J. Wiebelitz, Christopher Kunz, S. Piger, C. Grimm
{"title":"TCP- authn:提高网格环境下网络安全性的TCP内联认证","authors":"J. Wiebelitz, Christopher Kunz, S. Piger, C. Grimm","doi":"10.1109/ISPDC.2009.29","DOIUrl":null,"url":null,"abstract":"To secure communication in Grids many efforts have been made regarding authentication and authorization. Due to some application requirements it is up to now recommended to open wide port ranges on firewalls. This configuration is commonly accepted as insecure. We present an approach to enhance the security of firewalled Grid components by a new method to dynamically authorize TCP connections on firewalls. The authorization decision relies on the authenticated identity of users or conveyed attribute assertions. Authentication information is transferred within the TCP three-way-handshake. To distinguish the authentication information from application data a new TCP option tcpauthn is introduced. The new method TCP-AuthN leads to a new paradigm in firewall operation as the firewall comes to the final decision to allow or reject/deny a connection after the third segment of the TCP three-way-handshake is verified. The firewall denies/rejects each connection on an individual basis depending on the user's proven identity.","PeriodicalId":226126,"journal":{"name":"2009 Eighth International Symposium on Parallel and Distributed Computing","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2009-06-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"6","resultStr":"{\"title\":\"TCP-AuthN: TCP Inline Authentication to Enhance Network Security in Grid Environments\",\"authors\":\"J. Wiebelitz, Christopher Kunz, S. Piger, C. Grimm\",\"doi\":\"10.1109/ISPDC.2009.29\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"To secure communication in Grids many efforts have been made regarding authentication and authorization. Due to some application requirements it is up to now recommended to open wide port ranges on firewalls. This configuration is commonly accepted as insecure. We present an approach to enhance the security of firewalled Grid components by a new method to dynamically authorize TCP connections on firewalls. The authorization decision relies on the authenticated identity of users or conveyed attribute assertions. Authentication information is transferred within the TCP three-way-handshake. To distinguish the authentication information from application data a new TCP option tcpauthn is introduced. The new method TCP-AuthN leads to a new paradigm in firewall operation as the firewall comes to the final decision to allow or reject/deny a connection after the third segment of the TCP three-way-handshake is verified. The firewall denies/rejects each connection on an individual basis depending on the user's proven identity.\",\"PeriodicalId\":226126,\"journal\":{\"name\":\"2009 Eighth International Symposium on Parallel and Distributed Computing\",\"volume\":\"1 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2009-06-30\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"6\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2009 Eighth International Symposium on Parallel and Distributed Computing\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ISPDC.2009.29\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2009 Eighth International Symposium on Parallel and Distributed Computing","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ISPDC.2009.29","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
TCP-AuthN: TCP Inline Authentication to Enhance Network Security in Grid Environments
To secure communication in Grids many efforts have been made regarding authentication and authorization. Due to some application requirements it is up to now recommended to open wide port ranges on firewalls. This configuration is commonly accepted as insecure. We present an approach to enhance the security of firewalled Grid components by a new method to dynamically authorize TCP connections on firewalls. The authorization decision relies on the authenticated identity of users or conveyed attribute assertions. Authentication information is transferred within the TCP three-way-handshake. To distinguish the authentication information from application data a new TCP option tcpauthn is introduced. The new method TCP-AuthN leads to a new paradigm in firewall operation as the firewall comes to the final decision to allow or reject/deny a connection after the third segment of the TCP three-way-handshake is verified. The firewall denies/rejects each connection on an individual basis depending on the user's proven identity.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
