Using Proxy Signature for Dynamic Delegation in Grids Chi-Tung Chen1, Ming-Tsun Lin2, and Iuon-Chang Lin3,∗ 1
Department of Distribution Management
National Chin-Yi University of Technology Taichung, Taiwan
[email protected] 2
Department of Computer Science and Information Engineering Asia University Taichung, Taiwan
[email protected] 3
Department of Management Information Systems National Chung Hsing University Taichung, Taiwan
[email protected]
Received 10 July 2009; Revised 15 August 2009; Accepted 5 September 2009
Abstract. GSI (Grid Security Infrastructure) was used proxy certificate for delegation in grid environment. However, the proxy certificate holder can not issue his own identity, not to prove that he is a known entity. Therefore, it can not satisfy the requirements of nonrepudiation and known signer in grids. In this paper, we propose a dynamic delegation scheme for grids using proxy signature. Our scheme can satisfy all the requirements of delegation. Keywords: grid computing security, proxy signature, dynamic delegation
1 Introduction “Grid” is a system that is collection of distributed resources connected by a network [13]. Grid is the different domain of node composition (In Cody et al. [7] and Dai et al. [8], they called “node” is corresponding to a computing element, may execute a set of jobs and contain a set of resources.). The name is come from “power grid”, that means using computing resources from grid would be as simple as using electrical power from electrical grid. According to Foster and Kesselman’s scheme [9], grid conforms three specific categories: .It is to coordinate resources that are not subject to centralized control. .It is to use standard, open, general purpose protocols and interfaces. .It is deliver nontrivial quality of service. Furthermore, Foster et al. [10] structured the grid architecture. It can be divided into five layers, there are fabric, connectivity, resource, collective and application, as shown in Fig. 1. The functions of each layer are specified as follows [10, 19]. .Fabric layer (interfaces to local control): This layer is to provide the lowest protocol of accessing actual resources and allow resources to be shared and utilized. .Connectivity layer (communications easily and securely): This layer is to define the communication and security protocols which are required for data transmissions between different resources in fabric layer. .Resource layer (shared single resources): This layer is to perform secure negotiation, initiation, monitoring, accounting and payment for sharing operations on individual resources. .Collective layer (coordinated multiple resources): This layer is to deal with the coordination of multiple resources by providing functions such as resource espial and scheduling. .Application layer (tools and application): This layer is to perform grid applications are implemented by utilizing services defined in any of the previous layers. As shown in Fig. 1, the APIs (Application Programming Interfaces) in the application layer can ability to directly call other APIs in the lower layers. ∗
Correspondence author
Journal of Computers Vol.20, No.3, October 2009
Fig. 1. Grid architecture of layer and mapping to the Internet protocol architecture
Grid computing [1, 2, 7, 16, 17] is a large-scale geographically distributed hardware and software infrastructure to compose of heterogeneous networked resources owning and sharing [8, 27]. It is to provide transparent, dependable, pervasive and consistent computing support to a wide range of application [4]. The different between grid computing and distributed computing is the large-scale resource sharing and using. Grid computing is coordinated resource sharing and problem solving in dynamic, multi-institution virtual organizations [10]. Therefore, grid computing is to use the internet to integration different domain of the resources together, such as PDA, servers, printers, computers, faxes, software, database, memory, CPU, databases and so on. In grid environment, a job can be distributed in different domain. In simple terms, grid computing is integration different domain of resources to become a virtual organization (VO), the members in the VO, can be dynamic sharing and use of resources. In grid computing environment, grid is to coordinate resource sharing and solving problem dynamically. If users have to manually authenticate each resource, it will be overly burdensome. Therefore, grid must have two basic functions: delegation and single sign on. .Delegation: According to Snelling et al.’s definition [25], delegation is a process whereby one entity on the grid (usually is an end-user, an original user or an agent) grants the rights to another entity (such as a grid gateway or a resource broker) on the grid (usually is a process) to perform actions on the entity’s behalf. Furthermore, delegation can be classified into static delegation and dynamic delegation. -Static delegation: It occurs when the authorized actions are known in advance of the delegation, so the delegation can be limited to just the required actions and no more. -Dynamic delegation: The actions are not known at the time of task started. It can support the runtime selection of the machine or site on which to run a task and was done. .Single sign-on: In grid environment, single jobs often coordinate and communicate with multiple resources. If users have to manually authenticate every resource, which will be cumbersome. Therefore, user should authenticate with the first resource and then does not authenticate with other resources. Apart from the delegation and single sign-on, it also has to satisfy other necessary security requirements. Delegation is the indirect authorization mechanism. Original user can delegate his rights