TCP-AuthN: TCP inline authentication to enhance network security in Grid environments

Publikation: Beitrag in Buch/Bericht/Sammelwerk/KonferenzbandAufsatz in KonferenzbandForschungPeer-Review

Autoren

  • Jan Wiebelitz
  • Christopher Kunz
  • Stefan Piger
  • Christian Grimm

Organisationseinheiten

Forschungs-netzwerk anzeigen

Details

OriginalspracheEnglisch
Titel des Sammelwerks8th International Symposium on Parallel and Distributed Computing, ISPDC 2009
Seiten237-240
Seitenumfang4
PublikationsstatusVeröffentlicht - 2009
Veranstaltung8th International Symposium on Parallel and Distributed Computing, ISPDC 2009 - Lisbon, Portugal
Dauer: 30 Juni 20094 Juli 2009

Publikationsreihe

Name8th International Symposium on Parallel and Distributed Computing, ISPDC 2009

Abstract

To secure communication in Grids many efforts have been made regarding authentication and authorization. Due to some application requirements it is up to now recommended to open wide port ranges on firewalls. This configuration is commonly accepted as insecure. We present an approach to enhance the security of firewalled Grid components by a new method to dynamically authorize TCP connections on firewalls. The authorization decision relies on the authenticated identity of users or conveyed attribute assertions. Authentication information is transferred within the TCP three-way-handshake. To distinguish the authentication information from application data a new TCP option tcpauthn is introduced. The new method TCP-AuthN leads to a new paradigm in firewall operation as the firewall comes to the final decision to allow or reject/deny a connection after the third segment of the TCP three-way-handshake is verified. The firewall denies/rejects each connection on an individual basis depending on the user's proven identity.

ASJC Scopus Sachgebiete

Zitieren

TCP-AuthN: TCP inline authentication to enhance network security in Grid environments. / Wiebelitz, Jan; Kunz, Christopher; Piger, Stefan et al.
8th International Symposium on Parallel and Distributed Computing, ISPDC 2009. 2009. S. 237-240 5284349 (8th International Symposium on Parallel and Distributed Computing, ISPDC 2009).

Publikation: Beitrag in Buch/Bericht/Sammelwerk/KonferenzbandAufsatz in KonferenzbandForschungPeer-Review

Wiebelitz, J, Kunz, C, Piger, S & Grimm, C 2009, TCP-AuthN: TCP inline authentication to enhance network security in Grid environments. in 8th International Symposium on Parallel and Distributed Computing, ISPDC 2009., 5284349, 8th International Symposium on Parallel and Distributed Computing, ISPDC 2009, S. 237-240, 8th International Symposium on Parallel and Distributed Computing, ISPDC 2009, Lisbon, Portugal, 30 Juni 2009. https://doi.org/10.1109/ISPDC.2009.29
Wiebelitz, J., Kunz, C., Piger, S., & Grimm, C. (2009). TCP-AuthN: TCP inline authentication to enhance network security in Grid environments. In 8th International Symposium on Parallel and Distributed Computing, ISPDC 2009 (S. 237-240). Artikel 5284349 (8th International Symposium on Parallel and Distributed Computing, ISPDC 2009). https://doi.org/10.1109/ISPDC.2009.29
Wiebelitz J, Kunz C, Piger S, Grimm C. TCP-AuthN: TCP inline authentication to enhance network security in Grid environments. in 8th International Symposium on Parallel and Distributed Computing, ISPDC 2009. 2009. S. 237-240. 5284349. (8th International Symposium on Parallel and Distributed Computing, ISPDC 2009). doi: 10.1109/ISPDC.2009.29
Wiebelitz, Jan ; Kunz, Christopher ; Piger, Stefan et al. / TCP-AuthN : TCP inline authentication to enhance network security in Grid environments. 8th International Symposium on Parallel and Distributed Computing, ISPDC 2009. 2009. S. 237-240 (8th International Symposium on Parallel and Distributed Computing, ISPDC 2009).
Download
@inproceedings{a1c8cb43150d4ca8917d49c8d39259a6,
title = "TCP-AuthN: TCP inline authentication to enhance network security in Grid environments",
abstract = "To secure communication in Grids many efforts have been made regarding authentication and authorization. Due to some application requirements it is up to now recommended to open wide port ranges on firewalls. This configuration is commonly accepted as insecure. We present an approach to enhance the security of firewalled Grid components by a new method to dynamically authorize TCP connections on firewalls. The authorization decision relies on the authenticated identity of users or conveyed attribute assertions. Authentication information is transferred within the TCP three-way-handshake. To distinguish the authentication information from application data a new TCP option tcpauthn is introduced. The new method TCP-AuthN leads to a new paradigm in firewall operation as the firewall comes to the final decision to allow or reject/deny a connection after the third segment of the TCP three-way-handshake is verified. The firewall denies/rejects each connection on an individual basis depending on the user's proven identity.",
author = "Jan Wiebelitz and Christopher Kunz and Stefan Piger and Christian Grimm",
year = "2009",
doi = "10.1109/ISPDC.2009.29",
language = "English",
isbn = "9780769536804",
series = "8th International Symposium on Parallel and Distributed Computing, ISPDC 2009",
pages = "237--240",
booktitle = "8th International Symposium on Parallel and Distributed Computing, ISPDC 2009",
note = "8th International Symposium on Parallel and Distributed Computing, ISPDC 2009 ; Conference date: 30-06-2009 Through 04-07-2009",

