Abstract:
Modern distributed business applications are embedding an
increasing degree of automation and dynamism, from dynamic supply-chain
management, enterprise federations, and virtual collaborations to dynamic
service interactions across organizations. Such dynamism leads to new
challenges in security and dependability. In Service-Oriented Architecture (SOA),
collaborating services may belong to different security realms but often need
to be engaged dynamically at runtime. If a cross-realm authentication
relationship cannot be generated dynamically at runtime between heterogeneous
security realms, it is technically difficult to enable dynamic business
processes through secure collaborations between services. A potential solution
to this problem is to generate a trust relationship across security realms so
that a user can use the credential in the local security realm to obtain the
credentials to access resources in a remote realm. However, the process of
generating such kinds of trust relationships between two disjoint security
realms is very complex and time consuming, which could involve a large number
of extra operations for credential conversion and require collaborations in
multiple security realms. In this paper, we propose a new cross-realm
authentication protocol for dynamic service interactions. This protocol does
not require credential conversion or establishment of authentication paths.
Algorithm / Technique used:
Diffie -Hellman Algorithm.
Algorithm Description:
Diffie-Hellman key exchange offers the best of both worlds -- it
uses public key techniques to allow the exchange of a private encryption key!
Let's take a look at how the protocol works, from the perspective of Alice and
Bob, two users who wish to establish secure communications. We can assume that
Alice and Bob k...
The Diffie-Hellman Key Exchange
Algorithm is used to by two parties to create a session key. The two parties go
through a 4 step process to generate the key. In order for an attacker to
obtain the key, he/she must face the discrete logrithm problem. Here are the
steps.1: Station A or Station B selects a large, secure prime number p and a primitive root a (mod p). Both p and a can be made public.
2: Station A chooses a secret random x with 1 <= x <= p-2, and Station B selects a secret random y with 1 <= y <= p-2.
3: Station A send a^x (mod p) to Station B, and Station B sends a^y (mod p) to Station A.
4: Using the messages that they each have received, they can each calculate the session key K. Station A calculates K by K congruent to (a^y)^x (mod p), and Station B calculates K by K congruent to (a^x)^y (mod p).
System
Architecture:
Existing
System:
In Service-Oriented Architecture (SOA), collaborating services may
belong to different security realms but often need to be engaged dynamically at
runtime. If a cross-realm authentication relationship cannot be generated
dynamically at runtime between heterogeneous security realms, it is technically
difficult to enable dynamic business processes through secure collaborations
between services. A potential solution to this problem is to generate a trust
relationship across security realms so that a user can use the credential in
the local security realm to obtain the credentials to access resources in a
remote realm. However, the process of generating such kinds of trust
relationships between two disjoint security realms is very complex and time
consuming, which could involve a large number of extra operations for
credential conversion and require collaborations in multiple security realms.
In this paper, we propose a new cross-realm authentication protocol for dynamic
service interactions. This protocol does not require credential conversion or
establishment of authentication paths.
No comments:
Post a Comment