TCP-AuthN

TCP inline authentication to enhance network security in Grid environments

verfasst von: Jan Wiebelitz, Christopher Kunz, Stefan Piger, Christian Grimm
Abstract: To secure communication in Grids many efforts have been made regarding authentication and authorization. Due to some application requirements it is up to now recommended to open wide port ranges on firewalls. This configuration is commonly accepted as insecure. We present an approach to enhance the security of firewalled Grid components by a new method to dynamically authorize TCP connections on firewalls. The authorization decision relies on the authenticated identity of users or conveyed attribute assertions. Authentication information is transferred within the TCP three-way-handshake. To distinguish the authentication information from application data a new TCP option tcpauthn is introduced. The new method TCP-AuthN leads to a new paradigm in firewall operation as the firewall comes to the final decision to allow or reject/deny a connection after the third segment of the TCP three-way-handshake is verified. The firewall denies/rejects each connection on an individual basis depending on the user's proven identity.
Organisationseinheit(en): Leibniz Universität IT Services (LUIS)
Typ: Aufsatz in Konferenzband
Seiten: 237-240
Anzahl der Seiten: 4
Publikationsdatum: 2009
Publikationsstatus: Veröffentlicht
Peer-reviewed: Ja
ASJC Scopus Sachgebiete: Theoretische Informatik und Mathematik, Angewandte Informatik, Hardware und Architektur, Software
Elektronische Version(en): https://doi.org/10.1109/ISPDC.2009.29 (Zugang: Unbekannt)

BibTeX

@inproceedings{a1c8cb43150d4ca8917d49c8d39259a6,
title = "TCP-AuthN: TCP inline authentication to enhance network security in Grid environments",
abstract = "To secure communication in Grids many efforts have been made regarding authentication and authorization. Due to some application requirements it is up to now recommended to open wide port ranges on firewalls. This configuration is commonly accepted as insecure. We present an approach to enhance the security of firewalled Grid components by a new method to dynamically authorize TCP connections on firewalls. The authorization decision relies on the authenticated identity of users or conveyed attribute assertions. Authentication information is transferred within the TCP three-way-handshake. To distinguish the authentication information from application data a new TCP option tcpauthn is introduced. The new method TCP-AuthN leads to a new paradigm in firewall operation as the firewall comes to the final decision to allow or reject/deny a connection after the third segment of the TCP three-way-handshake is verified. The firewall denies/rejects each connection on an individual basis depending on the user's proven identity.",
author = "Jan Wiebelitz and Christopher Kunz and Stefan Piger and Christian Grimm",
year = "2009",
doi = "10.1109/ISPDC.2009.29",
language = "English",
isbn = "9780769536804",
series = "8th International Symposium on Parallel and Distributed Computing, ISPDC 2009",
pages = "237--240",
booktitle = "8th International Symposium on Parallel and Distributed Computing, ISPDC 2009",
note = "8th International Symposium on Parallel and Distributed Computing, ISPDC 2009 ; Conference date: 30-06-2009 Through 04-07-2009",
}