Recovery mechanism of online certification chain in grid computing

Proxy credentials are commonly used in security system when one entity wishes to grant some set of its privileges to another entity. Proxy credential chain is produced when new entities with proxy credentials use their proxy credentials to authenticate and establish secured connections with other entities in the same manner and are asked to wait for the completion of a task online. Due to network unstable, some middle node of the credential chain is not accessed by certain reasons, and, as a result, proxy credential chain problem occurs. The problem is an important research issue in grid security. In this paper, we explore the problem by using double signatures and applying X.509 proxy credential. We provides a method to create double signatures using data redundancy and to establish proxy credential chain with double signatures, and provide a recovery mechanism of proxy credential chain in grid when certificate chain broken problem occurs. We analyze the disadvantages of existing mechanism when the middle-node of the credentials chain was broken, and present a new scheme to extend the existing mechanism (including the description of new proxy credential format, the creation mechanism of proxy credentials and the strategy of validating). We also analyze the security of our new scheme.