Enablingscalable virtual organizations. International Journal of High PerformanceComputing Applications, 15(3):200{222, 2001.
[71] I. Foster, C. Kesselman, and S. Tuecke. The open grid services architecture. InI. Foster and C. Kesselman, editors, Chapter 17 of The Grid: Blueprint for aNew Computing Infrastructure, pages 215{257, San Francisco, 2004. Elsevier.
[72] A.O. Freier, P. Karlton, and P.C. Kocher. Internet Draft: The SSL Pro-tocol Version 3.0. The Internet Engineering Task Force (IETF), November1996 (expired). Available at http://wp.netscape.com/eng/ssl3/draft302.txt,last accessed in November 2005.
[73] G. Frey, M. MÄuller, and H. RÄuck. The Tate pairing and the discrete logarithmapplied to elliptic curve cryptosystems. IEEE Transactions on InformationTheory, 45(5):1717{1719, July 1999.
[74] E. Fujisaki and T. Okamoto. Secure integration of asymmetric and symmetricencryption schemes. In M. Wiener, editor, Advances in Cryptology - Proceed-ings of CRYPTO'99, pages 537{554. Springer-Verlag LNCS 1666, 1999.
[75] S.D. Galbraith. Supersingular curves in cryptography. In C. Boyd, editor,Advances in Cryptology - Proceedings of ASIACRYPT 2001, pages 495{513.Springer-Verlag LNCS 2248, 2001.
[76] S.D. Galbraith. Pairings. In I.F. Blake, G. Seroussi, and N.P. Smart, editors, Chapter 9 of Advances in Elliptic Curve Cryptography, pages 183{213,Cambridge, 2005. Cambridge University Press, LMS 317.
[77] S.D. Galbraith, K. Harrison, and D. Soldera. Implementing the Tate pair-ing. In C. Fieker and D.R. Kohel, editors, Proceedings of the 5th Interna-tional Symposium on Algorithmic Number Theory (ANTS-V), pages 324{337.Springer-Verlag LNCS 2369, 2002.
[78] A. Geist, A. Beguelin, J. Dongarra, W. Jiang, R. Mancbek, and V.S. Sun-deram. PVM: Parallel Virtual Machine - A User's Guide and Tutorial forNetworked Parallel Computing. MIT Press, Cambridge, MA, 1994.
[79] C. Gentry. Certi¯cate-based encryption and the certi¯cate revocation problem.In E. Biham, editor, Advances in Cryptology - Proceedings of EUROCRYPT2003, pages 272{293. Springer-Verlag LNCS 2656, 2003.
[80] C. Gentry and A. Silverberg. Hierarchical ID-Based cryptography. InY. Zheng, editor, Advances in Cryptology - Proceedings of ASIACRYPT 2002,pages 548{566. Springer-Verlag LNCS 2501, 2002.
[81] The Globus Alliance. Globus Toolkit. Available athttp://www.globus.org/toolkit/, last accessed in November 2005.
[82] The Globus Alliance. GT 4.0 Security Features. Available athttp://www.globus.org/toolkit/docs/4.0/security/WS AA Features.html,last accessed in November 2005.
[83] The Globus Alliance. GT 4.0 WS GRAM. Available athttp://www.globus.org/toolkit/docs/4.0/execution/wsgram/, last accessed inNovember 2005.
[84] The Globus Alliance. The WS-Resource Framework. Available athttp://www.globus.org/wsrf/, last accessed in November 2005.
[85] L. Gong. Optimal authentication protocols resistant to password guessingattacks. In Proceedings of 8th IEEE Computer Security Foundations Workshop(CSFW'95), pages 24{29. IEEE Computer Society Press, 1995.
[86] L. Gong, T.M.A. Lomas, R.M. Needham, and J.H. Saltzer. Protecting poorlychosen secrets from guessing attacks. IEEE Journal on Selected Areas in Com-munications, 11(5):648{656, 1993.
