140 research outputs found
Network security mechanisms and implementations for the next generation reliable fast data transfer protocol - UDT
University of Technology, Sydney. Faculty of Engineering and Information Technology.TCP protocol variants (such as FAST, BiC, XCP, Scalable and High Speed) have
demonstrated improved performance in simulation and in several limited
network experiments. However, practical use of these protocols is still very
limited because of implementation and installation difficulties. Users who
require to transfer bulk data (e.g., in Cloud/GRID computing) usually turn to
application level solutions where these variants do not fair well. Among protocols
considered in the application level are User Datagram Protocol (UDP)-based
protocols, such as UDT (UDP-based Data Transport Protocol). UDT is one of the
most recently developed new transport protocols with congestion control
algorithms. It was developed to support next generation high-speed networks,
including wide area optical networks. It is considered a state-of-the-art protocol,
addressing infrastructure requirements for transmitting data in high-speed
networks. Its development, however, creates new vulnerabilities because like
many other protocols, it relies solely on the existing security mechanisms for
current protocols such as the Transmission Control Protocol (TCP) and UDP.
Certainly, both UDT and the decades-old TCP/UDP lack a well-thought-out
security architecture that addresses problems in today’s networks. In this
dissertation, we focus on investigating UDT security issues and offer important
contributions to the field of network security. The choice of UDT is significant for
several reasons: UDT as a newly designed next generation protocol is considered
one of the most promising and fastest protocols ever created that operates on top
of the UDP protocol. It is a reliable UDP-based application-level data-transport
protocol intended for distributing data intensive applications over wide area
high-speed networks. It can transfer data in a highly configurable framework and
can accommodate various congestion control algorithms. Its proven success at
transferring terabytes of data gathered from outer space across long distances is
a testament to its significant commercial promise. In this work, our objective is to
examine a range of security methods used on existing mature protocols such as
TCP and UDP and evaluate their viability for UDT. We highlight the security
limitations of UDT and determine the threshold of feasible security schemes
within the constraints under which UDT was designed and developed.
Subsequently, we provide ways of securing applications and traffic using UDT
protocol, and offer recommendations for securing UDT. We create security
mechanisms tailored for UDT and propose a new security architecture that can
assist network designers, security investigators, and users who want to
incorporate security when implementing UDT across wide area networks.
We then conduct practical experiments on UDT using our security mechanisms
and explore the use of other existing security mechanisms used on TCP/UDP for
UDT. To analyse the security mechanisms, we carry out a formal proof of
correctness to assist us in determining their applicability by using Protocol
Composition Logic (PCL). This approach is modular, comprising a separate proof
of each protocol section and providing insight into the network environment in
which each section can be reliably employed. Moreover, the proof holds for a
variety of failure recovery strategies and other implementation and configuration
options. We derive our technique from the PCL on TLS and Kerberos in the
literature. We maintain, however, the novelty of our work for UDT particularly
our newly developed mechanisms such as UDT-AO, UDT-DTLS, UDT-Kerberos
(GSS-API) specifically for UDT, which all now form our proposed UDT security
architecture.
We further analyse this architecture using rewrite systems and automata. We
outline and use symbolic analysis approach to effectively verify our proposed
architecture. This approach allows dataflow replication in the implementation of
selected mechanisms that are integrated into the proposed architecture. We
consider this approach effective by utilising the properties of the rewrite systems
to represent specific flows within the architecture to present a theoretical and
reliable method to perform the analysis. We introduce abstract representations of
the components that compose the architecture and conduct our investigation,
through structural, semantics and query analyses.
