摘要
Grid security infrastructure (GSI) provides the security in grids by using proxy certificates to delegate the work of authentication. At present, revocation proxy certificate has two kinds of methods, one is using certificate revocation list (CRL) and the other is giving the certificate a short period of validity. However, when a lot of certifications are revoked, CRL will be the burden in the system. If the certificate has a short period of validity, entities should be often updating the certificate. In this paper, we propose a scheme for proxy certificate revocation using hash tree. Our scheme only needs hash value comparisons to achieve the purpose of certificate revocation. Previous two methods have to wait the expiration of the certificate. Therefore, our scheme is more flexible than previous methods.
Grid security infrastructure (GSI) provides the security in grids by using proxy certificates to delegate the work of authentication. At present, revocation proxy certificate has two kinds of methods, one is using certificate revocation list (CRL) and the other is giving the certificate a short period of validity. However, when a lot of certifications are revoked, CRL will be the burden in the system. If the certificate has a short period of validity, entities should be often updating the certificate. In this paper, we propose a scheme for proxy certificate revocation using hash tree. Our scheme only needs hash value comparisons to achieve the purpose of certificate revocation. Previous two methods have to wait the expiration of the certificate. Therefore, our scheme is more flexible than previous methods.
基金
supported by the National Science Council under Grant No. NSC100-2410-H-005-046