[87] M. Govindaraju, A. Slominski, V. Choppella, R. Bramley, and D. Gannon.Requirements for and evaluation of RMI protocols for scienti¯c comput-ing. In Proceedings of the 2000 ACM/IEEE Conference on Supercomputing(SC2000),CD-ROM. ACM Press, November 2000.
[88] G. Graham, R. Cavanaugh, P. Couvares, A.D. Smet, and M. Livny. Distributed data analysis - federated computing for high-energy physics. In I. Foster and C. Kesselman, editors, Chapter 10 of The Grid: Blueprint for a New Computing Infrastructure, pages 135{145, San Francisco, 2004. Elsevier.
[89] GridCaf¶e. Grid Projects in the World. Available athttp://gridcafe.web.cern.ch/gridcafe/gridprojects/grid-tech.html, last ac-cessed in November 2005.
[90] GRIDtoday. Revolutionary Grid O®ers Glimpse into Future, September 2003.Available at http://www.gridtoday.com/03/0929/102012.html, last accessedin November 2005.
[91] A.S. Grimshaw, W.A. Wulf, and the Legion Team. The Legion vision ofa worldwide virtual computer. Communications of the ACM, 40(1):39{45,January 1997.
[92] M. Gudgin, M. Hadley, N. Mendelsohn, J. Moreau, and H.F. Nielsen. Sim-ple Object Access Protocol (SOAP) Version 1.2, June 2003. Available athttp://www.w3.org/TR/soap/, last accessed in November 2005.
[93] M. Gudgin and A. Nadalin, editors. Web Services Secure ConversationLanguage (WS-SecureConversation) Version1.1, February 2005. Availableat http://www-106.ibm.com/developerworks/library/speci¯cation/ws-secon/,last accessed in November 2005.
[94] M. Gudgin and A. Nadalin, editors. Web Services Trust Language(WS-Trust) Version 1.1, February 2005. Available at http://www-106.ibm.com/developerworks/library/speci¯cation/ws-trust/, last accessed inNovember 2005.
[95] L.C. Guillou and J-J. Quisquater. A \paradoxical" identity-based signature scheme resulting from zero-knowledge. In S. Goldwasser, editor, Advances in Cryptology - Proceedings of CRYPTO '88, pages 216{231. Springer-VerlagLNCS 403, 1990.
[96] S. Halevi and H. Krawczyk. Public-key cryptography and password protocols.ACM Transactions on Information and System Security, 2(3):230{268, August1999.
[97] P. Hallam-Baker and S.H. Mysore, editors. XML Key Management Speci¯ca-tion (XKMS 2.0), June 2005. Available at http://www.w3.org/TR/xkms2/,last accessed in November 2005.
[98] M.E. Hellman and S.C. Pohlig. Exponentiation Cryptographic Apparatus andMethod. U.S. Patent #4,424,414, 3 January 1984 (expired).
[99] F. Hess. E±cient identity based signature schemes based on pairings. In K. Nyberg and H. Heys, editors, Proceedings of the 9th International Workshop on Selected Areas in Cryptography (SAC 2002), pages 310{324. Springer-VerlagLNCS 2593, 2003.
[100] J. Horwitz and B. Lynn. Towards hierarchical identity-based encryption. In L.R. Knudsen, editor, Advances in Cryptology - Proceedings of EUROCRYPT2002, pages 466{481. Springer-Verlag LNCS 2332, 2002.
[101] R. Housley, W. Polk, W. Ford, and D. Solo. Internet X.509 public key infrastructure certi¯cate and certi¯cate revocation list (CRL) pro¯le. The Internet Engineering Task Force (IETF), RFC 3280, April 2002.
[102] X. Huang, L. Chen, L. Huang, and M. Li. An identity-based grid securityinfrastructure model. In R.H. Deng, F. Bao, H. Pang, and J. Zhou, edi-tors, Proceedings of the 1st International Conference on Information SecurityPractice and Experience (ISPEC 2005), pages 314{325. Springer-Verlag LNCS3439, 2005.
