Initialization: 1.Cloud machine instances initializes and sent ServiceToken from Service Controller. Authentication: 2.Client sends AuthRequest to AuthenticationService.

Slides:

Advertisements

Similar presentations

Presence, Security and Privacy. VON The Current Environment Many Faces of Security Authentication Verify someone is who they.

Advertisements

Hypertext Transfer PROTOCOL ----HTTP Sen Wang CSE5232 Network Programming.

Mutual OATH HOTP Variants 65th IETF - Dallas, TX March 2006.

1 Lecture 17: SSL/TLS history, architecture basic handshake session initiation/resumption key computation negotiating cipher suites application: SET.

Presented by Fengmei Zou Date: Feb. 10, 2000 The Secure Sockets Layer (SSL) Protocol.

Secure Socket Layer.

SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.

J. Wang. Computer Network Security Theory and Practice. Springer 2009 Chapter 5 Network Security Protocols in Practice Part II.

An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.

BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.

CMPE208 Presentation Terminal Access Controller Access Control System Plus (TACACS+) By MARVEL (Libing, Bhavana, Ramya, Maggie, Nitin)

Encryption and Firewalls Chapter 7. Learning Objectives Understand the role encryption plays in firewall architecture Know how digital certificates work.

Kerberos Jean-Anne Fitzpatrick Jennifer English. What is Kerberos? Network authentication protocol Developed at MIT in the mid 1980s Available as open.

Real-Time Authentication Using Digital Signature Schema Marissa Hollingsworth BOISECRYPT ‘09.

A CHAT CLIENT-SERVER MODULE IN JAVA BY MAHTAB M HUSSAIN MAYANK MOHAN ISE 582 FALL 2003 PROJECT.

SSH : The Secure Shell By Rachana Maheswari CS265 Spring 2003.

Remote Networking Architectures

Chapter 17 TACACS+.

Secure Sockets Layer 1 / 99  SSL is perhaps the widest used security protocol on the Internet today.  Together with DC enables secure communication.

SSH Secure Login Connections over the Internet

Announcement Final exam: Wed, June 9, 9:30-11:18 Scope: materials after RSA (but you need to know RSA) Open books, open notes. Calculators allowed. 1.

.Net Security and Performance -has security slowed down the application By Krishnan Ganesh Madras.

Session 11: Security with ASP.NET

11 Secure Sockets Layer (SSL) Protocol (SSL) Protocol Saturday, University of Palestine Applied and Urban Engineering College Information Security.

Secure connections.

Secure Socket Layer (SSL)

1 Chapter 8 Copyright 2003 Prentice-Hall Cryptographic Systems: SSL/TLS, VPNs, and Kerberos.

© FPT SOFTWARE – TRAINING MATERIAL – Internal use 04e-BM/NS/HDCV/FSOFT v2/3 Securing a Microsoft ASP.NET Web Application.

POSTER TEMPLATE BY: Whitewater HTTP Vulnerabilities Nick Berry, Joe Joyce, & Kevin Vaccaro. Syntax & Routing Attempt to capture.

1 Security Protocols in the Internet Source: Chapter 31 Data Communications & Networking Forouzan Third Edition.

CS 4244: Internet Programming Security 1.0. Introduction Client identification and cookies Basic Authentication Digest Authentication Secure HTTP.

SARVAJANIK COLLEGE OF ENGINEERING & TECHNOLOGY. Secure Sockets Layer (SSL) Protocol Presented By Shivangi Modi Presented By Shivangi ModiCo-M(Shift-1)En.No

SSL (TLS) Part 2 Generating the Premaster and Master Secrets + Encryption.

X.509 Topics PGP S/MIME Kerberos. Directory Authentication Framework X.509 is part of the ISO X.500 directory standard. used by S/MIME, SSL, IPSec, and.

Secure Sockets Layer (SSL) Protocol by Steven Giovenco.

1 SSL/TLS. 2 Web security Security requirements Secrecy to prevent eavesdroppers to learn sensitive information Entity authentication Message authentication.

 authenticated transmission  secure tunnel over insecure public channel  host to host transmission is typical  service independent WHAT IS NEEDED?

KERBEROS SYSTEM Kumar Madugula.

Secure Transactions Chapter 17. The user's machine No control over security of user's machine –Might be in very insecure: library, school, &c. Users disable.

Java Networking I IS Outline  Quiz #3  Network architecture  Protocols  Sockets  Server Sockets  Multi-threaded Servers.

1 SUBMITTED BY- PATEL KUMAR C.S.E(8 th - sem). SUBMITTED TO- Mr. DESHRAJ AHIRWAR.

Pertemuan #8 Key Management Kuliah Pengaman Jaringan.

Cryptography CSS 329 Lecture 13:SSL.

