decap distributed extensible cloud authentication protocol
play

DECAP-Distributed Extensible Cloud Authentication Protocol Andrea - PowerPoint PPT Presentation

Aug 15, 2023 •178 likes •402 views

Security requirements The proposed protocol Security analysis DECAP-Distributed Extensible Cloud Authentication Protocol Andrea Huszti and Norbert Ol ah University of Debrecen Nijmegen, Netherlands Andrea Huszti and Norbert Ol ah

  1. Security requirements The proposed protocol Security analysis DECAP-Distributed Extensible Cloud Authentication Protocol Andrea Huszti and Norbert Ol´ ah University of Debrecen Nijmegen, Netherlands Andrea Huszti and Norbert Ol´ ah University of Debrecen Nijmegen, Netherlands DECAP-Distributed Extensible Cloud Authentication Protocol

  2. Security requirements The proposed protocol Security analysis Contents 1 Security requirements The proposed protocol 2 3 Security analysis Andrea Huszti and Norbert Ol´ ah University of Debrecen Nijmegen, Netherlands DECAP-Distributed Extensible Cloud Authentication Protocol

  3. Security requirements The proposed protocol Security analysis Entity authentication methods Scientific literature: One-factor authentication solutions: 2000 M.S. Hwang, L.H. Li: smart card based, ElGamal encryption, impersonation attack 2002 Chien, Jan and Tsien: password based, several attacks Two-factor authentication solutions: 2011 Amlan Jyoti Choudhury, Pardeep Kumar and Mangal Sain: two-factor authentication, smart card+password, Out of Band channel (OOB), impersonation attack 2014 Nan Chen and Rui Jiang: correcting the impersonation attack, no OOB Andrea Huszti and Norbert Ol´ ah University of Debrecen Nijmegen, Netherlands DECAP-Distributed Extensible Cloud Authentication Protocol

  4. Security requirements The proposed protocol Security analysis Entity authentication methods In practice: OpenStack is one of the most popular cloud computing software. User+password Lightweight Directory Access Protocol (LDAP) Kerberos Andrea Huszti and Norbert Ol´ ah University of Debrecen Nijmegen, Netherlands DECAP-Distributed Extensible Cloud Authentication Protocol

  5. Security requirements The proposed protocol Security analysis Centralized structure of authentication One server authentication vulnerability: One target Lower attack cost Centralized responsibility Equipment is cheaper. Andrea Huszti and Norbert Ol´ ah University of Debrecen Nijmegen, Netherlands DECAP-Distributed Extensible Cloud Authentication Protocol

  6. Security requirements The proposed protocol Security analysis Distributed authentication Need to attack multiple servers simultaneously Increasing the attack cost Shared responsibility Equipment is more expensive Andrea Huszti and Norbert Ol´ ah University of Debrecen Nijmegen, Netherlands DECAP-Distributed Extensible Cloud Authentication Protocol

  7. Security requirements The proposed protocol Security analysis Security requirements of cloud computing Entity authentication Lack of strong authentication can lead to unauthorized access to users account on a cloud. Data integrity Data can be modified only by authorized parties. Secrecy, privacy Increased number of parties, devices and applications are involved, confidentiality of data should be protected against illegal access. Access control The data owner needs to make a flexible and scalable access control policy, so that only the authorized users can access. Andrea Huszti and Norbert Ol´ ah University of Debrecen Nijmegen, Netherlands DECAP-Distributed Extensible Cloud Authentication Protocol

  8. Security requirements The proposed protocol Security analysis Design’s goals Distributed Extensible Cloud Authentication Protocol Expand the participants of the server park Expansion algorithm for the Merkle tree Scalability Shared responsibility Two-factor authentication static password + one-time-password MAC key exchange providing data origin integrity Improving efficiency Andrea Huszti and Norbert Ol´ ah University of Debrecen Nijmegen, Netherlands DECAP-Distributed Extensible Cloud Authentication Protocol

  9. Security requirements The proposed protocol Security analysis Merkle-tree Andrea Huszti and Norbert Ol´ ah University of Debrecen Nijmegen, Netherlands DECAP-Distributed Extensible Cloud Authentication Protocol

