Grids Security without Public Key Settings

Manik Lal Das

Dhirubhai Ambani Institute of Information and Communication Technology

Gandhinagar - 382007, India
maniklal das@daiict.ac.in

Abstract. Grid system [1] involves the collaborative use of comput-

ers, networks, devices, software, databases and interfaces maintained by
multiple organizations. In recent years, the development of Grid system
[2], [3] has gained increasing interests from researchers. In this paper, a
security solution is proposed for Grid system without public key settings.

Keywords: Grid system, Grid security, Authentication, Key establish-

ment.

1 Summary of the Proposed Protocol

The communicating entities of a Grid system are user, authentication server,
resource server, process, user proxy and resource proxy. Based on applications’
requirement, user can create user proxy and resource server can create resource
proxy. Security among several entities in Grids is an important concern and
numerous security protocols using public key settings have been proposed in
literature.
The proposed protocol uses a cryptographically secure keyed hash function
for communicating entities authentication and session key establishment between
them. The protocol has four phases as follows.
Authentication Server Setup. The Authentication Server (AS) is a trusted
entity, who selects a master secret key k for regulating security in Grids.
User Registration. A new user requires to register with the Grid system. User
submits her identity, uid, to AS. Then AS selects a random salt suid , computes
user’s secret key Ku = MAC(k; < uidsuid >) and sends Ku to the user in a
secure manner. Here, MAC() is a keyed hash function.
Resource Server Registration. A new resource server(RS) requires to register
with the Grid system. RS submits its identity, rid, to AS. Then AS selects a
random salt srid , computes RS’s secret key Kr = MAC(k; < ridsrid >) and
sends Kr to RS in a secure manner. AS keeps the records of all registered users
and RSs in its database.
Authentication and Session Key Establishment. This phase provides mu-
tual authentication of user and RS (and between their delegated agents) followed
by a session key establishment.

R. Ramanujam and S. Ramaswamy (Eds.): ICDCIT 2012, LNCS 7154, pp. 253–254, 2012.

c Springer-Verlag Berlin Heidelberg 2012
254 M.L. Das

– User chooses a nonce ru , computes cu = MAC(Ku ; < uid >) ⊕ ru , hu =

MAC(Ku ; < uidru >), and then sends < uid, rid, cu , hu > to AS. AS first vali-
dates uid and if uid is valid then AS computes Ku = MAC(k; < uidsuid >) and
obtains ru = MAC(Ku ; < uid >) ⊕ cu . Then AS computes hu = MAC(Ku ; <
uidru >) and checks whether hu = hu . If it holds, user is authenticated; other-
wise, AS terminates the communication.
– AS chooses a nonce ra , computes Kr = MAC(k; < ridsrid >), ca =
MAC(Kr ; < rid >)⊕ra , X = ru ⊕ra and ha = MAC(Kr ; < riduidru ra X >).
Then, AS sends < rid, ca , X, ha > to RS. RS obtains ra = MAC(Kr ; < rid >)⊕ca
and gets ru = X ⊕ ra . RS computes ha = MAC(Kr ; < riduidru ra X >). AS
is authenticated if ha = ha ; otherwise, RS terminates the communication.
– RS chooses a nonce rs , computes SKRU = MAC((ru rs ); < uidrid >), R =

ru ⊕ rs and hr = MAC(SKRU ; < riduid >). Then, RS sends < rid, uid, R, hr >
to the user. The user obtains rs = R ⊕ ru , computes SKUR = MAC((ru rs ); <
uidrid >) and hr = MAC(SKUR ; < riduid >). RS is authenticated if hr =
hr ; otherwise, user terminates the communication.
If all the above steps occur successfully, SK (= SKRU = SKUR ) acts as the
session key between user and RS.
– User computes hc = MAC(SKUR ; < uidrid“DON E” >) and sends <
uid, rid, hc , request for resource> to RS. RS checks whether hc = MAC(SKRU ; <
uidrid“DON E” >). If it holds, they start transmitting data encrypted under
the key SK; otherwise, terminate the communication.
Conclusion. In this paper, we provided a security solution for Grids without
public key settings. The proposed key establishment protocol could be extended
to other peers such as proxy user and proxy server. The protocol is efficient in
comparisons to other Grid security protocols [4], [5], which do not require public
key on server.

Acknowledgement. This work is supported in part by Department of Science

and Technology, Ministry of Science & Technology, Government of India through
DST/INT/SPAIN/P-6/2009 Indo-Spanish Joint Programme of Cooperation in
Science and Technology.

References
1. Foster, I., Kesselman, C., Tsudik, G., Tuecke, S.: A security architecture for compu-
tational grids. In: Proc. of the ACM Conference on Computer and Communications
Security, pp. 83–92 (1998)
2. The Globus Alliance. The Globus Project, http://www.globus.org/
3. Grid Software security. Components for Grid security,
http://www.globus.org/grid_software/security/
4. Chang, Y., Chang, C., Liu, Y.: Password authentication without the server public
key. IEICE Transactions on Communications E87-B(10), 3088–3091 (2004)
5. Yoon, E., Yoo, K.: An Efficient Password Authentication Scheme Without Using
the Server Public Key for Grid Computing. In: Zhuge, H., Fox, G.C. (eds.) GCC
2005. LNCS, vol. 3795, pp. 149–154. Springer, Heidelberg (2005)