to an entity, then, the entity can authenticates other resource on behalf of original user. However, when the original user delegates his rights to the entity, the following security requirements have to been satisfied. (i) Original user should prevent own private key from leak out. (ii) After finishing the job, original user and entity can’t deny the job. (iii) The entity’s private key is available in a certain period. (iv) Entities can not hide their identity, so we can check the validity of each entity. Furthermore, in the grid, we have to prevent resources or data from invasion or modify and provide the confidentiality of computing resources. According to the security concept of dynamic delegation [16] and grid security [14, 17], we have to provide confidentiality for resources and data [5, 7, 16, 20, 27] in grid environment. Therefore, the following security requirements have to be satisfied. .Authentication: Users and resources need to be authenticated to prove that they are legitimate. .Confidentiality and integrity: Like with other standard distributed systems, how to protect of sensitive information from exposure to unintended parties is an important issue. We should provide data privacy and data integrity protection, to prevent from unauthorized and undetectable modification by malicious parties [19]. .Secrecy: The original user’s private key is very important, so it must be keep security. If the original user’s private key compromise, the system will be completely damaged. Therefore, we must protect the user’s private key, to avoid being leaked. 10
Chen et al: Using Proxy Signature for Dynamic Delegation in Grids
.Unforgeability: Only the valid entity can use valid proxy key to authenticate resources, and proxy key can not be forged by others. .Time constraint: When original user delegates the rights to an entity, user will give a certificate (or a proxy key pair) to entity. The entity can use certificate to prove the validity. However, each certificate life span should be limited. When the expiration, certificate will expire automatically. Furthermore, if the work is completed, certificate should be withdrawn to prevent data from changes. .Nonrepudiation: When the entity signs the job with proxy key, original user and entity can’t deny have signed the job. .Known signer: System can confirm that the proxy key is issued by a legitimate entity. There are two kinds of common delegation models, UNICORE model and GSI model. UNICORE model is static delegation [11, 12, 25]. Snelling et al. [25] define that UNICORE’s secure connection is based on the same X.509 certificates to use for identifying original users and servers. When a job is created, the entire job must be signed by the original user. Before the job is submitted, the original user describes the steps that a job will take, including the resources required to execute each step. However, when the job needs other resources, it could not be completed. Therefore, it is no support for dynamic grid functions. GSI model is dynamic delegation, but it does not send any document to prove that he is a known entity. Because certificate is only a document, to prove entity have validity to use resource. User is still using his own private key to sign the job. It does not have any documents to prove entity’s identity. Moreover, when the proxy certificate holder denied that he certified the work, we can not be refuted. Therefore, it can not satisfy the security requirements of nonrepudiation and known signer. In this paper, we apply the proxy signature [3, 6, 15, 16, 24] to satisfy the dynamic delegation and single signon in grid environment. When the original user delegates the right to the entity, the entity can generate a valid signature on behalf of the original user. For example, in a company, president usually is using his signature to sign documents. However, when president is traveling on business or on vacation, he can delegate his signature to a proxy signer. In traveling on business or on vacation during, proxy signer can to sign documents on behalf of the president. In addition, proxy signature can be classified into three modes (1, n), (t, n) and (n, n) [6, 15, 16]. (1, n) is when the original user authorization to n proxy signer, one of them can generate a valid proxy signature.(t, n) is in the n proxy signer need t or more proxy signers of them can be generate a valid proxy signature. Furthermore, when (t- 1) proxy signers cannot generate the valid signature. Finally, the (n, n) is need all proxy signer agree, can generate the valid proxy signature. Then, we will apply the technique of (1, 1) proxy signature to satisfy the dynamic delegation and single sign on in grid environment. We propose a dynamic delegation scheme using proxy signature. The different between GSI model and proxy signature is that GSI model is using certificate to delegate. And our scheme is using signature to delegate. Our scheme can satisfy all the security requirements. In our scheme, entity will issue its own identity, to demonstrate the proxy signer’s identity. Resources according to entity’s identity can be judged is known entity. Furthermore, because entity has to issue his identity, he can not deny his own signature. We can to satisfy the requirements of nonrepudiation and known signer. Therefore, our scheme cans more e±ciency and security than GSI. Our paper of organization as follows: In Section 2, we explain GSI model of the process and why can not cover proxy protected. In Section 3, we propose a proxy signature mechanism for dynamic delegation in grid environment, and it can satisfy all the requirements of dynamic delegation. In Section 4, analysis of our proposed scheme and we compare our scheme with GSI model. Finally, we summarize in last section.
