Grids Security without Public Key Settings

Manik Lal Das

Dhirubhai Ambani Institute of Information and Communication Technology

Gandhinagar - 382007, India.
maniklal das@daiict.ac.in

Abstract. Grid system [1] involves the collaborative use of computers,

networks, devices, software, databases and interfaces maintained by mul-
tiple organizations. In recent years, the development of Grid system [2],
[3] has gained increasing interests from researchers. In this paper, a se-
curity solution is proposed for Grid system without public key settings.
Keywords. Grid system, Grid security, Authentication, Key establish-
ment.

1 Summary of the Proposed Protocol

The communicating entities of a Grid system are user, authentication server,

resource server, process, user proxy and resource proxy. Based on applications’
requirement, user can create user proxy and resource server can create resource
proxy. Security among several entities in Grids is an important concern and
numerous security protocols using public key settings have been proposed in lit-
erature.
The proposed protocol uses a cryptographically secure keyed hash function for
communicating entities authentication and session key establishment between
them. The protocol has four phases as follows.
Authentication Server Setup. The Authentication Server (AS) is a trusted
entity, who selects a master secret key k for regulating security in Grids.
User Registration. A new user requires to register with the Grid system. User
submits her identity, uid, to AS. Then AS selects a random salt suid , computes
user’s secret key Ku = MAC(k; < uidksuid >) and sends Ku to the user in a
secure manner. Here, MAC() is a keyed hash function.
Resource Server Registration. A new resource server(RS) requires to regis-
ter with the Grid system. RS submits its identity, rid, to AS. Then AS selects
a random salt srid , computes RS’s secret key Kr = MAC(k; < ridksrid >) and
sends Kr to RS in a secure manner. AS keeps the records of all registered users
and RSs in its database.
Authentication and Session Key Establishment. This phase provides mu-
tual authentication of user and RS (and between their delegated agents) followed
by a session key establishment.
– User chooses a nonce ru , computes cu = MAC(Ku ; < uid >) ⊕ ru , hu =
MAC(Ku ; < uidkru >), and then sends < uid, rid, cu , hu > to AS. AS first vali-
dates uid and if uid is valid then AS computes Ku0 = MAC(k; < uidksuid >) and
obtains ru0 = MAC(Ku0 ; < uid >) ⊕ cu . Then AS computes h0u = MAC(Ku0 ; <
uidkru0 >) and checks whether h0u = hu . If it holds, user is authenticated; other-
wise, AS terminates the communication.
– AS chooses a nonce ra , computes Kr0 = MAC(k; < ridksrid >), ca = MAC(Kr0 ; <
rid >) ⊕ ra , X = ru0 ⊕ ra and ha = MAC(Kr0 ; < ridkuidkru0 kra kX >). Then, AS
sends < rid, ca , X, ha > to RS. RS obtains ra = MAC(Kr ; < rid >) ⊕ ca and
gets ru0 = X ⊕ ra . RS computes h0a = MAC(Kr ; < ridkuidkru0 kra kX >). AS is
authenticated if h0a = ha ; otherwise, RS terminates the communication.
– RS chooses a nonce rs , computes SKRU = MAC((ru0 krs ); < uidkrid >), R =
ru0 ⊕ rs and hr = MAC(SKRU ; < ridkuid >). Then, RS sends < rid, uid, R, hr >
to the user. The user obtains rs = R ⊕ ru , computes SKU R = MAC((ru krs ); <
uidkrid >) and h0r = MAC(SKU R ; < ridkuid >). RS is authenticated if h0r =
hr ; otherwise, user terminates the communication.
If all the above steps occur successfully, SK (= SKRU = SKU R ) acts as the
session key between user and RS.
– User computes hc = MAC(SKU R ; < uidkridk“DON E” >) and sends <
uid, rid, hc , request for resource> to RS. RS checks whether hc = MAC(SKRU ; <
uidkridk“DON E” >). If it holds, they start transmitting data encrypted under
the key SK; otherwise, terminate the communication.
Conclusion. In this paper, we provided a security solution for Grids without
public key settings. The proposed key establishment protocol could be extended
to other peers such as proxy user and proxy server. The protocol is efficient in
comparisons to other Grid security protocols [4], [5], which do not require public
key on server.
Acknowledgement. This work is supported in part by Department of Science
and Technology, Ministry of Science & Technology, Government of India through
DST/INT/SPAIN/P-6/2009 Indo-Spanish Joint Programme of Cooperation in
Science and Technology.

References
1. I. Foster, C. Kesselman, G. Tsudik, and S. Tuecke. A security architecture for
computational grids, In Proc. of the ACM Conference on Computer and Commu-
nications Security, pp.83–92, 1998.
2. The Globus Alliance. The Globus Project. http://www.globus.org/
3. Grid Software security. Components for Grid security.
http://www.globus.org/grid software/security/
4. Y. Chang, C. Chang, and Y. Liu. Password authentication without the server
public key, IEICE Transactions on Communications, E87-B(10):3088–3091, 2004.
5. E. Yoon and K. Yoo. An efficient password authentication scheme without using
the server public key for grid computing, In Proc. of the International Conference
on Grid and Cooperative Computing, LNCS 3795, Springer-Verlag, pp.149–154,
2005.