  10. Security requirements The proposed protocol Security analysis Andrea Huszti and Norbert Ol´ ah University of Debrecen Nijmegen, Netherlands DECAP-Distributed Extensible Cloud Authentication Protocol

  11. Security requirements The proposed protocol Security analysis Andrea Huszti and Norbert Ol´ ah University of Debrecen Nijmegen, Netherlands DECAP-Distributed Extensible Cloud Authentication Protocol

  12. Security requirements The proposed protocol Security analysis Andrea Huszti and Norbert Ol´ ah University of Debrecen Nijmegen, Netherlands DECAP-Distributed Extensible Cloud Authentication Protocol

  13. Security requirements The proposed protocol Security analysis Security analysis Requirements: Authentication of the User Authentication of the Cloud server Secrecy of the key Key freshness Both parties should be assured that the other party knows the new key. Model: Dolev-Yao adversary model: read, modify, delete, and inject messages (record communications, store values, synthesize messages etc.) Andrea Huszti and Norbert Ol´ ah University of Debrecen Nijmegen, Netherlands DECAP-Distributed Extensible Cloud Authentication Protocol

  14. Security requirements The proposed protocol Security analysis Security analysis In case of an outsider adversary: Applied pi-calculus Proverif 1.93: Automatic verifier for cryptographic protocols. Cryptographic protocols are concurrent programs which interact using public channels. An arbitrary number of protocol executions Andrea Huszti and Norbert Ol´ ah University of Debrecen Nijmegen, Netherlands DECAP-Distributed Extensible Cloud Authentication Protocol

  15. Security requirements The proposed protocol Security analysis Main processes - The main process controls activites between the User and the Server subprocesses - We execute the User and the Server Processes in parallel infinitely many times process new y1: exponent; new y2: exponent; new y3: exponent; new y4: exponent; new id: bitstring; new idS: bitstring; new x: passx; let S1 =exp(g, y1) in let S2 =exp(g, y2) in let S3 =exp(g, y3) in let S4 =exp(g, y4) in out(c,(S1,S2,S3,S4)); (*Public keys*) new sskU:sskey; new eskS:skey; let spkU=spk(sskU) in out(c,spkU); let epkS=pk(eskS) in out(c,epkS); ((!User(id,idS,S1,S2,S3,S4,sskU,spkU,epkS, x)) | (!Server(id,idS,y1,y2,y3,y4,eskS,epkS,spkU))) Andrea Huszti and Norbert Ol´ ah University of Debrecen Nijmegen, Netherlands DECAP-Distributed Extensible Cloud Authentication Protocol

  16. Security requirements The proposed protocol Security analysis User process Andrea Huszti and Norbert Ol´ ah University of Debrecen Nijmegen, Netherlands DECAP-Distributed Extensible Cloud Authentication Protocol

  17. Security requirements The proposed protocol Security analysis ProVerif events Andrea Huszti and Norbert Ol´ ah University of Debrecen Nijmegen, Netherlands DECAP-Distributed Extensible Cloud Authentication Protocol

  18. Security requirements The proposed protocol Security analysis Security analysis Secrecy of the key and the password query attacker:SK. query attacker:pw. Authentication of the User and the Cloud server query sk:bitstring; inj-event(Server auth end(sk)) == > inj-event(Server auth start(sk)). query sk:bitstring; inj-event(User auth end(sk)) == > inj-event(User auth start(sk)). query sk:bitstring; inj-event(Server auth2 end(sk)) == > inj-event(Server auth2 start(sk)). query sk:bitstring; inj-event(User auth2 end(sk)) == > inj-event(User auth2 start(sk)). Andrea Huszti and Norbert Ol´ ah University of Debrecen Nijmegen, Netherlands DECAP-Distributed Extensible Cloud Authentication Protocol

  19. Security requirements The proposed protocol Security analysis Key freshness – Yr changes after authentication - secret – T v 1 changes - secret – v random Both parties should be assured that the other party knows the new key. If the following conditions occur, both parties know the new key: let E2=H2((USK)) in if E2=M2 then let M3=mac(USK,serverm) let Checkmac=mac(SK,serverm) in if M3=Checkmac then event second(SK) . Andrea Huszti and Norbert Ol´ ah University of Debrecen Nijmegen, Netherlands DECAP-Distributed Extensible Cloud Authentication Protocol