Fig. 2. The proxy certificates of trust chain
11
Journal of Computers Vol.20, No.3, October 2009
2 Related Work In this section, we specify the concepts of GSI and proxy certificate. The Globus Toolkit uses Grid Security Infrastructure (GSI) to protect grid computing security. GSI is base on Public Key Infrastructure (PKI) [28] and apply of Secure Socket Layer (SSL) protocol / Transport Layer Security (TLS) to provide the security communications between the grids and users. Furthermore, GSI applied X.509 proxy certificate [5, 7, 19, 20, 21, 22] to satisfy the delegation and single sign-on. Therefore, GSI provided security facilities for grid computing. Proxy certificate is base on X.509. The different between public key certificates and proxy certificate is the issued entities. Public key certificate is issued by CA and proxy certificate is issued by public key certificate or another proxy certificate. In Fig. 2, it illustrates the relationship of CA, user and proxies. CA sign and issue a certificate to a user, user can use the certificate to sign and issue a proxy certificate to proxy A. Then proxy A also can use the proxy certificate to sign and issue proxy certificate to proxy B. We can say the relationship is a trust chain. Therefore, we can say the proxy certificate is issued by the public key certificate or another proxy certificate. It is not issued by certification authority (CA)[18, 21, 23, 25, 26]. We will to explain how to create proxy certificate of steps in next paragraph [18, 23, 26], and the steps are shown in Fig. 3.
Fig. 3. Delegation of a proxy certificate of the steps
1. The original user on host A connects to the entity on host B. The original user and entity perform mutual authentication. The original user uses its existing proxy certificate and the entity to use the public key certificate of its own (not shown). After that an integrity channel is established. However, the step can be accomplished by using the SSL/TLS protocol. 2. After the original user to explain request, entity generates a new key pair (including public and private key). 3. Entity creates a certificate request and sends it to the original user through a secured channel. 4. Original user uses his own private key and proxy certificate to sign the request of certificate, and produce a new proxy certificate (including entity’s the public key), and original user fills in appropriate values for the fields in the proxy certificate. As well as a policy describes the rights he wishes to delegate. 5. After generating the new proxy certificate, original user sends it back to entity through a secured channel. Then, the entity sets the new proxy certificate and new private key to a secure site. Finally, entity uses the proxy certificate to delegate on behalf of original user. When the entity gets the proxy certificate, the entity can use the proxy certificate to carry job in resources. However, proxy certificate is just a document. In fact, the entity is to use his private key to sign a job. It does not have to issue certificate to prove the entity’s identity. When original user issued proxy certificates to a number of entities, one of them uses his private key to sign an illegal job, we can not to determine which one entity is issued. Therefore, it can not be satisfied the requirement of nonrepudiation and known signer.
