Lai, David Tai Wai (2010) Supporting secure services on dynamic aggregation of heterogeneous networks. [Thesis (PhD/Research)]
Text (Introductory Pages)
Text (Whole Thesis)
Sharing of services over IP networks prove to be an effective approach to satisfy the demand of network users when their home network cannot offer the required services. Authentication, authorization and revocation are some of the important challenges in the service sharing services over IP networks. This research address the problem associated with the authentication because it becomes more and more complicated due to the incompatible authentication
schemes used by individual autonomous networks, privacy of authentication information, and the overhead in establishing the sharing. The case gets worse when a user
roams from network to network.
Many efforts have been made to address these issues in the past years. Kerberos is a solution for cross realm authentication. Unfortunately, Kerberos suffers from bottle neck and single point of failure. Ad hoc aggregation cannot make use of Kerberos. Eduroam enables sharing of wireless access to users roaming between participating institutions, but only services provided by the home network is available to a user. Mobile Host Routing can route data between mobile user. But the networks are linked together in an unscalable network by network basis.
Another authentication scheme which has gained some momentum is OpenID. However, in OpenID, authentication simply means proving the ownership of an account, and
there is no binding between the account and the actual user identity.
These problems and the limitations in the existing approaches inspired us to propose Service Network Graph, a service authentication infrastructure for service sharing among heterogeneous networks aggregated dynamically via self-authenticating encrypted channels. The key feature of SNG is delegation of authentication authority from one network to another. A user can use the services provided by the delegatee network as well as his home network after authenticating to the delegatee network.
When an autonomous network attaches to an SNG, not only does the network being attached delegate its authentication authority, but all authentication authorities delegated
to the network also re-delegated to the attaching network. Authentication Delegation and Re-delegation makes SNG scalable.
As authentication is always done by the home network, the identity of a user can be securely bound to his account. At the same time, there is no hierarchy structure for the
authentication process, autonomous networks can join an SNG in an ad hoc fashion. No authentication bottle neck is anticipated in SNG.
The information of the authentication delegation path is stored in a Service Path which can be optimized for performance. SNG can readily extend to include mobile users. We also proposed Dynamic Password (DPass) and its associated Key Exchange Scheme to be used as one of the candidate authentication schemes for SNG. DPass provide strong passwords which are relatively easy to remember.
SNG together with DPass provide an infrastructure for secure service sharing on dynamic aggregation of heterogenous networks. The features and feasibility of SNG and DPass have been demonstrated on a simulated model of autonomous networks and an aggregate of networks in a laboratory. Our study has, to a certain extend, overcome the
draw backs of the above mentioned approaches with efficiency and scalability.
Statistics for this ePrint Item
|Item Type:||Thesis (PhD/Research)|
|Item Status:||Live Archive|
|Additional Information:||Doctor of Philosophy (PhD) thesis.|
|Depositing User:||ePrints Administrator|
|Faculty / Department / School:||Historic - Faculty of Sciences - Department of Maths and Computing|
|Date Deposited:||29 Aug 2011 05:14|
|Last Modified:||13 Jul 2016 01:22|
|Uncontrolled Keywords:||service sharing; authentication; Service Network Graph; SNG; Dynamic Password|
|Fields of Research :||08 Information and Computing Sciences > 0805 Distributed Computing > 080503 Networking and Communications|
Actions (login required)
|Archive Repository Staff Only|