摘要
网格为了满足单点登陆和受限代理需求,引入了代理证书.实际运用中,多个代理的产生将形成代理证书链.对该证书链,需要按照算法进行验证,以确保各代理之间信任委托关系的正确.对当前证书链验证算法进行了分析,表明在一定条件下可以简化代理的认证,从而提高检验效率,降低验证时间.基于分析结论,通过引入一个数据结构提出一种该类验证算法的改进方案,该方案在验证代理证书链签名和收集安全政策方面有改进.尤其对于代理证书链的签名验证,实验表明其验证时间明显减少,且随着签署证书的密钥长度增加,以及代理证书链的增长,验证时间减少得越明显.该方案对在网格环境下广泛应用代理证书、信任证实现委托权限、建立信任关系等起到推动作用.
For the requirement of single sign on and limited proxy in grid, proxy certificate has been proposed and involved. As several proxies come into being while using them practically, it would come to a structure called proxy certificate chain. An algorithm is needed to verify the chain for assuring the trust relationship between each of proxies in it. So far, this kind of algorithm is seldom being discussed in terms of the algorithm efficiency. This paper, based on the analysis for the algorithm on verifying Proxy Certificate Chain, and a reference to a new data structure, proposes a solution on improving the algorithm efficiency. The improvement comes up not only in collection of security policy, but also verification of digital signature. Simulation test shows the improvement, especially on signature decryption, is notable. So for the application of proxy certificate and credential in grid to establish trust relationship and privilege delegation provide an occasion.
出处
《小型微型计算机系统》
CSCD
北大核心
2009年第8期1611-1615,共5页
Journal of Chinese Computer Systems
基金
国家自然科学基金项目(60673046
90412007)资助
关键词
网格安全
认证
代理证书
代理证书链
grid
authentication
proxy certificate
proxy certificate chain