3 Our Scheme In this section, we propose a scheme that used proxy signature for dynamic delegation, following is the implementation process of our scheme. 12
Chen et al: Using Proxy Signature for Dynamic Delegation in Grids
We first define the symbols representative of meaning. U0: original user. U1: proxy signer. H( ): one-way hash function. ID1: the identity of U1. mw: proxy signer license information, including the period. e0: U0’s public key. d0: U0’s private key. N0 = p0 × q0. U1 uses RSA to generate a new key pair: 1. U1 computes N1 = p1 × q1 and φ(N1) = (p1- 1) × (q1- 1), the p1 and q1 are two large prime numbers. 2. U1 chooses a large number e1 and coprime with φ(N1), and 1 < e1 < φ(N1). 3. U1 chooses d1, such that e1 × d1 ≡ 1 (mod φ(N1)). 4. Finally, e1 is U1’s public key and d1 is U1’s private key. Our scheme will be divided into three phases: generation, delegation and verification. 3.1 Generation U0 will be delegating his rights to the proxy signer, let proxy signer can authenticate to other resources on behalf of U0. 1. Proxy generation: U0 generates the proxy signing keys D and K, and proxy verification key E, where D = d0H(mw) mod φ(N0), K = ( H(mw))D mod (N0), and E = e0 H(mw) mod φ(N0). Then, U0 issues { mw, E, (H (mw║E))d0 mod N0} to resources and sends ((H(K1)) d0 mod N0║K1 )e1 mod N1 to the proxy signer U1. 2. When the proxy signer U1 gets ((H(K1)) d0 mod N0║K1 )e1 mod N1, U1 can use his private key d1 to decrypt it, and then K1 and ((H(K1))d0 mod N0 can be obtained. And U1 can use U0’s public key e0 to check the equation ((H(K1)) d0 mod N0)e0 = H(K1). Finally, the proxy signing key K1 has to be kept secret by the proxy signer U1. 3.2
Delegation
The proxy signer U1 will use proxy key to access the job in resources on behalf of U0. The U1 computes x1 = (H(ID1║m)) d1 mod N1 and S1 = (K1)H(m) mod N0 Finally, {x1, S1} is the proxy signature of message m. 3.3
Verification
After the proxy signer U1 to sign a message m, the resources to receive the proxy signature of m, it must be verified by the proxy signer U1. 1. The resources check the proxy verification key E by computing ((H(mw ║ E))d0 mod N0)e0 mod N0 = H(mw ║ E), to verify whether mw is valid or not. If the equation is equal, it means the valid period of time, U1’s right is validity. If the valid period has expired, the proxy verification key E is invalid. 2. If the resources can compute x1 e1 mod N1 = H(ID1║ m), to verify {x1, S1} is the proxy signature of message m. 3. If S1E mod N0 = H(mw)H(m) mod N0, the resources confirms the proxy signature S1 for message m is valid and to agree U1 to authenticate with resources on behalf of the original user U0. In our scheme, the proxy signer U1 will issue his own identity, to demonstrate U1’s identity. Then, resources according to U1’s identity can identify the signer. And U1 can not deny his identity. Therefore, our scheme can satisfy the requirements of nonrepudiation and known signer.
13
Journal of Computers Vol.20, No.3, October 2009
4 Discussions In this section, we analyze the security of our scheme and compare our scheme with GSI model. .Authentication. In Section.3.3, resources compute the verification key E, ((H(mw ║ E))d0 mod N0)e0 mod N0 = H(mw ║ E). If the equation is equal, it means the U1 is valid. .Confidentiality and integrity. When U1 signed {x1, S1} of message m to resource, resource will check x1 e1 mod N1 = H(ID1 ║ m). If the equality is equal, that means message m has not been revised while transporting. .Secrecy. In our scheme, the original user and proxy signer are using RSA cryptosystem. In RSA scheme, the private key d and φ(N) must be kept secret. From the public key, no one can derive the corresponding private key. Furthermore, we also cannot compute the original signer’s private key from the proxy signing keys D = d0 H(mw) mod φ(N0) and K = (H(mw))D mod (N0), because the parameters d0 and φ(N0) are unknown. Therefore, in our scheme, the original signer’s private key can be kept secret. .Unforgeability. Every the proxy signer has a unique identity, when the proxy signer issued a proxy signature, he will send his identity. Furthermore, the proxy signer