  20. Security requirements The proposed protocol Security analysis Efficiency analysis Encryption/ Hash Exp Mult Inv Interactions Decryption Choudhury et al (2011) User 10 1 1 Server 8 1 Sum 18 1 1 1 4 Nan and Rui (2014) User 4+1 1 Server 4+1 1 Sum 8+2 2 3 Our User 3+1 Server 3+1 Sum 6+2 3 Andrea Huszti and Norbert Ol´ ah University of Debrecen Nijmegen, Netherlands DECAP-Distributed Extensible Cloud Authentication Protocol

  21. Security requirements The proposed protocol Security analysis This work was supported by the construction EFOP-3.6.3-VEKOP-16. The project has been supported by the European Union, co-financed by the European Social Fund. Andrea Huszti and Norbert Ol´ ah University of Debrecen Nijmegen, Netherlands DECAP-Distributed Extensible Cloud Authentication Protocol

  22. Security requirements The proposed protocol Security analysis Thank you for your attention! Andrea Huszti and Norbert Ol´ ah University of Debrecen Nijmegen, Netherlands DECAP-Distributed Extensible Cloud Authentication Protocol

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Mechanized Proofs for a Recursive Authentication Protocol Lawrence C. Paulson Computer

Mechanized Proofs for a Recursive Authentication Protocol Lawrence C. Paulson Computer

Recursive Authentication Protocol 1 L. C. Paulson Mechanized Proofs for a Recursive Authentication Protocol Lawrence C. Paulson Computer Laboratory University of Cambridge Recursive Authentication Protocol 2 L. C. Paulson Overview of the

363 views • 20 slides
Symcon Cloud Connect Cloud Connect Authentication Connect Client Goals Main goal: Building a

Symcon Cloud Connect Cloud Connect Authentication Connect Client Goals Main goal: Building a

Symcon Cloud Connect Cloud Connect Authentication Connect Client Goals Main goal: Building a reverse proxy tunneling service with an embedded SSH server and MySQL authentication Stretch goals: Beautifully rendered statistics dashboard

273 views • 4 slides
Coordinating distributed systems part II Marko Vukoli Distributed Systems and Cloud Computing

Coordinating distributed systems part II Marko Vukoli Distributed Systems and Cloud Computing

Coordinating distributed systems part II Marko Vukoli Distributed Systems and Cloud Computing Last Time Coordinating distributed systems part I Zookeeper At the heart of Zookeeper is the ZAB atomic broadcast protocol Today

682 views • 29 slides
Chapter 16: Authentication in Distributed System Ajay Kshemkalyani and Mukesh Singhal Distributed

Chapter 16: Authentication in Distributed System Ajay Kshemkalyani and Mukesh Singhal Distributed

Chapter 16: Authentication in Distributed System Ajay Kshemkalyani and Mukesh Singhal Distributed Computing: Principles, Algorithms, and Systems Cambridge University Press A. Kshemkalyani and M. Singhal (Distributed Computing) Authentication in

1.15k views • 54 slides
Extensible Declarative Management of Cloud Resources across Providers Oleksii Serhiienko,

Extensible Declarative Management of Cloud Resources across Providers Oleksii Serhiienko,

Extensible Declarative Management of Cloud Resources across Providers Oleksii Serhiienko, Panagiotis Gkikopoulos and Josef Spillner Service Prototyping Lab (blog.zhaw.ch/splab/) Zurich University of Applied Sciences Winterthur, Switzerland

452 views • 18 slides
Lapin (an efficient authentication protocol based on Ring-LPN) Stefan Heyse, Eike Kiltz, Vadim

Lapin (an efficient authentication protocol based on Ring-LPN) Stefan Heyse, Eike Kiltz, Vadim

Lapin (an efficient authentication protocol based on Ring-LPN) Stefan Heyse, Eike Kiltz, Vadim Lyubashevsky, Christof Paar, Krzysztof Pietrzak Authentication Protocols Prover Verifier HB-style authentication shared AES key K protocols

563 views • 22 slides
Kerberos for Distributed Systems Security Cunsheng Ding HKUST, Hong Kong, CHINA C. Ding - L17

Kerberos for Distributed Systems Security Cunsheng Ding HKUST, Hong Kong, CHINA C. Ding - L17

