Details
Original language | English |
---|---|
Title of host publication | e-science 2009 - Proceedings of the 2009 5th IEEE International Conference on e-Science Workshops |
Pages | 3-10 |
Number of pages | 8 |
Publication status | Published - 2009 |
Event | 2009 5th IEEE International Conference on e-Science Workshops, e-science 2009 - Oxford, United Kingdom (UK) Duration: 9 Dec 2009 → 11 Dec 2009 |
Publication series
Name | e-science 2009 - Proceedings of the 2009 5th IEEE International Conference on e-Science Workshops |
---|
Abstract
As new concepts for eSciene like Grid computing and Cloud computing tend to leave the research phase and develop towards production quality, the security eventually moves into focus. Up to now research in the security area concentrates on authentication and authorization on the resources themselves, but to enhance network security more generally, access control must be pushed back to the entry point of the resource providers' network. In this paper TCP-AuthN is presented, an approach for dynamic firewall operation, which uses the TCP three-way handshake to transport users' authentication information for dynamic firewall operation. The authentication information enables firewalls to authorize each connection establishment individually, based on the user's proven identity. To prevent man-in-the-middle attacks and replay attacks, a challenge-response procedure must be accomplished before the connection is finally allowed. To distinguish the authentication information from application level data, a new TCP option tcpauthn was designed. The presented approach is intended to withdraw the initial authorization decision from the resources and therefore from the internal network and move this decision to fire-walls, which are employed to protect networks and services.
ASJC Scopus subject areas
- Arts and Humanities(all)
- General Arts and Humanities
- Earth and Planetary Sciences(all)
- General Earth and Planetary Sciences
- Engineering(all)
- Biomedical Engineering
- Social Sciences(all)
- Education
Cite this
- Standard
- Harvard
- Apa
- Vancouver
- BibTeX
- RIS
e-science 2009 - Proceedings of the 2009 5th IEEE International Conference on e-Science Workshops. 2009. p. 3-10 5407985 (e-science 2009 - Proceedings of the 2009 5th IEEE International Conference on e-Science Workshops).
Research output: Chapter in book/report/conference proceeding › Conference contribution › Research › peer review
}
TY - GEN
T1 - Transparent identity-based firewall transition for eScience
AU - Wiebelitz, Jan
AU - Piger, Stefan
AU - Kunz, Christopher
AU - Grimm, Christian
PY - 2009
Y1 - 2009
N2 - As new concepts for eSciene like Grid computing and Cloud computing tend to leave the research phase and develop towards production quality, the security eventually moves into focus. Up to now research in the security area concentrates on authentication and authorization on the resources themselves, but to enhance network security more generally, access control must be pushed back to the entry point of the resource providers' network. In this paper TCP-AuthN is presented, an approach for dynamic firewall operation, which uses the TCP three-way handshake to transport users' authentication information for dynamic firewall operation. The authentication information enables firewalls to authorize each connection establishment individually, based on the user's proven identity. To prevent man-in-the-middle attacks and replay attacks, a challenge-response procedure must be accomplished before the connection is finally allowed. To distinguish the authentication information from application level data, a new TCP option tcpauthn was designed. The presented approach is intended to withdraw the initial authorization decision from the resources and therefore from the internal network and move this decision to fire-walls, which are employed to protect networks and services.
AB - As new concepts for eSciene like Grid computing and Cloud computing tend to leave the research phase and develop towards production quality, the security eventually moves into focus. Up to now research in the security area concentrates on authentication and authorization on the resources themselves, but to enhance network security more generally, access control must be pushed back to the entry point of the resource providers' network. In this paper TCP-AuthN is presented, an approach for dynamic firewall operation, which uses the TCP three-way handshake to transport users' authentication information for dynamic firewall operation. The authentication information enables firewalls to authorize each connection establishment individually, based on the user's proven identity. To prevent man-in-the-middle attacks and replay attacks, a challenge-response procedure must be accomplished before the connection is finally allowed. To distinguish the authentication information from application level data, a new TCP option tcpauthn was designed. The presented approach is intended to withdraw the initial authorization decision from the resources and therefore from the internal network and move this decision to fire-walls, which are employed to protect networks and services.
UR - http://www.scopus.com/inward/record.url?scp=77950149637&partnerID=8YFLogxK
U2 - 10.1109/ESCIW.2009.5407985
DO - 10.1109/ESCIW.2009.5407985
M3 - Conference contribution
AN - SCOPUS:77950149637
SN - 9781424459452
T3 - e-science 2009 - Proceedings of the 2009 5th IEEE International Conference on e-Science Workshops
SP - 3
EP - 10
BT - e-science 2009 - Proceedings of the 2009 5th IEEE International Conference on e-Science Workshops
T2 - 2009 5th IEEE International Conference on e-Science Workshops, e-science 2009
Y2 - 9 December 2009 through 11 December 2009
ER -