Presentation is loading. Please wait.

Presentation is loading. Please wait.

Initialization: 1.Cloud machine instances initializes and sent ServiceToken from Service Controller. Authentication: 2.Client sends AuthRequest to AuthenticationService.

Published byCollin Sims Modified over 9 years ago

Similar presentations

Presentation on theme: "Initialization: 1.Cloud machine instances initializes and sent ServiceToken from Service Controller. Authentication: 2.Client sends AuthRequest to AuthenticationService."— Presentation transcript:

1 Initialization: 1.Cloud machine instances initializes and sent ServiceToken from Service Controller. Authentication: 2.Client sends AuthRequest to AuthenticationService. 3.AuthenticationService requests user information from a credential store (database, LDAP, etc). 4.AuthenticationService sends client a AuthToken. Start Session with Cloud Service: 5.Client requests instance’s ServiceToken. 6.Instance sends client it’s ServiceToken. 7.Client sends SessionKey and optionally first request. Request: 7.Client sends RequestToken and Request. 8.Service sends response., 7, 8

2 Byte +0+1+2+3+4+5+6+7 1..5 VersionMessage Length 6.. 13 Time Stamp 14.. 17 Service List Length (sl) 18.. sl+17 Service List sl+18.. sl+21 SKpub Length (skp) sl+22.. sl+21+skp ANS.1 Encoded SKpub sl+22+skp.. sl+25+skp Text Length (tx) sl+26+skp.. sl+25+skp+tx String(Public IP or Host + Delimiter + Instance ID + Delimiter + Service Controller ID + Delimiter + Service ID) sl+26+skp+tx.. end of token Message Signature Signature(SCpri, Version + Body) ServiceToken Header (5 bytes) Body Tail

3 Byte +0+1+2+3+4+5+6+7+8 1..9 VersionMessage LengthBody Length 1..8 Time Stamp 9..16 Request ID 17..20 CKpub Length (ckp) 21.. ckp+20 ANS.1 Encoded CKpub ckp+21.. ckp+24 Text Length (tx) ckp+25.. ckp+24+tx String(AuthServer ID + Delimiter + User ID + Delimiter + Role ID) ckp+25+tx.. end of body User Credentials 1.. 4 CKsec Length (cks) 5.. cks + 4 ANS.1 Encoded CKsec cks + 5.. end of tail Message Hash Hash(Version + Body + CKsec Length + CKsec) AuthRequest Header (9 bytes) Body (Encrypted with CKsec) Tail (Encrypted with AKencpub)

4 Byte +0+1+2+3+4+5+6+7 1..5 VersionMessage Length 6..13 Time Stamp 14..21 Expiry Date 22.. 29 Session ID 30..33 CKpub Length (ckp) 34.. ckp+33 ANS.1 Encoded CKpub ckp+34.. ckp+37 Text Length (tx) ckp+38.. ckp+37+tx String(AuthServer ID + Delimiter + User ID + Delimiter + Role ID) ckp+38+tx.. end of token Message Signature Signature(AKsigpri, Version + Body) AuthToken Header (5 bytes) Body Tail Encrypted with CKsec

5 Byte +0+1+2+3+4+5+6+7 1..5 VersionMessage Length 6.. 13 Random Number 14.. end of SessionKey ANS.1 Encoded SEKsec SessionKey Header (5 bytes) Body Encrypted with SKpub

6 Byte +0+1+2+3+4+5+6+7 1..5 VersionMessage Length 6..13 Time Stamp 14..21 Request ID 22.. 29 Session ID 30..33 Request Hash Length (rh) 34.. rh+33 Request Hash rh+34.. rh+37 Text Length (tx) rh+38.. rh+37+tx String(Service ID) rh+38+tx.. end of token Message Signature Signature(CKpri, Version + Body) RequestToken Tail Body Header (5 bytes) Encrypted with SEKsec

7 Implementation of AuthSrever and Client created using Java TCP sockets. Authentication performance evaluated against a SSL connection and Kerberos. Performance measured in average time per request on low latency local network and higher latency, nosier wide area network. Each protocol was tested with 10,000 authentication requests for each network. Lakehead University's private cloud computing testbed

8 Based on 1,000 requests per run per protocol.

9

10 Based on 10,000 requests per protocol.

11 Expand on roll model. Performance testing of all parts of the protocol. Formal security evaluation of the protocol. Securing data on the cloud.