Kerberos for Distributed Systems Security Cunsheng Ding HKUST, Hong Kong, CHINA C. Ding - L17 1 Agenda Distributed system security Introduction to Kerberos Kerberos Version 4 Authentication Protocol Authentication with Kerberos

494 views • 28 slides
Distributed Systems Authentication Protocols Paul Krzyzanowski pxk@cs.rutgers.edu Except as

Distributed Systems Authentication Protocols Paul Krzyzanowski pxk@cs.rutgers.edu Except as

Authentication Establish and verify identity allow access to resources Distributed Systems Authentication Protocols Paul Krzyzanowski pxk@cs.rutgers.edu Except as otherwise noted, the content of this presentation is licensed under the

228 views • 10 slides
stateless analysis of a cryptographic protocol emina torlak february 22, 2005 authentication

stateless analysis of a cryptographic protocol emina torlak february 22, 2005 authentication

stateless analysis of a cryptographic protocol emina torlak february 22, 2005 authentication to be nobody-but-yourselfin a world which is doing its best to make you everybody else - e e cummings authentication: verifying the

490 views • 15 slides
Distributed Systems Authentication Protocols Paul Krzyzanowski pxk@cs.rutgers.edu Except as

Distributed Systems Authentication Protocols Paul Krzyzanowski pxk@cs.rutgers.edu Except as

Distributed Systems Authentication Protocols Paul Krzyzanowski pxk@cs.rutgers.edu Except as otherwise noted, the content of this presentation is licensed under the Creative Commons Attribution 2.5 License. Page 1 Page 1 Authentication

799 views • 59 slides
Cryptanalysis of a Novel Authentication Protocol Conforming to EPC-C1G2 Standard Pedro

Cryptanalysis of a Novel Authentication Protocol Conforming to EPC-C1G2 Standard Pedro

Cryptanalysis of a Novel Authentication Protocol Conforming to EPC-C1G2 Standard Pedro Peris-Lopez, Julio Cesar Hernandez-Castro, Juan M. Estevez-Tapiador, and Arturo Ribagorda Computer Science Department, Carlos III University of Madrid {

451 views • 12 slides
Migration towards a more secure authentication in the Session Initiation Protocol Lars Strand

Migration towards a more secure authentication in the Session Initiation Protocol Lars Strand

Migration towards a more secure authentication in the Session Initiation Protocol Lars Strand Wolfgang Leister Alan Duric The Fifth International Conference on Emerging Security Information, Systems and Technologies (SECURWARE 2011) 21-27

805 views • 21 slides
Overview of HTTP Mutual Overview of HTTP Mutual authentication protocol authentication protocol

Overview of HTTP Mutual Overview of HTTP Mutual authentication protocol authentication protocol

Overview of HTTP Mutual Overview of HTTP Mutual authentication protocol authentication protocol proposal proposal Yutaka OIWA Yutaka OIWA RCIS, AIST RCIS, AIST July 26, 2010 July 26, 2010 Motivation Motivation Current HTTP

445 views • 11 slides
Scalable Distributed Lineage Authentication Ashish Gehani Scalable Distributed Lineage

Scalable Distributed Lineage Authentication Ashish Gehani Scalable Distributed Lineage

Scalable Distributed Lineage Authentication Ashish Gehani Scalable Distributed Lineage Authentication p. 1/59 What is data lineage ? Output Operation Input 1 Input n (a) Primitive operation (b) Compound operation tree Scalable

843 views • 59 slides
Lightweight Authentication of Freshness in Outsourced Key-Value Stores (ACSAC14) Yuzhe Tang,

Lightweight Authentication of Freshness in Outsourced Key-Value Stores (ACSAC14) Yuzhe Tang,

Lightweight Authentication of Freshness in Outsourced Key-Value Stores (ACSAC14) Yuzhe Tang, Ting Wang, Ling Liu, Xin Hu, Jiyong Jang Cloud Computing Cloud computing has arrived: Almost all human activities can be supported by cloud

486 views • 31 slides
Distributed Systems CS6421 Cloud Computing: Servers and Virtualization Prof. Tim Wood

Distributed Systems CS6421 Cloud Computing: Servers and Virtualization Prof. Tim Wood

