Details
| Originalsprache | Englisch |
|---|---|
| Titel des Sammelwerks | e-science 2009 - Proceedings of the 2009 5th IEEE International Conference on e-Science Workshops |
| Seiten | 3-10 |
| Seitenumfang | 8 |
| Publikationsstatus | Veröffentlicht - 2009 |
| Veranstaltung | 2009 5th IEEE International Conference on e-Science Workshops, e-science 2009 - Oxford, Großbritannien / Vereinigtes Königreich Dauer: 9 Dez. 2009 → 11 Dez. 2009 |
Publikationsreihe
| Name | e-science 2009 - Proceedings of the 2009 5th IEEE International Conference on e-Science Workshops |
|---|
Abstract
As new concepts for eSciene like Grid computing and Cloud computing tend to leave the research phase and develop towards production quality, the security eventually moves into focus. Up to now research in the security area concentrates on authentication and authorization on the resources themselves, but to enhance network security more generally, access control must be pushed back to the entry point of the resource providers' network. In this paper TCP-AuthN is presented, an approach for dynamic firewall operation, which uses the TCP three-way handshake to transport users' authentication information for dynamic firewall operation. The authentication information enables firewalls to authorize each connection establishment individually, based on the user's proven identity. To prevent man-in-the-middle attacks and replay attacks, a challenge-response procedure must be accomplished before the connection is finally allowed. To distinguish the authentication information from application level data, a new TCP option tcpauthn was designed. The presented approach is intended to withdraw the initial authorization decision from the resources and therefore from the internal network and move this decision to fire-walls, which are employed to protect networks and services.
ASJC Scopus Sachgebiete
- Geisteswissenschaftliche Fächer (insg.)
- Allgemeine Kunst und Geisteswissenschaften
- Erdkunde und Planetologie (insg.)
- Allgemeine Erdkunde und Planetologie
- Ingenieurwesen (insg.)
- Biomedizintechnik
- Sozialwissenschaften (insg.)
- Ausbildung bzw. Denomination
Zitieren
- Standard
- Harvard
- Apa
- Vancouver
- BibTex
- RIS
e-science 2009 - Proceedings of the 2009 5th IEEE International Conference on e-Science Workshops. 2009. S. 3-10 5407985 (e-science 2009 - Proceedings of the 2009 5th IEEE International Conference on e-Science Workshops).
Publikation: Beitrag in Buch/Bericht/Sammelwerk/Konferenzband › Aufsatz in Konferenzband › Forschung › Peer-Review
}
TY - GEN
T1 - Transparent identity-based firewall transition for eScience
AU - Wiebelitz, Jan
AU - Piger, Stefan
AU - Kunz, Christopher
AU - Grimm, Christian
PY - 2009
Y1 - 2009
N2 - As new concepts for eSciene like Grid computing and Cloud computing tend to leave the research phase and develop towards production quality, the security eventually moves into focus. Up to now research in the security area concentrates on authentication and authorization on the resources themselves, but to enhance network security more generally, access control must be pushed back to the entry point of the resource providers' network. In this paper TCP-AuthN is presented, an approach for dynamic firewall operation, which uses the TCP three-way handshake to transport users' authentication information for dynamic firewall operation. The authentication information enables firewalls to authorize each connection establishment individually, based on the user's proven identity. To prevent man-in-the-middle attacks and replay attacks, a challenge-response procedure must be accomplished before the connection is finally allowed. To distinguish the authentication information from application level data, a new TCP option tcpauthn was designed. The presented approach is intended to withdraw the initial authorization decision from the resources and therefore from the internal network and move this decision to fire-walls, which are employed to protect networks and services.
AB - As new concepts for eSciene like Grid computing and Cloud computing tend to leave the research phase and develop towards production quality, the security eventually moves into focus. Up to now research in the security area concentrates on authentication and authorization on the resources themselves, but to enhance network security more generally, access control must be pushed back to the entry point of the resource providers' network. In this paper TCP-AuthN is presented, an approach for dynamic firewall operation, which uses the TCP three-way handshake to transport users' authentication information for dynamic firewall operation. The authentication information enables firewalls to authorize each connection establishment individually, based on the user's proven identity. To prevent man-in-the-middle attacks and replay attacks, a challenge-response procedure must be accomplished before the connection is finally allowed. To distinguish the authentication information from application level data, a new TCP option tcpauthn was designed. The presented approach is intended to withdraw the initial authorization decision from the resources and therefore from the internal network and move this decision to fire-walls, which are employed to protect networks and services.
UR - http://www.scopus.com/inward/record.url?scp=77950149637&partnerID=8YFLogxK
U2 - 10.1109/ESCIW.2009.5407985
DO - 10.1109/ESCIW.2009.5407985
M3 - Conference contribution
AN - SCOPUS:77950149637
SN - 9781424459452
T3 - e-science 2009 - Proceedings of the 2009 5th IEEE International Conference on e-Science Workshops
SP - 3
EP - 10
BT - e-science 2009 - Proceedings of the 2009 5th IEEE International Conference on e-Science Workshops
T2 - 2009 5th IEEE International Conference on e-Science Workshops, e-science 2009
Y2 - 9 December 2009 through 11 December 2009
ER -