[103] M. Humphrey and M.R. Thompson. Security implications of typical grid computing usage scenarios. In Proceedings of the 10th IEEE International Sym-posium on High Performance Distributed Computing (HPDC-10 2001), pages95{103. IEEE Computer Society Press, August 2001.
[104] M. Humphrey, M.R. Thompson, and K.R. Jackson. Security for grids. Pro-ceedings of the IEEE, 93(3):644{652, 2005.
[105] D.P. Jablon. Strong password-only authenticated key exchange. ACM SIG-COMM Computer Communication Review, 26(5):5{26, October 1996.
[106] A. Joux. A one round protocol for tripartite Di±e-Hellman. In W. Bosma,editor, Proceedings of 4th Algorithmic Number Theory Symposium (ANTS-IV), pages 385{394. Springer-Verlag LNCS 1838, 2000.
[107] B. Kaliski. PKCS #10: Certi¯cation request syntax version 1.5. The Internet Engineering Task Force (IETF), RFC 2314, March 1998.
[108] A. Khalili, J. Katz, and W.A. Arbaugh. Toward secure key distribution in truly ad-hoc networks. In Proceedings of the 2003 Symposium on Applications andthe Internet Workshops (SAINT'03), pages 342{346. IEEE Computer SocietyPress, 2003.
[109] O. Kornievskaia, P. Honeyman, B. Doster, and K. Co®man. Kerberized cre-dential translation: A solution to web access control. In Proceedings of 10thUSENIX Security Symposium, pages 235{250, August 2001.
[110] H. Krawczyk. The order of encryption and authentication for protecting communications (or: How secure is SSL?). In J. Kilian, editor, Advances in Cryptology - Proceedings of CRYPTO 2001, pages 310{331. Springer-Verlag LNCS2139, 2001.
[111] LHC Computing Grid Project. LHC Computing Grid: DistributedProduction Environment for Physics Data Processing. Available athttp://lcg.web.cern.ch/LCG/, last accessed in November 2005.
[112] B. Libert and J-J. Quisquater. New Identity Based Signcryption Schemesfrom Pairings. Cryptology ePrint Archive, Report 2003/023, February 2003.Available at http://eprint.iacr.org/2003/023.
[113] B. Libert and J-J. Quisquater. E±cient signcryption with key privacy from gap Di±e-Hellman groups. In F. Bao, R.H. Deng, and J. Zhou, editors, Pro-ceedings of the 7th International Workshop on Theory and Practice in PublicKey Cryptography - PKC 2004, pages 187{200. Springer-Verlag LNCS 2947,2004.
[114] J.C.R. Licklider and R.W. Taylor. The computer as a communicationdevice. Science and Technology, April 1968. Reprint is available athttp://memex.org/licklider.pdf, last accessed in November 2005.
[115] H.W. Lim and K.G. Paterson. Identity-based cryptography for grid security. In H. Stockinger, R. Buyya, and R. Perrott, editors, Proceedings of the 1st IEEE International Conference on e-Science and Grid Computing (e-Science 2005), pages 395{404. IEEE Computer Society Press, 2005.
[116] H.W. Lim and K.G. Paterson. Secret public key protocols revisited. In Proceedings of the 14th International Workshop on Security Protocols 2006, toappear.
[117] H.W. Lim and M.J.B. Robshaw. On identity-based cryptography and Gridcomputing. In M. Bubak, G.D.v. Albada, P.M.A. Sloot, and J.J. Dongarra,editors, Proceedings of the 4th International Conference on ComputationalScience (ICCS 2004), pages 474{477. Springer-Verlag LNCS 3036, 2004.
[118] H.W. Lim and M.J.B. Robshaw. A dynamic key infrastructure for Grid. InP.M.A. Sloot, A.G. Hoekstra, T. Priol, A. Reinefeld, and M. Bubak, editors,Proceedings of the European Grid Conference (EGC 2005), pages 255{264.Springer-Verlag LNCS 3470, 2005.
[119] J. Linn. Generic security service application program interface version 2, update1. The Internet Engineering Task Force (IETF), RFC 2743, January 2000.
