Achieving secure service sharing over IP networks

Lai, David and Zhang, Zhongwei and Shen, Chong (2006) Achieving secure service sharing over IP networks. In: ASEE Mid-Atlantic Section Spring 2006 Conference (ASEE 2006), 28-29 April 2006, New York, USA.

PDF (Accepted Version)

Download (488Kb)


[Abstract]: No matter how many and how comprehensive the services a network can provide, in order to satisfy the diverse requirement of services, networks should share services among themselves. For secure service sharing on IP networks, the authenticity of users and the scalability of participating networks are always two major issues among others. Service Network Graph (SNG) was proposed to address the problems of cross network authentication and scalability, which usually occur in a dynamic aggregations of heterogeneous networks. Our SNG approach is based on Authentication Propagation and Service Paths. Authentication Propagation is a process of relaying authentication results from the authenticating network to the service providing network. Within an SNG, networks delegate authentication duties to some other networks which gather all authentication and service information and return the authentication result to the user. A Service Path is designed to hold all the authentication delegation information from the user's home network to the service providing network. An example of Service Path in a network, N_x, looks like:<F:/N_x/N_y/N_z/S_z/Service_z>:<4> where the second field, /N_x/N_y/N_z/S_z/Service_z, stands for the NetworkPath of a service, Service_z, which is provided by a server S_z, in a network N_z. We can work out the routes for the authentication and service information from the NetworkPath as (1) from N_x to N_y if it does not end at N_x; (2) from N_y to N_z if it does not originate from N_z; (3) from N_z to N_y if it does not end at N_x; and (4) from N_y to N_x if it does not originate from N_x. These routes can be represented in the 4-tuples form: (<Net_{ori}>,<Net_{from}>,<Net_{to}>,<Net_{dest}>) To differentiate route (2) and route (4), <Net_ori> is used. Route (1) can be expressed as (Net_x, Net_x, Net_y, Net_z) using the 4-tuple notation. Obviously, it is not efficient to extract the routes from incoming Service Paths each and every time. Besides, the NetworkPath field may contain a substantial number of networks. Hence reusing the routes could improve the efficiency. The 4-tuple notation facilitates the reuse of routing information. In this paper, we devise a 4-tuple (ATR tuple) representation of authentication and service information routes. The ATR tuple representation is shown to be an alternative representation of SNG other than the graphical representation. We also explore how the ATR tuple representation can be applied to facilitate the authentication propagation process. A set of experiments on network simulator, OMNeT++, have been carried out to illustrate the application of SNG with ATR tuples to IP networks. The preliminary simulation results show that the ATR tuple representation greatly simplifies the implementation of the SNG authentication routing algorithm, and secure service sharing can be achieved as well.

Statistics for USQ ePrint 5667
Statistics for this ePrint Item
Item Type: Conference or Workshop Item (Commonwealth Reporting Category E) (Paper)
Refereed: Yes
Item Status: Live Archive
Additional Information: No evidence of copyright restrictions.
Depositing User: Mr David Lai
Faculty / Department / School: Historic - Faculty of Sciences - Department of Maths and Computing
Date Deposited: 30 Sep 2009 04:19
Last Modified: 02 Jul 2013 23:23
Uncontrolled Keywords: Service Network Graph, SNG, service sharing, authentication delegation, authentication propagation, service path, routing tuple
Fields of Research (FOR2008): 08 Information and Computing Sciences > 0805 Distributed Computing > 080503 Networking and Communications
Socio-Economic Objective (SEO2008): B Economic Development > 89 Information and Communication Services > 8901 Communication Networks and Services > 890199 Communication Networks and Services not elsewhere classified

Actions (login required)

View Item Archive Repository Staff Only