tificate. She then submits her job to the CryptoGrid Gatekeeper through a Globus GRAM client. The Gatekeeper verifies Alice’s signed request and checks if Alice is authorized to access the resources that CryptoGrid provides by consulting its local grid-map file. Once the check passes, Alice and the Gatekeeper perform mutual au- thentication using their respective long-term and proxy certificates. Subsequently, Alice delegates her credential to the Gatekeeper through the secure channel that they have established by signing a new proxy certificate which contains the Gate- keeper’s short-term credential. Every time Alice’s job needs to gain access to a new resource, the Gatekeeper will present this certificate to prove that it is acting on Alice’s behalf.
Based on the job description, the Gatekeeper queries a local replica catalogue to determine suitable resources to run the simulation. Once that has been located, the Gatekeeper passes on the job description to a hosting server. Before the Gatekeeper submits the job to the hosting server, it must perform mutual authentication with the server using the delegated credential from Alice. In many cases, the Gatekeeper may need to further delegate Alice’s credential to the hosting server which requires access to other resources to complete Alice’s job. For instance, the job may require additional data from a database server. Also, Alice may monitor the progress of the job and possibly change her mind about where or how it is executing. Upon completion of the job, Alice will be notified by the Gatekeeper and the results will be sent back to her. Finally the Globus GRAM client will clean-up information in the job submission scripts and remove temporary settings that coordinated the job.
2.6
Summary
We are moving into a future in which the physical location of computational re- sources does not really matter. It is believed that VOs have the potential to dra- matically change the way we use computers to solve complex and resource intensive problems. In this chapter, we have given an introduction to the fundamental con- cepts of grid computing. We also discussed the role of web services in grid computing and outlined some applications. Security issues in grid computing have been identi- fied as major challenges in making computational grids widely used infrastructures. We have examined these issues, along with the security requirements that they lead
2.6 Summary
to. We have also outlined the security technologies in use in current grid systems. To give a better view of actual grid deployment and usage, we also included some illustrations of the Globus Toolkit, its security components and an example scenario.
Chapter 3
Identity-Based Cryptography
Contents
3.1 A Short History . . . 55 3.2 Certificated-Based PKI and Identity-Based PKI . . . 57 3.3 Mathematical Preliminaries . . . 60 3.4 Identity-Based Cryptographic Primitives . . . 63 3.4.1 The Boneh-Franklin IBE Scheme . . . 63 3.4.2 The Cha-Cheon IBS Scheme . . . 65 3.4.3 The Gentry-Silverberg HIBE and HIBS Schemes . . . 65 3.4.4 The ZSM IBS Scheme with Message Recovery . . . 69 3.4.5 Signature Schemes from Pairings . . . 70 3.5 Performance and Implementation Considerations . . . . 71 3.6 Applications . . . 75 3.7 Summary . . . 78
This chapter provides a background study of identity-based cryptography. We review some basic concepts of pairings and some cryptographic primitives used in identity- based cryptosystems. We also discuss the performance and implementation issues for identity-based cryptographic schemes, which may have an impact on the practicality of the schemes. Some existing applications of identity-based cryptography are pre- sented to help in the understanding of the prospects for and benefits of identity-based cryptosystems.
3.1
A Short History
Identity-based cryptography (IBC) was first introduced by Shamir [159] in 1984. Instead of generating and using a random public/private key pair in a public key
3.1 A Short History
cryptosystem such as RSA, Shamir conceived the idea of using a user’s name or his network address as a public key, with the corresponding private component being generated by a trusted key generation centre. In fact, any type of identifier, e.g. email address, social security number, telephone number and so forth, can be used, so long it can uniquely identify the user and is readily available to the party that uses it. The main motivation for this approach is to eliminate the need for certifi- cates and the problems that they bring. Since a user’s public key is based on some publicly available information that uniquely represents the user, an identity-based cryptosystem can do away with public key directory maintenance and certificate management. Despite the novel and ambitious conception, Shamir was only able to develop an identity-based signature (IBS) scheme based on the RSA primitive. The construction of an identity-based encryption (IBE) scheme was left as an open problem. Since then, there were numerous attempts to realise Shamir’s vision of identity-based encryption, such as those in [49, 124, 139, 171, 175, 178]. However, none of these proposals were fully satisfactory. Either they did not provide adequate security or they were not feasible to implement in practical environments. Mean- while, there were further proposals for IBS schemes in [57, 95], also based on the RSA primitive.
Only in the early 2000’s did the emergence of cryptographic schemes based on pair- ings on elliptic curves result in the construction of a feasible and secure IBE scheme. This area began with the novel work of Sakai et al. [155] on pairing-based key agree- ment protocols and signature schemes, and subsequent work on the three-party key agreement protocol by Joux [106]. Boneh and Franklin [25] then presented the first practical and secure IBE scheme based on the Weil pairings. These three key con- tributions have stimulated the development of a wide range of pairing-based crypto- graphic schemes and protocols. Following the publication of [25] (an extended ver- sion appears in [26]), a number of IBS schemes [39, 99, 142] and hierarchical identity- based encryption (HIBE) and signature (HIBS) schemes [80, 100] were proposed. Also, proposals for identity-based authenticated key agreement (IAKA) protocols (e.g. [42, 163]), identity-based signcryption (IBSC) schemes (e.g. [32, 112, 122]) and many other identity-based cryptographic schemes soon appeared in the literature. It is worth noting that apart from Boneh and Franklin’s seminal work, there is also another feasible and secure solution for IBE due to Cocks [47]. The security of Cocks’ scheme is based on the Quadratic Residuosity problem. However, although