Distributed Systems CS6421 Cloud Computing: Servers and Virtualization Prof. Tim Wood Amazons Cloud Amazon built its cloud platform so that other people could pay for its infrastructure during the rest of the year Now its cloud users

1.28k views • 79 slides
Installation Installation Procedures Procedures for Clusters for Clusters PART 4 Hands-on

Installation Installation Procedures Procedures for Clusters for Clusters PART 4 Hands-on

Moreno Baricevic CNR-INFM DEMOCRITOS Trieste, ITALY Installation Installation Procedures Procedures for Clusters for Clusters PART 4 Hands-on Laboratory Agenda Agenda Cluster Services Overview on Installation Procedures

332 views • 8 slides
Java Remote Method Java Remote Method Invocation (RMI) Invocation (RMI) Viraj Bhat ( Viraj Bhat

Java Remote Method Java Remote Method Invocation (RMI) Invocation (RMI) Viraj Bhat ( Viraj Bhat

Java Remote Method Java Remote Method Invocation (RMI) Invocation (RMI) Viraj Bhat ( Viraj Bhat (virajb@caip.rutgers.edu virajb@caip.rutgers.edu) ) Cristina Schmidt (cristins@caip.rutgerts.edu) Cristina Schmidt (cristins@caip.rutgerts.edu)

1.04k views • 65 slides
LDAP (Lightweight Directory Access Protocol) wangth Computer Center, CS, NCTU What is Directory

LDAP (Lightweight Directory Access Protocol) wangth Computer Center, CS, NCTU What is Directory

LDAP (Lightweight Directory Access Protocol) wangth Computer Center, CS, NCTU What is Directory Service? What is Directory Service ( ) Highly optimized for reads Implements a distributed model for storing information

554 views • 39 slides
Lawyerly Transitions Keith Swisher Swisher P.C. Keith Swisher Keith Swisher is Professor of

Lawyerly Transitions Keith Swisher Swisher P.C. Keith Swisher Keith Swisher is Professor of

Lawyerly Transitions Keith Swisher Swisher P.C. Keith Swisher Keith Swisher is Professor of Legal Ethics and Director of the Bachelor of Law and Master of Legal Studies Programs at the University of Arizona James E. Rogers College of Law.*

767 views • 22 slides
RHCSA - EX200 RHCSA DAY - 02 RHCSA Trainer Ali Aydemir CISCO, CCIE #47287 SP/RS, CCSI#35413

RHCSA - EX200 RHCSA DAY - 02 RHCSA Trainer Ali Aydemir CISCO, CCIE #47287 SP/RS, CCSI#35413

RHCSA RHCSA - EX200 RHCSA DAY - 02 RHCSA Trainer Ali Aydemir CISCO, CCIE #47287 SP/RS, CCSI#35413 AVAYA, ACE-Fx #169 HUAWEI, HCDP RHCSA DAY - 02 RHCSA RHCSA Timetable Day AM Lunch PM -Essential File Management -Installing RHEL

2.07k views • 191 slides
IPSec: IKE General IKE creates SA, refreshes them and deletes them. IKE has the

IPSec: IKE General IKE creates SA, refreshes them and deletes them. IKE has the

IPSec: IKE General IKE creates SA, refreshes them and deletes them. IKE has the following exchanges: Phase one (creation of IKE SA): There are two modes for phase one: main mode or aggressive mode Phase two (creation of

308 views • 15 slides
IBM Conference: Software Engineering for SOA (Service Oriented Architecture) - Service Enabling

IBM Conference: Software Engineering for SOA (Service Oriented Architecture) - Service Enabling

Clinical Administration & Planning Systems IBM Conference: Software Engineering for SOA (Service Oriented Architecture) - Service Enabling of a Legacy Environment Jrme Schieb CH Head of Clinical, Administration & Planning

671 views • 17 slides
Creating Organizational Units, Accounts, and Groups Tom Brett Active Directory Users and Computers

Creating Organizational Units, Accounts, and Groups Tom Brett Active Directory Users and Computers

21/05/2013 Creating Organizational Units, Accounts, and Groups Tom Brett Active Directory Users and Computers (ADUC) Active Directory Users and Computers (ADUC) After installing AD DS, the next task is to create your Organizational Units,

535 views • 41 slides

More recommend