Loading [MathJax]/jax/output/HTML-CSS/config.js

Transparent identity-based firewall transition for eScience

Research output: Chapter in book/report/conference proceedingConference contributionResearchpeer review

Authors

  • Jan Wiebelitz
  • Stefan Piger
  • Christopher Kunz
  • Christian Grimm

Details

Original languageEnglish
Title of host publicatione-science 2009 - Proceedings of the 2009 5th IEEE International Conference on e-Science Workshops
Pages3-10
Number of pages8
Publication statusPublished - 2009
Event2009 5th IEEE International Conference on e-Science Workshops, e-science 2009 - Oxford, United Kingdom (UK)
Duration: 9 Dec 200911 Dec 2009

Publication series

Namee-science 2009 - Proceedings of the 2009 5th IEEE International Conference on e-Science Workshops

Abstract

As new concepts for eSciene like Grid computing and Cloud computing tend to leave the research phase and develop towards production quality, the security eventually moves into focus. Up to now research in the security area concentrates on authentication and authorization on the resources themselves, but to enhance network security more generally, access control must be pushed back to the entry point of the resource providers' network. In this paper TCP-AuthN is presented, an approach for dynamic firewall operation, which uses the TCP three-way handshake to transport users' authentication information for dynamic firewall operation. The authentication information enables firewalls to authorize each connection establishment individually, based on the user's proven identity. To prevent man-in-the-middle attacks and replay attacks, a challenge-response procedure must be accomplished before the connection is finally allowed. To distinguish the authentication information from application level data, a new TCP option tcpauthn was designed. The presented approach is intended to withdraw the initial authorization decision from the resources and therefore from the internal network and move this decision to fire-walls, which are employed to protect networks and services.

ASJC Scopus subject areas

Cite this

Transparent identity-based firewall transition for eScience. / Wiebelitz, Jan; Piger, Stefan; Kunz, Christopher et al.
e-science 2009 - Proceedings of the 2009 5th IEEE International Conference on e-Science Workshops. 2009. p. 3-10 5407985 (e-science 2009 - Proceedings of the 2009 5th IEEE International Conference on e-Science Workshops).

Research output: Chapter in book/report/conference proceedingConference contributionResearchpeer review

Wiebelitz, J, Piger, S, Kunz, C & Grimm, C 2009, Transparent identity-based firewall transition for eScience. in e-science 2009 - Proceedings of the 2009 5th IEEE International Conference on e-Science Workshops., 5407985, e-science 2009 - Proceedings of the 2009 5th IEEE International Conference on e-Science Workshops, pp. 3-10, 2009 5th IEEE International Conference on e-Science Workshops, e-science 2009, Oxford, United Kingdom (UK), 9 Dec 2009. https://doi.org/10.1109/ESCIW.2009.5407985
Wiebelitz, J., Piger, S., Kunz, C., & Grimm, C. (2009). Transparent identity-based firewall transition for eScience. In e-science 2009 - Proceedings of the 2009 5th IEEE International Conference on e-Science Workshops (pp. 3-10). Article 5407985 (e-science 2009 - Proceedings of the 2009 5th IEEE International Conference on e-Science Workshops). https://doi.org/10.1109/ESCIW.2009.5407985
Wiebelitz J, Piger S, Kunz C, Grimm C. Transparent identity-based firewall transition for eScience. In e-science 2009 - Proceedings of the 2009 5th IEEE International Conference on e-Science Workshops. 2009. p. 3-10. 5407985. (e-science 2009 - Proceedings of the 2009 5th IEEE International Conference on e-Science Workshops). doi: 10.1109/ESCIW.2009.5407985
Wiebelitz, Jan ; Piger, Stefan ; Kunz, Christopher et al. / Transparent identity-based firewall transition for eScience. e-science 2009 - Proceedings of the 2009 5th IEEE International Conference on e-Science Workshops. 2009. pp. 3-10 (e-science 2009 - Proceedings of the 2009 5th IEEE International Conference on e-Science Workshops).
Download
@inproceedings{2283077fb1f547a3a8350434d56c441a,
title = "Transparent identity-based firewall transition for eScience",
abstract = "As new concepts for eSciene like Grid computing and Cloud computing tend to leave the research phase and develop towards production quality, the security eventually moves into focus. Up to now research in the security area concentrates on authentication and authorization on the resources themselves, but to enhance network security more generally, access control must be pushed back to the entry point of the resource providers' network. In this paper TCP-AuthN is presented, an approach for dynamic firewall operation, which uses the TCP three-way handshake to transport users' authentication information for dynamic firewall operation. The authentication information enables firewalls to authorize each connection establishment individually, based on the user's proven identity. To prevent man-in-the-middle attacks and replay attacks, a challenge-response procedure must be accomplished before the connection is finally allowed. To distinguish the authentication information from application level data, a new TCP option tcpauthn was designed. The presented approach is intended to withdraw the initial authorization decision from the resources and therefore from the internal network and move this decision to fire-walls, which are employed to protect networks and services.",
author = "Jan Wiebelitz and Stefan Piger and Christopher Kunz and Christian Grimm",
year = "2009",
doi = "10.1109/ESCIW.2009.5407985",
language = "English",
isbn = "9781424459452",
series = "e-science 2009 - Proceedings of the 2009 5th IEEE International Conference on e-Science Workshops",
pages = "3--10",
booktitle = "e-science 2009 - Proceedings of the 2009 5th IEEE International Conference on e-Science Workshops",
note = "2009 5th IEEE International Conference on e-Science Workshops, e-science 2009 ; Conference date: 09-12-2009 Through 11-12-2009",