}

Download

TY - GEN

T1 - TCP-AuthN

T2 - 8th International Symposium on Parallel and Distributed Computing, ISPDC 2009

AU - Wiebelitz, Jan

AU - Kunz, Christopher

AU - Piger, Stefan

AU - Grimm, Christian

PY - 2009

Y1 - 2009

N2 - To secure communication in Grids many efforts have been made regarding authentication and authorization. Due to some application requirements it is up to now recommended to open wide port ranges on firewalls. This configuration is commonly accepted as insecure. We present an approach to enhance the security of firewalled Grid components by a new method to dynamically authorize TCP connections on firewalls. The authorization decision relies on the authenticated identity of users or conveyed attribute assertions. Authentication information is transferred within the TCP three-way-handshake. To distinguish the authentication information from application data a new TCP option tcpauthn is introduced. The new method TCP-AuthN leads to a new paradigm in firewall operation as the firewall comes to the final decision to allow or reject/deny a connection after the third segment of the TCP three-way-handshake is verified. The firewall denies/rejects each connection on an individual basis depending on the user's proven identity.

AB - To secure communication in Grids many efforts have been made regarding authentication and authorization. Due to some application requirements it is up to now recommended to open wide port ranges on firewalls. This configuration is commonly accepted as insecure. We present an approach to enhance the security of firewalled Grid components by a new method to dynamically authorize TCP connections on firewalls. The authorization decision relies on the authenticated identity of users or conveyed attribute assertions. Authentication information is transferred within the TCP three-way-handshake. To distinguish the authentication information from application data a new TCP option tcpauthn is introduced. The new method TCP-AuthN leads to a new paradigm in firewall operation as the firewall comes to the final decision to allow or reject/deny a connection after the third segment of the TCP three-way-handshake is verified. The firewall denies/rejects each connection on an individual basis depending on the user's proven identity.

UR - http://www.scopus.com/inward/record.url?scp=74349124254&partnerID=8YFLogxK

U2 - 10.1109/ISPDC.2009.29

DO - 10.1109/ISPDC.2009.29

M3 - Conference contribution

AN - SCOPUS:74349124254

SN - 9780769536804

T3 - 8th International Symposium on Parallel and Distributed Computing, ISPDC 2009

SP - 237

EP - 240

BT - 8th International Symposium on Parallel and Distributed Computing, ISPDC 2009

Y2 - 30 June 2009 through 4 July 2009

ER -