[120] T.M.A. Lomas, L. Gong, J.H. Saltzer, and R.M. Needham. Reducing risksfrom poorly chosen keys. ACM Operating Systems Review, 23(5):14{18, 1989.
[121] A. Lysyanskaya, S. Micali, L. Reyzin, and H. Shacham. Sequential aggre-gate signatures from trapdoor permutations. In C. Cachin and J. Camenisch,editors, Advances in Cryptology - Proceedings of EUROCRYPT 2004, pages74{90. Springer-Verlag LNCS 3027, 2004.
[122] J. Malone-Lee. Identity-Based Signcryption. Cryptology ePrint Archive, Report 2002/098, July 2002. Available at http://eprint.iacr.org/2002/098.
[123] W. Mao. An Identity-based Non-interactive Authentication Framework forComputational Grids. HP Lab, Technical Report HPL-2004-96, June 2004.Available at http://www.hpl.hp.com/techreports/2004/HPL-2004-96.pdf.
[124] U.M. Maurer and Y. Yacobi. A non-interactive public-key distribution system.Designs, Codes, and Cryptography, 9(3):305{316, 1996.
[125] N. McCullagh. Securing e-mail with identity-based encryption. IT Profes-sional, 7(3):61{64, May/June 2005.
[126] S. Meder, V. Welch, S. Tuecke, and D. Engert. GSS-API Extensions.Global Grid Forum (GGF) Grid Security Infrastructure Working Group, June2004. Available at http://www.ggf.org/documents/GFD.24.pdf, last accessedin November 2005.
[127] A.J. Menezes, P.C. van Oorschot, and S.A. Vanstone. Handbook of AppliedCryptography. CRC Press, Florida, 1997.
[128] P.C. Moore, W.R. Johnson, and R.J. Detry. Adapting Globus and Kerberosfor a secure ASCI Grid. In Proceedings of the 2001 ACM/IEEE Conference onSupercomputing (SC2001), CD-ROM, page 21. ACM Press, November 2001.
[129] T. Moses, editor. eXtensible Access Control Markup Language (XACML) 2.0.OASIS Standard 200502, February 2005.
[130] MPI Forum. MPI: A message-passing interface standard. International Journal of Supercomputer Applications, 8(3-4):165{414, 1994.
[131] MPI Forum. MPI2: A message-passing interface standard. International Journal of High Performance Computing Applications, 12(1-2):1{299, 1998.
[132] A. Nadalin, C. Kaler, P. Hallam-Baker, and R. Monzillo, editors. Web Services Security: SOAP Message Security 1.0 (WS-Security 2004). OASIS Standard200401, March 2004.
[133] The National e-Science Center. National e-Science. Available athttp://www.nesc.ac.uk/, last accessed in November 2005.
[134] R.M. Needham and M.D. Schroeder. Using encryption for authentication inlarge networks of computers. Communications of the ACM, 21(12):993{999,December 1978.
[135] B.C. Neuman. Proxy-based authorization and accounting for distributed systems. In Proceedings of the 13th International Conference on Distributed Computing Systems, pages 283{291, 1993.
[136] B.C. Neuman and T. Ts'o. Kerberos: An authentication service for computer networks. IEEE Communications, 32(9):33{38, September 1994.
[137] J. Novotny, S. Tuecke, and V. Welch. An online credential repository for the Grid: MyProxy. In Proceedings of the 10th IEEE International Symposium onHigh Performance Distributed Computing (HPDC-10 2001), pages 104 {111.IEEE Computer Society Press, August 2001.
[138] Object Management Group. CORBA/IIOP Speci¯cation. Available athttp://www.omg.org/technology/documents/formal/corba iiop.htm, last ac-cessed in November 2005.
[139] E. Okamoto. Key distribution systems based on identi¯cation information. In C. Pomerance, editor, Advances in Cryptology - Proceedings of CRYPTO'87,pages 194{202. Springer-Verlag LNCS 293, 1988.