}

Download

TY - GEN

T1 - Transparent identity-based firewall transition for eScience

AU - Wiebelitz, Jan

AU - Piger, Stefan

AU - Kunz, Christopher

AU - Grimm, Christian

PY - 2009

Y1 - 2009

N2 - As new concepts for eSciene like Grid computing and Cloud computing tend to leave the research phase and develop towards production quality, the security eventually moves into focus. Up to now research in the security area concentrates on authentication and authorization on the resources themselves, but to enhance network security more generally, access control must be pushed back to the entry point of the resource providers' network. In this paper TCP-AuthN is presented, an approach for dynamic firewall operation, which uses the TCP three-way handshake to transport users' authentication information for dynamic firewall operation. The authentication information enables firewalls to authorize each connection establishment individually, based on the user's proven identity. To prevent man-in-the-middle attacks and replay attacks, a challenge-response procedure must be accomplished before the connection is finally allowed. To distinguish the authentication information from application level data, a new TCP option tcpauthn was designed. The presented approach is intended to withdraw the initial authorization decision from the resources and therefore from the internal network and move this decision to fire-walls, which are employed to protect networks and services.

AB - As new concepts for eSciene like Grid computing and Cloud computing tend to leave the research phase and develop towards production quality, the security eventually moves into focus. Up to now research in the security area concentrates on authentication and authorization on the resources themselves, but to enhance network security more generally, access control must be pushed back to the entry point of the resource providers' network. In this paper TCP-AuthN is presented, an approach for dynamic firewall operation, which uses the TCP three-way handshake to transport users' authentication information for dynamic firewall operation. The authentication information enables firewalls to authorize each connection establishment individually, based on the user's proven identity. To prevent man-in-the-middle attacks and replay attacks, a challenge-response procedure must be accomplished before the connection is finally allowed. To distinguish the authentication information from application level data, a new TCP option tcpauthn was designed. The presented approach is intended to withdraw the initial authorization decision from the resources and therefore from the internal network and move this decision to fire-walls, which are employed to protect networks and services.

UR - http://www.scopus.com/inward/record.url?scp=77950149637&partnerID=8YFLogxK

U2 - 10.1109/ESCIW.2009.5407985

DO - 10.1109/ESCIW.2009.5407985

M3 - Conference contribution

AN - SCOPUS:77950149637

SN - 9781424459452

T3 - e-science 2009 - Proceedings of the 2009 5th IEEE International Conference on e-Science Workshops

SP - 3

EP - 10

BT - e-science 2009 - Proceedings of the 2009 5th IEEE International Conference on e-Science Workshops

T2 - 2009 5th IEEE International Conference on e-Science Workshops, e-science 2009

Y2 - 9 December 2009 through 11 December 2009

ER -