- 期刊
A Novel Certificate-based Authentication Hybrid Broker Model Using Multi-party Key Agreement in Data Grids
運用於資料網格中多方密鑰協議之憑證認證及授權之混合式資源代理模型
摘要
資料協同配置(Co-allocation)架構,實現了可透過網路同時傳輸從多個站台平行下載檔案資源,以達到共享的目的,此一新開發的技術,利用多個副本透過建立多個連接並聯以進行檔案資料下載。從而提高了單一伺服器的傳輸效率,進而緩解網路擁塞問題。在我們之前提出以協同配置(Co-allocation)和提供資源代理功能為基礎的增強式動態預測調整機制模型(Anticipative Recursively Adjusting Mechanism plus:ARAM+)中,已包含服務分配,資源發現,作業調度,作業監控和資料存取等機制;然而,此一架構所面臨最大的挑戰,在於使用傳統的公開金鑰基礎結構(PKI)作為網格群組間成員之認證機制,換句話說,它只能做到網格間(inter-grid)的通訊安全,對於網格內(intra-grid)的內部攻擊(internal attacks)則無法抵擋。為了克服以上問題,我們提出一個新的透過多方密鑰協議,以憑證授權和認證為基礎之混合式資源代理模型的協同分配傳輸網格架構。我們設計了一個所謂的資源中介代理,稱為“Resource broker ”,當每次動態資源群組形成時便自動產生,並負責群組成員監督及工作分配以分擔資源中介(Service broker)的工作量。此外,我們還提出了“多方密鑰協議協定”提供一個安全的內部網路資源中介的溝通。實驗結果證明,我們的方法提供了更可靠的性能與各種負載服務,以及克服了單一資源中介故障與各種可能的攻擊。
並列摘要
Several recent studies have demonstrated that co-allocation techniques can improve network bandwidth and network transfer times by concurrently utilizing as many data grid replicas as possible. In our previous work, the anticipative recursively adjusting mechanism plus (ARAM+) model, It was based on co-allocation strategies and decentralized service broker, which provide comprehensive capabilities of data access for users' application. Although most of current grid systems use traditional PKI to authenticate grid members as also to secure resource allocation to them, it only provides the security of inter-grid communication. However, the challenges of co-allocation architectures continue to lie in the secured intra-grid communication against internal attacks. It is presented in this paper a new certificate-based authentication hybrid broker model by using multi-party key agreement for redundant parallel file transfer in ARAM+ model, where we designed and implemented service broker agent called ”resource broker”, that takes over the works of job monitoring of the service broker for each dynamic resource-group. Moreover, the multi-party key agreement protocol is used to provide security services for resource-group communications. Experimental results show that our approach achieves dependable performance with various loads of services, broker failures and possible attacks.
參考文獻
延伸閱讀
- Chen, W. C. (2020). 基於霧運算架構之可證明安全性的團體密鑰建立協議 [master's thesis, National Taiwan University]. Airiti Library. https://doi.org/10.6342/NTU202002402
- Lin, I. H. (2010). 一種動態的金鑰管理及備用雙層資料匯集網格無線感測網路之研究 [master's thesis, Chaoyang University of Technology]. Airiti Library. https://www.airitilibrary.com/Article/Detail?DocID=U0078-2611201410130881
- Shiau, S. H. (2007). 適用於多伺服系統的高效率具鑑別性共同密鑰產生技術之研究 [doctoral dissertation, Tamkang University]. Airiti Library. https://doi.org/10.6846/TKU.2007.00442
- NGUYEN, N. T. (2018). 針對公開通訊網路之不可追蹤的多因子認證金鑰協定 [doctoral dissertation, Feng Chia University]. Airiti Library. https://doi.org/10.6341/fcu.P0047951