Download ppt "Initialization: 1.Cloud machine instances initializes and sent ServiceToken from Service Controller. Authentication: 2.Client sends AuthRequest to AuthenticationService."

Similar presentations

Presence, Security and Privacy. www.dynamicsoft.com VON 3.20. 01 The Current Environment Many Faces of Security Authentication Verify someone is who they.

Presence, Security and Privacy. VON The Current Environment Many Faces of Security Authentication Verify someone is who they.
Hypertext Transfer PROTOCOL ----HTTP Sen Wang CSE5232 Network Programming.

Hypertext Transfer PROTOCOL ----HTTP Sen Wang CSE5232 Network Programming.
Mutual OATH HOTP Variants 65th IETF - Dallas, TX March 2006.

Mutual OATH HOTP Variants 65th IETF - Dallas, TX March 2006.
1 Lecture 17: SSL/TLS history, architecture basic handshake session initiation/resumption key computation negotiating cipher suites application: SET.

1 Lecture 17: SSL/TLS history, architecture basic handshake session initiation/resumption key computation negotiating cipher suites application: SET.
Presented by Fengmei Zou Date: Feb. 10, 2000 The Secure Sockets Layer (SSL) Protocol.

Presented by Fengmei Zou Date: Feb. 10, 2000 The Secure Sockets Layer (SSL) Protocol.
Secure Socket Layer.

Secure Socket Layer.
SSL CS772 Fall 2011. Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.

SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.
J. Wang. Computer Network Security Theory and Practice. Springer 2009 Chapter 5 Network Security Protocols in Practice Part II.

J. Wang. Computer Network Security Theory and Practice. Springer 2009 Chapter 5 Network Security Protocols in Practice Part II.
An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.

An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.
BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.

BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.
CMPE208 Presentation Terminal Access Controller Access Control System Plus (TACACS+) By MARVEL (Libing, Bhavana, Ramya, Maggie, Nitin)

CMPE208 Presentation Terminal Access Controller Access Control System Plus (TACACS+) By MARVEL (Libing, Bhavana, Ramya, Maggie, Nitin)
Encryption and Firewalls Chapter 7. Learning Objectives Understand the role encryption plays in firewall architecture Know how digital certificates work.

Encryption and Firewalls Chapter 7. Learning Objectives Understand the role encryption plays in firewall architecture Know how digital certificates work.
Kerberos Jean-Anne Fitzpatrick Jennifer English. What is Kerberos? Network authentication protocol Developed at MIT in the mid 1980s Available as open.

Kerberos Jean-Anne Fitzpatrick Jennifer English. What is Kerberos? Network authentication protocol Developed at MIT in the mid 1980s Available as open.
Real-Time Authentication Using Digital Signature Schema Marissa Hollingsworth BOISECRYPT ‘09.

Real-Time Authentication Using Digital Signature Schema Marissa Hollingsworth BOISECRYPT ‘09.
A CHAT CLIENT-SERVER MODULE IN JAVA BY MAHTAB M HUSSAIN MAYANK MOHAN ISE 582 FALL 2003 PROJECT.

A CHAT CLIENT-SERVER MODULE IN JAVA BY MAHTAB M HUSSAIN MAYANK MOHAN ISE 582 FALL 2003 PROJECT.
SSH : The Secure Shell By Rachana Maheswari CS265 Spring 2003.

SSH : The Secure Shell By Rachana Maheswari CS265 Spring 2003.
Remote Networking Architectures

Remote Networking Architectures
Chapter 17 TACACS+.

Chapter 17 TACACS+.
Secure Sockets Layer 1 / 99  SSL is perhaps the widest used security protocol on the Internet today.  Together with DC enables secure communication.

Secure Sockets Layer 1 / 99  SSL is perhaps the widest used security protocol on the Internet today.  Together with DC enables secure communication.
SSH Secure Login Connections over the Internet

SSH Secure Login Connections over the Internet

Similar presentations

Ads by Google