[140] The OpenSSL Project. OpenSSL: The Open Source Toolkit for SSL/TLS,2005. Available at http://www.openssl.org/, last accessed in November 2005.
[141] S. Patel. Number theoretic attacks on secure password schemes. In Proceedings of the 1997 IEEE Symposium on Security and Privacy, pages 236{247. IEEE Computer Society Press, 1997.
[142] K.G. Paterson. ID-based signatures from pairings on elliptic curves. Electronics Letters, 38(18):1025{1026, 2002.
[143] K.G. Paterson. Cryptography from pairings. In I.F. Blake, G. Seroussi, and N.P. Smart, editors, Chapter 10 of Advances in Elliptic Curve Cryptography,pages 215{251, Cambridge, 2005. Cambridge University Press, LMS 317.
[144] K.G. Paterson and G. Price. A comparison between traditional public key infrastructures and identity-based cryptography. Information Security Technical Report, 8(3):57{72, 2003.
[145] L.C. Paulson. Inductive analysis of the Internet protocol TLS. ACM Transactions on Information and System Security, 2(3):332{351, August 1999.
[146] L. Pearlman, V. Welch, I. Foster, C. Kesselman, and S. Tuecke. A commu-nity authorization service for group collaboration. In Proceedings of the 3rdIEEE International Workshop on Policies for Distributed Systems and Net-works (POLICY'02), pages 50{59. IEEE Computer Society Press, June 2002.
[147] L. Pearlman, V. Welch, I. Foster, C. Kesselman, and S. Tuecke. The community authorization service: Status and future. In Proceedings of Computing in High Energy and Nuclear Physics (CHEP03), eConf, March 2003.
[148] G. Price and C.J. Mitchell. Interoperation between a conventional PKI and an ID-based infrastructure. In D. Chadwick and G. Zhao, editors, Proceedings of the 2nd European Public Key Infrastructure Workshop (EuroPKI 2005), pages 73{85. Springer-Verlag LNCS 3545, 2005.
[149] A. Rajasekar and R. Moore. Data and metadata collections for scienti¯c applications. In L.O. Hertzberger, A.G. Hoekstra, and R. Williams, editors,Proceedings of the 9th International Conference on High-Performance Com-puting and Networking, pages 72{80. Springer-Verlag LNCS 2110, 2001.
[150] B. Ramsdell, editor. S/MIME version 3 message speci¯cation. The InternetEngineering Task Force (IETF), RFC 2633, June 1999.
[151] R. Rivest, A. Shamir, and L. Adleman. A method for obtaining digital signatures and public-key cryptosystems. Communications of the ACM, 21(2):120{126, February 1978.
[152] J. Rosenberg and D. Remy. Securing Web Services with WS-Security: Demys-tifying WS-Security, WS-Policy, SAML, XML Signature, and XML Encryp-tion. Sams, Indiana, 2004.
[153] D.D. Roure, M.A. Baker, N.R. Jennings, and N.R. Shadbolt. Grid Computing: Making the Global Infrastructure a Reality, chapter 3: The Evolution of theGrid, pages 65{100. John Wiley and Sons, West Sussex, 2003.
[154] RSA Security. How fast is the RSA algorithm?, 2004. Availableat http://www.rsasecurity.com/rsalabs/node.asp?id=2215, last accessed inNovember 2005.
[155] R. Sakai, K. Ohgishi, and M. Kasahara. Cryptosystems based on pairing. In Proceedings of the 2000 Symposium on Cryptography and Information Security(SCIS 2000), January 2000.
[156] J. Schlimmer, editor. Web Services Policy Framework (WS-Security Policy), September 2004. Available at http://www-128.ibm.com/developerworks/webservices/library/speci¯cation/ws-polfram/,last accessed in August 2005.
[157] M. Scott. Computing the Tate pairing. In A. Menezes, editor, Proceedingsof the RSA Conference: Topics in Cryptology - the Cryptographers' Track(CT-RSA 2005), pages 293{304. Springer-Verlag LNCS 3376, 2005.
