Limitations

Our IKIG proposal has several limitations. Being based on IBC, IKIG inevitably inherits an escrow facility. Although a TA may not be able to forge a signature using exactly the same private components (short-term credential) chosen by a user proxy, the TA can always impersonate a user by selecting a different set of secret values and producing a valid signature that is verifiable using the user’s public key. Nevertheless, we have explained in Section 4.5.5 that integration of the MyProxy system into the GSI has introduced a similar property. This seems to be acceptable in most ongoing grid projects since there is only one or very few CAs/TAs in each nation that everyone is expected to trust. This “limited” key escrow issue will become one of the motivations for our study of dynamic key infrastructure for grid (DKIG) in the subsequent chapter.

4.9 Summary

We have shown earlier that the identity-based techniques offer a more flexible and lightweight approach in creating and using public keys. However, it is worth noting that the identity-based key revocation method does not seem to offer any clear ad- vantage over conventional public key revocation techniques. Fine-grained identifiers which make use of dates and short time periods require issuance of the matching private components regularly. Grid applications with high security requirements will still need to rely on traditional means of revoking public key certificates such as CRLs and OCSP.

Another drawback of employing IBC in our proposal is the cost of pairing com- putations. Even though IKIG is far more lightweight than the GSI in terms of communication overhead, the relatively slow pairing computations in the HIBE and HIBS schemes constrain the advantages that the proposed identity-based techniques can offer. As mentioned before, pairing-based cryptography is still relatively new compared to RSA. We believe that the performance of pairing computations will continue to improve with further research.

4.9

Summary

We have discussed at length how identity-based techniques can replace conventional PKI and be used to offer an alternative security infrastructure for grid. We proposed a TLS-supported identity-based authenticated key agreement protocol which uses only short-term keys. Our infrastructure also supports single sign-on and delega- tion in a very natural way. The overall computational overheads for our proposed identity-based key infrastructure seem to be comparable to PKI. Interestingly, the computational costs that would be incurred at the user’s client in our proposal is roughly a few times less than it is with PKI, at the expense of increased computation at the server side. This aligns well with the whole idea of grid computing to allow the user with an average- or low-end platform to “outsource” her computational tasks or operations to more powerful and high-performance servers. In terms of communication costs, our proposal appears to be significantly more lightweight and less bandwidth-consuming than PKI because of its certificate-free nature and small key sizes. This may enable the expansion of grids to service users with bandwidth- limited or low memory platforms.

Chapter 5

Dynamic Key Infrastructure for Grid

Contents

5.1 Motivation . . . 117 5.2 Overview of Dynamic Key Infrastructure for Grid . . . 117 5.3 Related Work . . . 119 5.4 Design of DKIG . . . 120 5.4.1 Single Sign-On . . . .122 5.4.2 Authorization . . . .122 5.4.3 Mutual Authentication and Key Agreement . . . .123 5.4.4 Delegation . . . .125 5.5 Key Management in DKIG . . . 127 5.5.1 Parameter Generation and TA Initialization . . . .127 5.5.2 User Registration . . . .129 5.5.3 Key Update . . . .130 5.5.4 Key Revocation . . . .130 5.6 Security Analysis . . . 131 5.6.1 Mutual Authentication and Key Agreement . . . .131 5.6.2 Delegation . . . .132 5.7 Performance Analysis . . . 132 5.8 Discussion . . . 136 5.9 Summary . . . 138

This chapter proposes an identity-based and escrow-free key infrastructure for grid applications. We introduce the concept of a dynamic key infrastructure for grid. In this approach, each entity in the system acts as his own PKG and obtains a cer- tificate from a traditional Grid CA for the corresponding public parameters. This allows support for proxying and single sign-on but removes key escrow inherent in a pure identity-based approach. We also present TLS-like authenticated key agree- ment and delegation protocols for our dynamic key infrastructure, and consider their performance in comparison with the corresponding protocols in the GSI and IKIG.

5.1 Motivation

5.1

Motivation

In the previous chapter, we learned that key escrow is inevitable in IBC. Despite that, key escrow seems to be acceptable for most current grid applications since the use of MyProxy also involves the same issue. However, we envisage that when com- putational grids become commercialised and payment is involved, key escrow that prevents strong non-repudiation1_{may become a major issue. Since IBS schemes gen-}

erally do not provide the property of strong non-repudiation, users can, for example, fraudulently deny any charges for grid resource usage.

Even though the issue of key escrow can be circumvented by introducing multiple TAs and the use of threshold cryptography, it may be unrealistic to deploy such an approach within a grid environment. In order to enable secret sharing among multiple TAs, a high degree of co-operation between these TAs is needed. They must agree on common policy and standardised mechanisms to manage the shared secret. In addition, the communicating parties must also find out in advance the set of TAs that their system uses for encryption and decryption. These and other potential restrictions seem to reduce the suitability of the secret sharing approach for a heterogenous environment such as grid. This set of problems may become harder to solve if TAs in a number of different countries are to be employed. The main objective of this chapter is to investigate a means of resolving the key escrow problem while preserving, as much as possible, the advantages that identity- based techniques offer, in particular the benefits of our IKIG proposal. Our focus, as in the previous chapter, will be on simplifying key management aspects of grid applications that rely heavily on both long-term and short-term entity credentials.