1 Example security systems n Kerberos n Secure shell.

PRESENTATION ON SECURE SOCKET LAYER (SSL) BY: ARZOO THAKUR M.E. C.S.E (REGULAR) BATCH

The Secure Sockets Layer (SSL) Protocol

Cookies Tutorial Cavisson Systems Inc..

UNIT.4 IP Security.

Radius, LDAP, Radius used in Authenticating Users

Module 8: Securing Network Traffic by Using IPSec and Certificates

Kerberos Kerberos is a network authentication protocol and it is designed to provide strong authentication for client server applications. It uses secret.

Kerberos: An Authentication Service for Open Network Systems

Originally by Yu Yang and Lilly Wang Modified by T. A. Yang

SSH: SECURE LOGIN CONNECTIONS OVER THE INTERNET

Kerberos Kerberos is an authentication protocol for trusted hosts on untrusted networks.

SSL (Secure Socket Layer)

CDK4: Chapter 7 CDK5: Chapter 11 TvS: Chapter 9

The Secure Sockets Layer (SSL) Protocol

Architecture Competency Group

Module 8: Securing Network Traffic by Using IPSec and Certificates

Transport Layer Security (TLS)

CDK: Chapter 7 TvS: Chapter 9

Encrypted Database Final Presentation

Unit 8 Network Security.

Electronic Payment Security Technologies

Information Retrieval and Web Design

Virtual Private Networks (VPN)

Presentation transcript:

Initialization: 1.Cloud machine instances initializes and sent ServiceToken from Service Controller. Authentication: 2.Client sends AuthRequest to AuthenticationService. 3.AuthenticationService requests user information from a credential store (database, LDAP, etc). 4.AuthenticationService sends client a AuthToken. Start Session with Cloud Service: 5.Client requests instance’s ServiceToken. 6.Instance sends client it’s ServiceToken. 7.Client sends SessionKey and optionally first request. Request: 7.Client sends RequestToken and Request. 8.Service sends response., 7, 8

Byte VersionMessage Length Time Stamp Service List Length (sl) 18.. sl+17 Service List sl+18.. sl+21 SKpub Length (skp) sl+22.. sl+21+skp ANS.1 Encoded SKpub sl+22+skp.. sl+25+skp Text Length (tx) sl+26+skp.. sl+25+skp+tx String(Public IP or Host + Delimiter + Instance ID + Delimiter + Service Controller ID + Delimiter + Service ID) sl+26+skp+tx.. end of token Message Signature Signature(SCpri, Version + Body) ServiceToken Header (5 bytes) Body Tail

Byte VersionMessage LengthBody Length 1..8 Time Stamp Request ID CKpub Length (ckp) 21.. ckp+20 ANS.1 Encoded CKpub ckp+21.. ckp+24 Text Length (tx) ckp+25.. ckp+24+tx String(AuthServer ID + Delimiter + User ID + Delimiter + Role ID) ckp+25+tx.. end of body User Credentials CKsec Length (cks) 5.. cks + 4 ANS.1 Encoded CKsec cks end of tail Message Hash Hash(Version + Body + CKsec Length + CKsec) AuthRequest Header (9 bytes) Body (Encrypted with CKsec) Tail (Encrypted with AKencpub)

Byte VersionMessage Length Time Stamp Expiry Date Session ID CKpub Length (ckp) 34.. ckp+33 ANS.1 Encoded CKpub ckp+34.. ckp+37 Text Length (tx) ckp+38.. ckp+37+tx String(AuthServer ID + Delimiter + User ID + Delimiter + Role ID) ckp+38+tx.. end of token Message Signature Signature(AKsigpri, Version + Body) AuthToken Header (5 bytes) Body Tail Encrypted with CKsec

Byte VersionMessage Length Random Number 14.. end of SessionKey ANS.1 Encoded SEKsec SessionKey Header (5 bytes) Body Encrypted with SKpub

Byte VersionMessage Length Time Stamp Request ID Session ID Request Hash Length (rh) 34.. rh+33 Request Hash rh+34.. rh+37 Text Length (tx) rh+38.. rh+37+tx String(Service ID) rh+38+tx.. end of token Message Signature Signature(CKpri, Version + Body) RequestToken Tail Body Header (5 bytes) Encrypted with SEKsec

Implementation of AuthSrever and Client created using Java TCP sockets. Authentication performance evaluated against a SSL connection and Kerberos. Performance measured in average time per request on low latency local network and higher latency, nosier wide area network. Each protocol was tested with 10,000 authentication requests for each network. Lakehead University's private cloud computing testbed

Based on 1,000 requests per run per protocol.

Based on 10,000 requests per protocol.

Expand on roll model. Performance testing of all parts of the protocol. Formal security evaluation of the protocol. Securing data on the cloud.