To address Internet and E-Commerce security requirements, businesses deploy advanced network protocols and Web Services security standards to ensure transaction privacy, data integrity and information confidentiality.
The Public Key Infrastructure (PKI) that utilizes the X.509 protocol has been a widely adopted security mechanism to meet today's Internet and E-Commerce security requirements. Unfortunately, Public Key Infrastructure (PKI) is limited by key transmission security concerns between senders and receivers. Eavesdroppers who are equipped with advanced computer resources are capable of breaching Internet and Web Services security via man-in-the-middle attacks. We propose using Quantum Key Distribution to answer the key transmission concerns. Based on the laws of nature (Quantum Physics), Quantum Cryptography promises to be an unbreakable, eavesdropping-proof security measure.
Utilizing the Internet as the process backend, the on-demand, service-oriented business model is the key to transforming modern businesses to meet challenges in the new millennium. Grid computing is one way to address the requirements for the on-demand, service-oriented business model. Grid systems create a dynamic "Virtual Organization" (VO) that combines groups of various computer resources and services over the Internet and aggregates these computer resources and services for common purposes.
This dissertation first analyzes vulnerabilities of network security protocols and Web Services security standards, which Grid computing embraces as part of its security offerings. Based on the understanding of the vulnerabilities we surveyed, we suggest building a transitive trust architecture for X.509 certificates to ensure proper authentication and authorization and then we propose combining classical Public Key Infrastructure (PKI) for heavy message traffic with point-to-point Quantum Key Distribution for distributing the private keys between Grid service providers and Grid service requesters. We conclude with a proposal for and a feasibility analysis of enhancing Grid security requirements using Quantum Key Distribution.
