EPSRC logo

Details of Grant 

EPSRC Reference: EP/D051878/1
Title: Novel Security Architectures and Policy Manangement Techniques for e-Science
Principal Investigator: Paterson, Professor KG
Other Investigators:
Crampton, Professor J Price, Dr G
Researcher Co-Investigators:
Project Partners:
Department: Mathematics
Organisation: Royal Holloway, Univ of London
Scheme: Standard Research (Pre-FEC)
Starts: 01 February 2006 Ends: 31 January 2008 Value (£): 110,491
EPSRC Research Topic Classifications:
Networks & Distributed Systems Software Engineering
EPSRC Industrial Sector Classifications:
No relevance to Underpinning Sectors
Related Grants:
Panel History:  
Summary on Grant Application Form
Security considerations are particularly important in collaborativecomputing ventures that incorporate multiple organisations andrequire interoperation between different trust domains. Thesecurity mechanisms in such ventures, including the UK e-Scienceproject, rely on establishing the authenticity of public keys, whichis generally performed using a public key infrastructure (PKI).Nevertheless, it is fair to say that few PKIs have been anunqualified success, and those that have typically operate within asingle organisation or a tightly coupled consortium with strongpre-existing trust relationships between the partners. Many of theseproblems are related to the maintenance and revocation of public keycertificates, which attest to a binding between an identity and apublic key.Large, loosely coupled virtual organisations comprising manyorganisations, typically co-ordinated using grid technology, arebecoming increasingly commonplace and important within thescientific community, and are expected to become increasinglyimportant to industry. The Globus Toolkit, the de facto standard forbuilding grids, relies on the existence of a PKI for the provisionof security services. Moreover, web services security services arebased on PKI technology. In short, it seems that many current andfuture computing services will rely on PKI, despite the flawsinherent in such technology.The primary aim of this project is to demonstrate that there arecompelling alternatives to PKI for providing the basis of securityservices in a distributed computing environment. In particular,identity-based public key cryptography (ID-PKC) and certificate-lesspublic key cryptography (CL-PKC), two recent developments incryptography, support public key cryptography without the use ofcertificates.We will begin by refining our existing work on the use ofidentity-based public key cryptography (ID-PKC) in grids, developingnew cryptographic schemes to further improve the performance ofproxying, and to support secure, remote credential storage. ID-PKCrelies on a trusted authority that has knowledge of every privatekey, a characteristic usually known as key escrow which mightinhibit the use of ID-PKC in commercial grid computing. The use ofCL-PKC eliminates key escrow. In our second area of research,therefore, we will develop a grid security architecture based onCL-PKC, and compare it to the standard PKI approach and ouridentity-based approaches.Our next theme will be to examine how identity-based andcertificateless systems can support enforcement of policies forfine-grained access control and authorization in grids. This workwill exploit the novel property of these systems that public keys,being derived from arbitrary strings, can directly express complexpolicies, while the possession of a matching private key can be usedto demonstrate that a given policy is satisfied. In our work, wewill consider the use of this technique both to provide a mechanismto transport confidentiality constraints with data and to develop alightweight, flexible authentication and authorization mechanism.Our final piece of work reflects the trend towards increasingintegration of grid technology with web services. Our objective isto investigate the application of ID-PKC and CL-PKC to web servicessecurity, and to study how the resulting protocols and schemas canbe applied in grids. We will focus on developing new versions of XMLEncryption, XML Signature and WS-SecureConversation supporting thesenew forms of cryptography. We will define key management servicessuited to ID-PKC and CL-PKC architectures which parallel thosespecified by XKMS for standard PKI. Our belief is that the use ofID-PKC/CL-PKC has the potential to make these XKMS-like servicessimpler and more lightweight, with potential for removing the needfor certain XKMS services altogether and simplifying others.
Key Findings
This information can now be found on Gateway to Research (GtR) http://gtr.rcuk.ac.uk
Potential use in non-academic contexts
This information can now be found on Gateway to Research (GtR) http://gtr.rcuk.ac.uk
Impacts
Description This information can now be found on Gateway to Research (GtR) http://gtr.rcuk.ac.uk
Summary
Date Materialised
Sectors submitted by the Researcher
This information can now be found on Gateway to Research (GtR) http://gtr.rcuk.ac.uk
Project URL:  
Further Information:  
Organisation Website: