A mediated RSA-based end entity certificates revocation mechanism with secure concerned in grid

Weifeng Sun, Juanyun Wang, Boxiang Dong, Mingchu Li, Zhenquan Qin

Research output: Contribution to journalArticle

5 Citations (Scopus)

Abstract

The End Entity Certificates (EECs) revocation mechanism in Grid Security Infrastructure (GSI) adopts Certificate Revocation List (CRL) currently. However, CRL is an inefficient mechanism with drawbacks of "time granularity problem" and unmanageable sizes. This paper presents a new EECs revocation mechanism MEECRM (Mediated RSA-based End Entity Certificates Revocation Mechanism) to eliminate "key escrow" problem. MEECRM combines with MyProxy - the online credential repository in Globus Tookit (GT). And some Schemes, such as HMAC, multi-SEM support and PVSS, have been introduced into MEECRM to increase the security and efficiency. MEECRM can ensure instantaneous revocation of invalid EECs in grid environments and can be used in many large-scale grid projects because of inheriting from MyProxy. Analyses also prove that MEECRM is secure.

Original languageEnglish
Pages (from-to)103-114
Number of pages12
JournalInternational Journal of Information Processing and Management
Volume1
Issue number2
DOIs
StatePublished - 1 Dec 2010

Fingerprint

Scanning electron microscopy
Grid

Keywords

  • Certificate revocation
  • Key escrow
  • Mediated RSA
  • Security mediator

Cite this

@article{403bebfeb092433c9eed0a3e0c539e8c,
title = "A mediated RSA-based end entity certificates revocation mechanism with secure concerned in grid",
abstract = "The End Entity Certificates (EECs) revocation mechanism in Grid Security Infrastructure (GSI) adopts Certificate Revocation List (CRL) currently. However, CRL is an inefficient mechanism with drawbacks of {"}time granularity problem{"} and unmanageable sizes. This paper presents a new EECs revocation mechanism MEECRM (Mediated RSA-based End Entity Certificates Revocation Mechanism) to eliminate {"}key escrow{"} problem. MEECRM combines with MyProxy - the online credential repository in Globus Tookit (GT). And some Schemes, such as HMAC, multi-SEM support and PVSS, have been introduced into MEECRM to increase the security and efficiency. MEECRM can ensure instantaneous revocation of invalid EECs in grid environments and can be used in many large-scale grid projects because of inheriting from MyProxy. Analyses also prove that MEECRM is secure.",
keywords = "Certificate revocation, Key escrow, Mediated RSA, Security mediator",
author = "Weifeng Sun and Juanyun Wang and Boxiang Dong and Mingchu Li and Zhenquan Qin",
year = "2010",
month = "12",
day = "1",
doi = "10.4156/ijipm.vol1.issue2.13",
language = "English",
volume = "1",
pages = "103--114",
journal = "International Journal of Information Processing and Management",
issn = "2093-4009",
publisher = "Advanced Institute of Convergence Information Technology Research Center",
number = "2",

}

A mediated RSA-based end entity certificates revocation mechanism with secure concerned in grid. / Sun, Weifeng; Wang, Juanyun; Dong, Boxiang; Li, Mingchu; Qin, Zhenquan.

In: International Journal of Information Processing and Management, Vol. 1, No. 2, 01.12.2010, p. 103-114.

Research output: Contribution to journalArticle

TY - JOUR

T1 - A mediated RSA-based end entity certificates revocation mechanism with secure concerned in grid

AU - Sun, Weifeng

AU - Wang, Juanyun

AU - Dong, Boxiang

AU - Li, Mingchu

AU - Qin, Zhenquan

PY - 2010/12/1

Y1 - 2010/12/1

N2 - The End Entity Certificates (EECs) revocation mechanism in Grid Security Infrastructure (GSI) adopts Certificate Revocation List (CRL) currently. However, CRL is an inefficient mechanism with drawbacks of "time granularity problem" and unmanageable sizes. This paper presents a new EECs revocation mechanism MEECRM (Mediated RSA-based End Entity Certificates Revocation Mechanism) to eliminate "key escrow" problem. MEECRM combines with MyProxy - the online credential repository in Globus Tookit (GT). And some Schemes, such as HMAC, multi-SEM support and PVSS, have been introduced into MEECRM to increase the security and efficiency. MEECRM can ensure instantaneous revocation of invalid EECs in grid environments and can be used in many large-scale grid projects because of inheriting from MyProxy. Analyses also prove that MEECRM is secure.

AB - The End Entity Certificates (EECs) revocation mechanism in Grid Security Infrastructure (GSI) adopts Certificate Revocation List (CRL) currently. However, CRL is an inefficient mechanism with drawbacks of "time granularity problem" and unmanageable sizes. This paper presents a new EECs revocation mechanism MEECRM (Mediated RSA-based End Entity Certificates Revocation Mechanism) to eliminate "key escrow" problem. MEECRM combines with MyProxy - the online credential repository in Globus Tookit (GT). And some Schemes, such as HMAC, multi-SEM support and PVSS, have been introduced into MEECRM to increase the security and efficiency. MEECRM can ensure instantaneous revocation of invalid EECs in grid environments and can be used in many large-scale grid projects because of inheriting from MyProxy. Analyses also prove that MEECRM is secure.

KW - Certificate revocation

KW - Key escrow

KW - Mediated RSA

KW - Security mediator

UR - http://www.scopus.com/inward/record.url?scp=79952748410&partnerID=8YFLogxK

U2 - 10.4156/ijipm.vol1.issue2.13

DO - 10.4156/ijipm.vol1.issue2.13

M3 - Article

AN - SCOPUS:79952748410

VL - 1

SP - 103

EP - 114

JO - International Journal of Information Processing and Management

JF - International Journal of Information Processing and Management

SN - 2093-4009

IS - 2

ER -