The result of this work, which is first in the literature, is a more robust
theoretical and practical representation of a security architecture of UDT, viable
to work with other high speed network protocols
A pragmatic approach: Achieving acceptable security mechanisms for high speed data transfer protocol-UDT
The development of next generation protocols, such as UDT (UDP-based data transfer), promptly addresses various infrastructure requirements for transmitting data in high speed networks. However, this development creates new vulnerabilities when these protocols are designed to solely rely on existing security solutions of existing protocols such as TCP and UDP. It is clear that not all security protocols (such as TLS) can be used to protect UDT, just as security solutions devised for wired networks cannot be used to protect the unwired ones. The development of UDT, similarly in the development of TCP/UDP many years ago, lacked a well-thought security architecture to address the problems that networks are presently experiencing. This paper proposes and analyses practical security mechanisms for UDT
Security for Grid Services
Grid computing is concerned with the sharing and coordinated use of diverse
resources in distributed "virtual organizations." The dynamic and
multi-institutional nature of these environments introduces challenging
security issues that demand new technical approaches. In particular, one must
deal with diverse local mechanisms, support dynamic creation of services, and
enable dynamic creation of trust domains. We describe how these issues are
addressed in two generations of the Globus Toolkit. First, we review the Globus
Toolkit version 2 (GT2) approach; then, we describe new approaches developed to
support the Globus Toolkit version 3 (GT3) implementation of the Open Grid
Services Architecture, an initiative that is recasting Grid concepts within a
service oriented framework based on Web services. GT3's security implementation
uses Web services security mechanisms for credential exchange and other
purposes, and introduces a tight least-privilege model that avoids the need for
any privileged network service.Comment: 10 pages; 4 figure
Securing data transfer in the cloud through introducing identification packet and UDT-authentication option field: a characterization
The emergence of various technologies has since pushed researchers to develop
new protocols that support high density data transmissions in Wide Area
Networks. Many of these protocols are TCP protocol variants, which have
demonstrated better performance in simulation and several limited network
experiments but have limited practical applications because of implementation
and installation difficulties. On the other hand, users who need to transfer
bulk data (e.g., in grid/cloud computing) usually turn to application level
solutions where these variants do not fair well. Among protocols considered in
the application level solutions are UDP-based protocols, such as UDT (UDP-based
Data Transport Protocol) for cloud /grid computing. Despite the promising
development of protocols like UDT, what remains to be a major challenge that
current and future network designers face is to achieve survivability and
security of data and networks. Our previous research surveyed various security
methodologies which led to the development of a framework for UDT. In this
paper we present lowerlevel security by introducing an Identity Packet (IP) and
Authentication Option (AO) for UDT.Comment: 17 page
Integrated windows authentication in web applications
The paper discusses a method of transparent user authentication within a web application running in an internal network organized into a domain by means of Microsoft Active Directory
Integrated windows authentication in web applications
The paper discusses a method of transparent user authentication within a web application running in an internal network organized into a domain by means of Microsoft Active Directory
Survey of Security in Grid Services
This article provides a survey of Security in Grid Services coming from a study of many papers most of which were done by the Grid Forum OGSA-SEC (Open Grid Service Architecture Security) working group, GSI (Grid Security Infrastructure) working group, and Globus Alliance team and other people who contributed to Grid. It describes the best practice in terms of Grid Security Challenges, Grid Security Requirements, and the GT3 (Globus Toolkit version 3) Security Model for OGSA. Most of these were further refined in separate documents
Recommended from our members
SCSlib: Transparently Accessing Protected Sensor Data in the Cloud
As sensor networks get increasingly deployed in real-world scenarios such as home and industrial automation, there is a similarly growing demand in analyzing, consolidating, and storing the data collected by these networks. The dynamic, on-demand resources offered by today’s cloud computing environments promise to satisfy this demand. However, prevalent security concerns still hinder the integration of sensor networks and cloud computing. In this paper, we show how recent progress in standardization can provide the basis for protecting data from diverse sensor devices when outsourcing data processing and storage to the cloud. To this end, we present our Sensor Cloud Security Library (SCSlib) that enables cloud service developers to transparently access cryptographically protected sensor data in the cloud. SCSlib specifically allows domain specialists who are not security experts to build secure cloud services. Our evaluation proves the feasibility and applicability of SCSlib for commodity cloud computing environments
- …