4,551 research outputs found
On the Application of Identity-Based Cryptography in Grid Security
This thesis examines the application of identity-based cryptography
(IBC) in designing security infrastructures for grid applications.
In this thesis, we propose a fully identity-based key infrastructure
for grid (IKIG). Our proposal exploits some interesting properties
of hierarchical identity-based cryptography (HIBC) to replicate
security services provided by the grid security infrastructure (GSI)
in the Globus Toolkit. The GSI is based on public key infrastructure
(PKI) that supports standard X.509 certificates and proxy
certificates. Since our proposal is certificate-free and has small
key sizes, it offers a more lightweight approach to key management
than the GSI. We also develop a one-pass delegation protocol that
makes use of HIBC properties. This combination of lightweight key
management and efficient delegation protocol has better scalability
than the existing PKI-based approach to grid security.
Despite the advantages that IKIG offers, key escrow remains an issue
which may not be desirable for certain grid applications. Therefore,
we present an alternative identity-based approach called dynamic key
infrastructure for grid (DKIG). Our DKIG proposal combines both
identity-based techniques and the conventional PKI approach. In this
hybrid setting, each user publishes a fixed parameter set through a
standard X.509 certificate. Although X.509 certificates are involved
in DKIG, it is still more lightweight than the GSI as it enables the
derivation of both long-term and proxy credentials on-the-fly based
only on a fixed certificate.
We also revisit the notion of secret public keys which was
originally used as a cryptographic technique for designing secure
password-based authenticated key establishment protocols. We
introduce new password-based protocols using identity-based secret
public keys. Our identity-based techniques can be integrated
naturally with the standard TLS handshake protocol. We then discuss
how this TLS-like identity-based secret public key protocol can be
applied to securing interactions between users and credential
storage systems, such as MyProxy, within grid environments
Still Wrong Use of Pairings in Cryptography
Several pairing-based cryptographic protocols are recently proposed with a
wide variety of new novel applications including the ones in emerging
technologies like cloud computing, internet of things (IoT), e-health systems
and wearable technologies. There have been however a wide range of incorrect
use of these primitives. The paper of Galbraith, Paterson, and Smart (2006)
pointed out most of the issues related to the incorrect use of pairing-based
cryptography. However, we noticed that some recently proposed applications
still do not use these primitives correctly. This leads to unrealizable,
insecure or too inefficient designs of pairing-based protocols. We observed
that one reason is not being aware of the recent advancements on solving the
discrete logarithm problems in some groups. The main purpose of this article is
to give an understandable, informative, and the most up-to-date criteria for
the correct use of pairing-based cryptography. We thereby deliberately avoid
most of the technical details and rather give special emphasis on the
importance of the correct use of bilinear maps by realizing secure
cryptographic protocols. We list a collection of some recent papers having
wrong security assumptions or realizability/efficiency issues. Finally, we give
a compact and an up-to-date recipe of the correct use of pairings.Comment: 25 page
Reliable Communication in a Dynamic Network in the Presence of Byzantine Faults
We consider the following problem: two nodes want to reliably communicate in
a dynamic multihop network where some nodes have been compromised, and may have
a totally arbitrary and unpredictable behavior. These nodes are called
Byzantine. We consider the two cases where cryptography is available and not
available. We prove the necessary and sufficient condition (that is, the
weakest possible condition) to ensure reliable communication in this context.
Our proof is constructive, as we provide Byzantine-resilient algorithms for
reliable communication that are optimal with respect to our impossibility
results. In a second part, we investigate the impact of our conditions in three
case studies: participants interacting in a conference, robots moving on a grid
and agents in the subway. Our simulations indicate a clear benefit of using our
algorithms for reliable communication in those contexts
- …