[158] M. Scott and P.S.L.M. Barreto. Compressed pairings. In M. Franklin, edi-tor, Advances in Cryptology - Proceedings of CRYPTO 2004, pages 140{156.Springer-Verlag LNCS 3152, 2004.
[159] A. Shamir. Identity-based cryptosystems and signature schemes. In G.R.Blakley and D. Chaum, editors, Advances in Cryptology - Proceedings ofCRYPTO'84, pages 47{53. Springer-Verlag LNCS 196, 1985.
[160] Shamus Software Ltd. MIRACL. Available at http://indigo.ie/»mscott/, last accessed in November 2005.
[161] S. Shirasuna, A. Slominski, L. Fang, and D. Gannon. Performance comparison of security mechanisms for grid services. In Proceedings of 5th IEEE/ACM International Workshop on Grid Computing (GRID2004), pages 360{364. IEEE Computer Society Press, 2004.
[162] F. Siebenlist, N. Nagaratnam, V. Welch, and C. Neuman. Security for vir-tual organizations - federating trust and policy domains. In I. Foster andC. Kesselman, editors, Chapter 21 of The Grid: Blueprint for a New Comput-ing Infrastructure, pages 353{387, San Francisco, 2004. Elsevier.
[163] N.P. Smart. An identity-based authenticated key agreement protocol basedon the Weil pairing. Electronics Letters, 38(13):630{632, 2002.
[164] D.K. Smetters and G. Durfee. Domain-based administration of identity-based cryptosystems for secure email and IPSEC. In Proceedings of 12th USENIX Security Symposium, pages 215{229, August 2003.
[165] B. Sotomayor. The Globus Toolkit 3 Programmer's Tutorial, 2004. Availableat http://gdp.globus.org/gt3-tutorial/, last accessed in November 2005.
[166] T. Stading. Secure communication in a distributed system using identity based encryption. In Proceedings of 3rd IEEE International Symposium on ClusterComputing and the Grid (CCGrid 2003), pages 414{420. IEEE Computer So-ciety Press, May 2003.
[167] Stanford University. IBE Secure Email. Available athttp://crypto.stanford.edu/ibe/, last accessed in November 2005.
[168] M. Steiner, P. Buhler, T. Eirich, and M. Waidner. Secure password-basedcipher suite for TLS. ACM Transactions on Information and System Security,4(2):134{157, May 2001.
[169] D.R. Stinson. Cryptography: Theory and Practice. Chapman & Hall/CRC,Florida, 2002.
[170] I. Stoica, R. Morris, D.R. Karger, M.F. Kaashoek, and H. Balakrishnan.Chord: A scalable peer-to-peer lookup service for internet applications. InProceedings of the ACM SIGCOMM 2001 Conference on Applications, Tech-nologies, Architectures, and Protocols for Computer Communication, pages149{160. ACM Press, 2001.
[171] H. Tanaka. A realization scheme for the identity-based cryptosystem. InC. Pomerance, editor, Advances in Cryptology - Proceedings of CRYPTO'87,pages 340{349. Springer-Verlag LNCS 293, 1988.
[172] The TeraGrid Project. TeraGrid. Available at http://www.teragrid.org/, last accessed in November 2005.
[173] M.R. Thompson and K.R. Jackson. Security issues of grid resource man-agement. In J. Weglarz, J. Nabrzyski, J. Schopf, and M. Stroinski, editors,Chapter 5 of Grid Resource Management: State of the Art and Future Trends,pages 53{69, Boston, 2003. Kluwer Academic.
[174] G. Tsudik and E.v. Herreweghen. Some remarks on protecting weak keys andpoorly chosen secrets from guessing attacks. In Proceedings of the 12th IEEESymposium on Reliable Distributed Systems (SRDS'93), pages 136{141. IEEEComputer Society Press, 1993.
[175] S. Tsuji and T. Itoh. An ID-based cryptosystem based on the discrete logarithm problem. IEEE Journal on Selected Areas in Communications, 7(4):467{473, 1989.
