摘要
網格安全基礎設施GSI(Grid Security Infrastructure)提供了網格計算的安全環境,它是以代理憑證(Proxy Certificates)做為委任工作的鑑別。目前,代理憑證撤消方面有二種方法,一種是利用憑證撤消清單CRL(Certificate Revocation List)撤消,另一種方法是將憑證的有效期限縮短,不過由於縮短憑證的時間,代理人需經常向使用者更新憑證。然而,當要撤消的憑證過多時,將會對系統造成負擔。如果將憑證的有效期限縮短,則代理人需經常向使用者更新憑證。另外,根據委派的需求,代理憑證有個缺點。憑證持有人在簽發工作時,並未發出他的資訊,證明代理人是合法的。因此,這個計畫在網格中沒有達到安全需求中的已知的使用者和不可否認性。在本篇論文中,我們提出二個計畫來解決網格中的代理憑證撤消與安全需求中的已知的使用者和不可否認性。(1)使用代理簽章可以符合不可否認性和已知的使用者。因此,我們的計畫在網格中可以更有效率及靈活的委派。(2)使用雜湊樹做代理憑證的撤消,我們的計畫只需比較雜湊值就可將憑證撤消。上述的兩種方法需等待憑證的期限到期才能撤消。
並列摘要
GSI (Grid Security Infrastructure) provides the security in grids that it is using proxy certificates to delegate the work of authentication. At present, revocation proxy certificate has two kinds of methods, one is using CRL (Certificate Revocation List) and the other is giving the certificate a short period of validity. However, when lots of certifications will be revoked, CRL will be the burden in the system. If the certificate has a short period of validity, entities should be often updating the certificate. Furthermore, according to the requirements of delegation, proxy certificate has a shortcoming. The proxy certificate holder can not issue his own identity, and prove that he is a legal entity. Therefore, this scheme can not satisfy the security requirements of nonrepudiation and known signer in grids. In this thesis, we propose two schemes to solve proxy certificate revocation and the security requirements of nonrepudiation and known signer in grids. (1) Using proxy signature can satisfy nonrepudiation and known signer. Therefore, our scheme can more efficient and flexible for delegation in grids. (2) Using hash tree for proxy certificate revocation. Our scheme only compares hash values, to achieve the purpose of certificate revocation. Previous two schemes have to wait the expiration of the certificate.
參考文獻
延伸閱讀
- 曾耀生(2007)。以關聯式資料庫定理產生網路服務之研究〔碩士論文,國立臺北科技大學〕。華藝線上圖書館。https://www.airitilibrary.com/Article/Detail?DocID=U0006-2101200722065600
- Kebbeh, S. (2007). 針對網格基礎架構下的分散式認證與授權框架的研究 [master's thesis, National Tsing Hua University]. Airiti Library. https://www.airitilibrary.com/Article/Detail?DocID=U0016-1411200715084498
- Wang, W. J. (2012). 於資料串流上基於動態網格的分群演算法 [master's thesis, National Chiao Tung University]. Airiti Library. https://doi.org/10.6842/NCTU.2012.00937
- Chen, S. K. (2011). A 2 out of 3 Visual Multiple Secret Sharing Method Using Generalized Random Grids. 電腦學刊, 22(1), 46-54. https://www.airitilibrary.com/Article/Detail?DocID=19911599-201104-201106150095-201106150095-46-54
- Yu, Z., & Huo, L. (2015). A Practical Method for Grid Structures Damage Location. Journal of Sensors, 2015(), 306-311-027. https://doi.org/10.1155/2015/246480