issued x1, where the x1 = (H(ID1 ║ m))d1 mod N1, x1 is created by the proxy signer’s private key d1, only the proxy signer U1 can create by himself. Therefore, the proxy signing key can not be forged. .Time constraint. In our scheme, every the proxy signer have a proxy deadline. In resources of verification, resources will be check whether the proxy deadline expired. The use of period is records in mw, where the mw is signed by the original signer. If the deadline has expired, the verification key E will lose its effectiveness. When the proxy signer signing expired proxy signature key, because the verification key E has lost effectiveness, the proxy signature verification will fail. .Nonrepudiation. In our scheme, the mw, the verification key E and (H(mw ║ E))d0 mod N0 are issued by the original user, and it is using U0’s private key d0 and N0 to compute, Therefore, when the equation ((H(mw ║ E))d0 mod N0)e0 mod N0 = H(mw ║ E), the original user can not deny the proxy signature of is invalidity. Furthermore, when the proxy signer signs a proxy signature, it will issue {x1, S1}, where the x1 = (H(ID1 ║ m))d1 mod N1 and S1 = (K1)H(m) mod N0, the x1 and S1 include the proxy signer’s identity and proxy signing key K1. Therefore, the proxy signer can not to deny his proxy signature. .Known signer. In our scheme, when the proxy signer uses the proxy signing key, it will issues {x1, S1} to authenticate with resources, and resources will verified x1 where the x1 = (H(ID1 ║ m))d1 mod N1 is used to check the proxy signer’s identity, to recognize the proxy signer. Table 1. The comparisons between our scheme and GSI model
Requirements Authentication Confidentiality and integrity Secrecy Unforgeability Time constrain Nonrepudiation Known signer
Our scheme Yes
GSI model Yes
Yes
Yes
Yes Yes Yes Yes Yes
Yes Yes Yes No No
Table 1. is the comparisons between our scheme and GSI model, our propose scheme using proxy signature for dynamic delegation in grids. Our scheme can satisfy all the security requirements. Because GSI model is according to the proxy certificate’s contents to delegate, actually is only use private key to authenticate with resources. Therefore, GSI model is unable to reach known signer and nonrepudiation.
5
Conclusions
In this paper, we have described the security requirements and review the schemes for grids dynamic delegation using proxy certificate [18, 23, 26]. However, the previous schemes can not satisfy the requirements of nonrepudiation and known signer. Therefore, we proposed a dynamic delegation scheme for grid using proxy signature. The entity in our scheme has to issue his identity, he can not deny his own signature. Thus, our scheme can satisfy all the security requirements in grids.
14
Chen et al: Using Proxy Signature for Dynamic Delegation in Grids
Acknowledgement The authors may express their acknowledgement and the financial support project number here.
References [1] R. Al-Khannak and B. Bitzer, “Load Balancing for Distributed and Integrated Power Systems using Grid Computing,” Proceedings of International Conference on Clean Electrical Power, Capri, Italy, pp. 123-127, May 2007. [2] S. Bagchi, “Simulation of Grid Computing Infrastructure: Challenges and Solutions,” Proceedings of Winter Simulation Conference, Orlando, FL, U.S.A, pp. 1773-1780., December 2005. [3] K. Bicakci, “One-time Proxy Signatures Revisited,” Computer Standards & Interfaces, Vol. 29, pp. 499-505, May 2007. [4] M. L. Bote-Lorenzo, Y. A. Dimitriadis, E. Gomez-Sanchez, “Grid Characteristics and Uses: A Grid Definition,” Proceedings of the First European Across Grids Conference, Santiago de Compostela, Spain, pp. 291-298, February 2003. [5] A. Chakrabarti, A. Damodaran, S. Sengupta, “Grid Computing Security: A Taxonomy,” IEEE Security & Privacy, Vol. 6, No. 1, pp. 44-51, 2008. [6] C. C. Chang, I. C. Lin, J. H. Yang, “An Efficient Proxy Signature for Realizing Generalized Proxy Signature Policy,” Proceedings of The 4th International Conference on Intelligent Information Hiding and Multimedia Signal Processing(IIHMSP08), Harbin, China, pp. 1537-1540, August 2008. [7] E. Cody, R. Sharman, R. H. Rao, S. Upadhyaya, “Security