[176] S. Tuecke, V. Welch, D. Engert, L. Pearman, and M. Thompson. InternetX.509 public key infrastructure proxy certi¯cate pro¯le. The Internet Engi-neering Task Force (IETF), RFC 3820, June 2004.
[177] University of Wisconsin-Madison. Condor Project. Available athttp://www.cs.wisc.edu/condor/, last accessed in November 2005.
[178] S.A. Vanstone and R.J. Zuccherato. Elliptic curve cryptosystems using curves of smooth order over the ring zn. IEEE Transactions on Information Theory,43(4):1231{1237, July 1997.
[179] S. Vaudenay. Security °aws induced by CBC padding - applications to SSL,IPSEC, WTLS... In L.R. Knudsen, editor, Advances in Cryptology - Pro-ceedings of EUROCRYPT 2002, pages 534{546. Springer-Verlag LNCS 2332,2002.
[180] Voltage Security. The Voltage IBE Toolkit Overview. Available athttp://www.voltage.com/ibe dev/about ibe/overview.htm, last accessed inNovember 2005.
[181] Voltage Security. Email Security { The IBE Advantage, white paper, July2004. Available at http://www.voltage.com/whitepaper/index.htm, last ac-cessed in November 2005.
[182] Voltage Security. Voltage Security Platform Architecture, white paper, June 2004. Available at http://www.voltage.com/whitepaper/index.htm, last ac-cessed in November 2005.
[183] V.A. Vyssotsky, F.J. Corbat¶o, and R.M. Graham. Structure of the Multicssupervisor. In Proceedings of AFIPS Fall Joint Computer Conference, pages203{212. Spartan Books, 1965.
[184] D. Wagner and B. Schneier. Analysis of the SSL 3.0 protocol. In Proceedingsof 2nd USENIX Workshop on Electronic Commerce, pages 29{40, November1996.
[185] M. Wahl, T. Howes, and S. Kille. Lightweight directory access protocol (v3).The Internet Engineering Task Force (IETF), RFC 2251, December 1997.[186] V. Welch, I. Foster, C. Kesselman, O. Mulmo, L. Pearlman, S. Tuecke,J. Gawor, S. Meder, and F. Siebenlist. X.509 proxy certi¯cates for dynamicdelegation. In Proceedings of the 3rd Annual PKI R&D Workshop, pages 42{58, 2004.
[187] V. Welch, F. Siebenlist, I. Foster, J. Bresnahan, K. Czajkowski, J. Gawor,C. Kesselman, S. Meder, L. Pearlman, and S. Tuecke. Security for Grid services. In Proceedings of the 12th IEEE International Symposium on High Per-formance Distributed Computing (HPDC-12 2003), pages 48{61. IEEE Com-puter Society Press, June 2003.
[188] V. Welch, editor. Globus Toolkit version 4 Grid Security Infrastructure: A Standards Perspective. The Globus Security Team, September 2005. Availableat http://www.globus.org/toolkit/docs/4.0/security/GT4-GSI-Overview.pdf,last accessed in November 2005.
[189] H. Yoon, J.H. Cheon, and Y. Kim. Batch veri¯cations with ID-based signa-tures. In C. Park and S. Chee, editors, Proceedings of the 7th InternationalConference on Information Security and Cryptology (ICISC 2004), pages 233{248. Springer-Verlag LNCS 3506, 2005.
[190] F. Zhang, W. Susilo, and Y. Mu. Identity-based partial message recovery signatures (or how to shorten ID-based signatures). In A.S. Patrick and M. Yung,editors, Proceedings of the 9th International Conference on Financial Cryptography and Data Security (FC 2005), pages 45{56. Springer-Verlag LNCS3570, 2005.
[191] Y. Zheng. Digital signcryption or how to achieve cost(signature & encryption)¿ cost(signature) + cost(encryption). In B.S. Kaliski Jr., editor, Advancesin Cryptology - Proceedings of CRYPTO'97, pages 165{179. Springer-VerlagLNCS 1294, 1997.