The open archive for STFC research publications

Full Record Details

Persistent URL http://purl.org/net/epubs/work/50800
Record Status Checked
Record Id 50800
Title DToken: a Lightweight and Traceable Delegation Architecture for Distributed Systems
Abstract Several major techniques have been proposed in to address delegation problems in distributed computing environments of various scales, ranging from LAN, WAN, to the Internet. One of the major characteristics of existing public key cryptography based delegation mechanisms is their use of a fresh key pair every step along the delegation chain. This has led to a range of open issues, including a non-negligible performance overhead imposed by using a fresh key pair in proxy credentials; the lack of traceability of the principals in a delegation chain; and the complexity of managing the dynamically created key pairs in the distributed environment. This paper focuses on the architectual issues of delegation. We propose a new delegation architecture, called DToken, that takes advantage of the PKI. DToken is lightweight as it eliminates the use of freshly generated key pairs in a distributed setting. DToken is also traceable because the identity of the principals in a delegation chain is preserved by cryptographically verifiable mechanisms. A preliminary evaluation demonstrates that DToken outperforms the popular delegation solution of proxy certificate. In a single-level delegation, the overall cost of creating a DToken, the major cost of delegation, is roughly 1/3, 1/5, and 1/10 of that of creating a proxy certificate when the certificate key size is 512, 1024, and 2048 bits, respectively.
Organisation ESC , ESC-IM , STFC
Keywords delegation , myProxy , X.509 , Grid , XtreemOS , PKI , distributed systems , certificates
Funding Information
Related Research Object(s):
Licence Information:
Language English (EN)
Type Details URI(s) Local file(s) Year
Paper In Conference Proceedings In 28th IEEE Symposium on Reliable Distributed Systems (SRDS 2009), Niagara Falls, NY, USA, 28-30 Sep 2009, (2009). doi:10.1109/SRDS.2009.31 2009