in Grid Computing: A Review and Synthesis,” Decision Support Systems, Vol. 44, pp. 749-764, March 2008. [8] Y. S. Dai, M. Xie, K. L. Poh, “Reliability Analysis of Grid Computing Systems,” Proceedings of Pacific Rim International Symposium on Dependable Computing, Tsukuba-City, Ibarski, Japan, pp. 97-104, December 2002. [9] I. Foster and C. Kesselman, The Grid: Blueprint for a New Computing Infrastructure. USA: Morgan Kaufmann, 1999. [10] I. Foster, C. Kesselman, S. Tuecke, “The Anatomy of the Grid: Enabling Scalable Virtual Organizations,” International Journal of High Performance Computing, Vol. 15, No. 3, pp. 200-222, 2001. [11] G. Geethakumari, A. Negi, V. N. Sastry, “Dynamic Delegation Approach for Access Control in Grids,” in Proceedings of First International Conference on e-Science and Grid Computing, Melbourne, Australia, pp. 387-394, December 2005. [12] G. Geethakumari, A. Negi, V. N. Sastry, “Grid Security through Delegation of Roles,” Proceedings of 2006 IEEE Region 10 Conference (TENCON 2006), Hong Kong, China, pp. 1-4, November 2006. [13] A. S. Grimshaw, A. S. Humphrey, A. Natrajan, “A Philosophical and Technical Comparison of Legion and Globus,” IBM Journal of Research & Development, Vol. 48, pp. 233 - 254, March 2004. [14] M. Humphrey, M. R. Thompson, K. R. Jackson, “Security for Grids,” Proceedings of the IEEE, Vol. 93, No.3, pp. 644652, February 2005. [15] M. S. Hwang, I. C. Lin, J. L. Lu, “A Secure Nonrepudiable Threshold Proxy Signature Scheme with Known Signers,” Informatica, Vol. 11, No. 2, pp. 1-8, 2000. [16] M. S. Hwang, J. L. Lu, I. C. Lin, “A Practical (t, n) Threshold Proxy Signature Scheme based on the RSA Cryptosystem,” IEEE Transactions on Knowledge and Data Engineering, Vol. 15, No. 6, pp. 1552-1560, 2003. [17] S. H. Kim and S. Jin, “Grid ID Management based on Distributed Agents using SPML,” Proceedings of 2006 IEEE International Symposium on Consumer Electronics (ISCE) , St. Petersburg, Russia, pp. 1-6, June 2006. [18] M. C. Li, J. Ma, H. Yao, “Recovery Mechanism of Online Certification Chain in Grid Computing,” Proceedings of Availability, Reliability and Security (ARES), Vienna, Austria, pp. 558-562, April 2006.
15
Journal of Computers Vol.20, No.3, October 2009 [19] H. W. Lim. “On the Application of Identity-based Cryptography in Grid Security,” PhD Thesis, London University, 2006. [20] J. Liu, R. Sun, W. Kou, X. Sun, “The Security Analyses of RosettaNet in Grid,” Computer Standards & Interfaces, Vol. 29, pp. 224-228, February 2007. [21] J. Novotny, S. Tuecke, V. Welch, “An Online Credential Repository for the Grid: Myproxy,” in Proceedings of High Performance Distributed Computing, San Francisco, California, U.S.A., pp. 104-111, August 2001. [22] S. Piger, C. Grimm, R. Groeper, C. Kunz, “A Comprehensive Approach to Self-restricted Delegation of Rights in Grids,” Proceedings of Cluster Computing and the Grid, Lyon, France, pp. 114-121, May 2008. [23] S. Raghunathan, A. R. Mikler, C. Cozzolino, “Secure Agent Computation: X.509 Proxy Certificates in A Multi-lingual Agent Framework,” Journal of Systems and Software, Vol. 75, pp. 125-137, February 2005. [24] Z. Shao, “Improvement of Efficient Proxy Signature Schemes using Selfcertified Public Keys,” Applied Mathematics and Computation, Vol. 168, pp. 222-234, September 2005. [25] D. F. Snelling, S. van den Berghe, V. Q. Li, “Explicit Trust Delegation: Security for Dynamic Grids,” Fujitsu Scientific & Technical Journal, Vol. 40, pp. 282-294, December 2004. [26] V. Welch, I. Foster, C. Kesselman, O. Mulmo, L. Pearlman, S. Tuecke, J. Gawor, S. Meder, F. Siebenlist, “X.509 Proxy Certificates for Dynamic Delegation,” Proceedings of 3rd Annual PKI R&D Workshop, MD, U.S.A., pp. 42-58, April 2004. [27] Q. Zeng, C. EIuang, D. Chen, H. Hu, “Supporting Secure Collaborative Computing in Grid Environments,” Proceedings of Computer Supported Cooperative Work in Design, Xiamen, China, pp. 413-418, May 2004. [28] S. Zhao, A. Aggarwal, R. D. Kent, “PKI-based Authentication Mechanisms in Grid Systems,” Processing of Networking, Architecture, and Storage (NAS), Guilin, Guangxi, China, pp. 83-90, July 2007.
16
