Lai, David and Zhang, Zhongwei and Shen, Chong (2006) Achieving secure service sharing over IP networks. In: ASEE Mid-Atlantic Section Spring 2006 Conference (ASEE 2006), 28-29 April 2006, New York, USA.
PDF (Accepted Version)
[Abstract]: No matter how many and how comprehensive the services a network can provide, in order to satisfy the diverse requirement of services, networks should share services among themselves. For secure service sharing on IP networks, the authenticity of users and the scalability of participating networks are always two major issues among others. Service Network Graph (SNG) was proposed to address the problems of cross network authentication and scalability, which usually occur in a dynamic aggregations of heterogeneous networks.
Our SNG approach is based on Authentication Propagation and Service Paths. Authentication Propagation is a process of relaying authentication results from the authenticating network to the service providing network. Within an SNG, networks delegate authentication duties to some other networks which gather all authentication and service information and return the authentication result to the user. A Service Path is designed to hold all the authentication delegation information from the user's home network to the service providing network. An example of Service Path in a network, N_x, looks like:<F:/N_x/N_y/N_z/S_z/Service_z>:<4> where the second field, /N_x/N_y/N_z/S_z/Service_z, stands for the NetworkPath of a service, Service_z, which is provided by a server S_z, in a network N_z. We can work out the routes for the authentication and service information from the NetworkPath as
(1) from N_x to N_y if it does not end at N_x;
(2) from N_y to N_z if it does not originate from N_z;
(3) from N_z to N_y if it does not end at N_x; and
(4) from N_y to N_x if it does not originate from N_x.
These routes can be represented in the 4-tuples form:
To differentiate route (2) and route (4), <Net_ori> is used. Route (1) can be expressed as (Net_x, Net_x, Net_y, Net_z) using the 4-tuple notation. Obviously, it is not efficient to extract the routes from incoming Service Paths each and every time. Besides, the NetworkPath field may contain a substantial number of networks. Hence reusing the routes could improve the efficiency. The 4-tuple notation facilitates the reuse of routing information.
In this paper, we devise a 4-tuple (ATR tuple) representation of authentication and service information routes. The ATR tuple representation is shown to be an alternative representation of SNG other than the graphical representation. We also explore how the ATR tuple representation can be applied to facilitate the authentication propagation process. A set of experiments on network simulator, OMNeT++, have been carried out to illustrate the application of SNG with ATR tuples to IP networks. The preliminary simulation results show that the ATR tuple representation greatly simplifies the implementation of the SNG authentication routing algorithm, and secure service sharing can be achieved as well.
Statistics for this ePrint Item
|Item Type:||Conference or Workshop Item (Commonwealth Reporting Category E) (Paper)|
|Publisher:||American Society for Engineering Education (ASEE)|
|Item Status:||Live Archive|
|Additional Information (displayed to public):||No evidence of copyright restrictions.|
|Depositing User:||Mr David Lai|
|Faculty / Department / School:||Historic - Faculty of Sciences - Department of Maths and Computing|
|Date Deposited:||30 Sep 2009 04:19|
|Last Modified:||02 Jul 2013 23:23|
|Uncontrolled Keywords:||Service Network Graph, SNG, service sharing, authentication delegation, authentication propagation, service path, routing tuple|
|Fields of Research (FoR):||08 Information and Computing Sciences > 0805 Distributed Computing > 080503 Networking and Communications|
|Socio-Economic Objective (SEO):||B Economic Development > 89 Information and Communication Services > 8901 Communication Networks and Services > 890199 Communication Networks and Services not elsewhere classified|
Actions (login required)
|Archive Repository Staff Only|