Supporting secure services on dynamic aggregation of heterogeneous networks

PhD Thesis

Lai, David Tai Wai. 2010. Supporting secure services on dynamic aggregation of heterogeneous networks. PhD Thesis Doctor of Philosophy. University of Southern Queensland.
Title

Supporting secure services on dynamic aggregation of heterogeneous networks

TypePhD Thesis
Authors
AuthorLai, David Tai Wai
SupervisorZhang, Zhongwei
Institution of OriginUniversity of Southern Queensland
Qualification NameDoctor of Philosophy
Number of Pages282
Year2010
Abstract

Sharing of services over IP networks prove to be an effective approach to satisfy the demand of network users when their home network cannot offer the required services. Authentication, authorization and revocation are some of the important challenges in the service sharing services over IP networks. This research address the problem associated with the authentication because it becomes more and more complicated due to the incompatible authentication
schemes used by individual autonomous networks, privacy of authentication information, and the overhead in establishing the sharing. The case gets worse when a user
roams from network to network.

Many efforts have been made to address these issues in the past years. Kerberos is a solution for cross realm authentication. Unfortunately, Kerberos suffers from bottle neck and single point of failure. Ad hoc aggregation cannot make use of Kerberos. Eduroam enables sharing of wireless access to users roaming between participating institutions, but only services provided by the home network is available to a user. Mobile Host Routing can route data between mobile user. But the networks are linked together in an unscalable network by network basis.

Another authentication scheme which has gained some momentum is OpenID. However, in OpenID, authentication simply means proving the ownership of an account, and
there is no binding between the account and the actual user identity.

These problems and the limitations in the existing approaches inspired us to propose Service Network Graph, a service authentication infrastructure for service sharing among heterogeneous networks aggregated dynamically via self-authenticating encrypted channels. The key feature of SNG is delegation of authentication authority from one network to another. A user can use the services provided by the delegatee network as well as his home network after authenticating to the delegatee network.

When an autonomous network attaches to an SNG, not only does the network being attached delegate its authentication authority, but all authentication authorities delegated
to the network also re-delegated to the attaching network. Authentication Delegation and Re-delegation makes SNG scalable.

As authentication is always done by the home network, the identity of a user can be securely bound to his account. At the same time, there is no hierarchy structure for the
authentication process, autonomous networks can join an SNG in an ad hoc fashion. No authentication bottle neck is anticipated in SNG.

The information of the authentication delegation path is stored in a Service Path which can be optimized for performance. SNG can readily extend to include mobile users. We also proposed Dynamic Password (DPass) and its associated Key Exchange Scheme to be used as one of the candidate authentication schemes for SNG. DPass provide strong passwords which are relatively easy to remember.

SNG together with DPass provide an infrastructure for secure service sharing on dynamic aggregation of heterogenous networks. The features and feasibility of SNG and DPass have been demonstrated on a simulated model of autonomous networks and an aggregate of networks in a laboratory. Our study has, to a certain extend, overcome the
draw backs of the above mentioned approaches with efficiency and scalability.

Keywordsservice sharing; authentication; Service Network Graph; SNG; Dynamic Password
ANZSRC Field of Research 2020460609. Networking and communications
Byline AffiliationsDepartment of Mathematics and Computing
Permalink -

https://research.usq.edu.au/item/q0x1w/supporting-secure-services-on-dynamic-aggregation-of-heterogeneous-networks

Log in to edit

Download files

Published Version
Lai_2010_whole.pdf
File access level: Anyone

  • 1931
    total views
  • 433
    total downloads
  • 5
    views this month
  • 1
    downloads this month

Export as

Related outputs

A Review of the State of the Art in Privacy and Security in the eHealth Cloud
Sahi, Aqeel, Lai, David and Li, Yan. 2021. "A Review of the State of the Art in Privacy and Security in the eHealth Cloud." IEEE Access. 9, pp. 104127-104141. https://doi.org/10.1109/ACCESS.2021.3098708
An efficient hash based parallel block cipher mode of operation
Sahi, Aqeel, Lai, David and Li, Yan. 2018. "An efficient hash based parallel block cipher mode of operation." 3rd IEEE International Conference on Computer and Communication Systems (ICCCS 2018). Nagoya, Japan 27 - 30 Apr 2018 New York, United States.
Three-party password-based authenticated key exchange protocol based on the computational Diffie-Hellman assumption
Sahi, Aqeel, Lai, David and Li, Yan. 2018. "Three-party password-based authenticated key exchange protocol based on the computational Diffie-Hellman assumption." International Journal of Communication Networks and Distributed Systems. 21 (4), pp. 560-581. https://doi.org/10.1504/IJCNDS.2018.095373
An Efficient DDoS TCP Flood Attack Detection and Prevention System in a Cloud Environment
Sahi, Aqeel, Lai, David, Li, Yan and Diykh, Mohammed. 2017. "An Efficient DDoS TCP Flood Attack Detection and Prevention System in a Cloud Environment ." IEEE Access. 5, pp. 6036-6048. https://doi.org/10.1109/ACCESS.2017.2688460
An energy efficient TCP DoS attacks mitigation method in cloud computing
Sahi, Aqeel, Lai, David and Li, Yan. 2017. "An energy efficient TCP DoS attacks mitigation method in cloud computing." Al-Jumaily, Adel Ali, Barifcani, Ahmed and Al-Jumaily, Ahmed (ed.) 1st MoHESR and HCED Iraqi Scholars Conference in Australasia 2017 (ISCA 2017). Melbourne, Australia 05 - 06 Dec 2017 Melbourne, Australia.
Security and privacy preserving approaches in the eHealth clouds with disaster recovery plan
Sahi, Aqeel, Lai, David and Li, Yan. 2016. "Security and privacy preserving approaches in the eHealth clouds with disaster recovery plan." Computers in Biology and Medicine. 78, pp. 1-8. https://doi.org/10.1016/j.compbiomed.2016.09.003
Data selection in EEG signals classification
Wang, Shuaifang, Li, Yan, Wen, Peng and Lai, David. 2016. "Data selection in EEG signals classification." Physical and Engineering Sciences in Medicine. 39 (1), pp. 157-165. https://doi.org/10.1007/s13246-015-0414-x
Parallel encryption mode for probabilistic scheme to secure data in the cloud
Sahi, Aqeel, Lai, David and Li, Yan. 2015. "Parallel encryption mode for probabilistic scheme to secure data in the cloud." 10th International Conference on Information Technology and Applications (ICITA 2015). Sydney, Australia 01 - 04 Jul 2015 Australia.
Preventing man-in-the-middle attack in Diffie-Hellman key exchange protocol
Khader, Aqeel Sahi and Lai, David. 2015. "Preventing man-in-the-middle attack in Diffie-Hellman key exchange protocol." 22nd International Conference on Telecommunications (ICT2015). Sydney, Australia 27 - 29 Apr 2015 United States. https://doi.org/10.1109/ICT.2015.7124683
Distance education platform for effective learning in computer networking courses
Lai, David, Venkatakrishnan, Vijayakrishnan and Li, Yan. 2012. "Distance education platform for effective learning in computer networking courses." Wang, Chih-Chien (ed.) 2012 International Conference on Applied and Theoretical Information Systems Research (ATISR 2012). Taipei, Taiwan 10 - 12 Feb 2012 Taipei, Taiwan.
Towards an authentication protocol for service outsourcing over IP networks
Lai, David, Zhang, Zhongwei and Wang, Hua. 2005. "Towards an authentication protocol for service outsourcing over IP networks." Arabnia, Hamid R. (ed.) 2005 International Conference on Security and Management. Las Vegas, United States of America 20 - 23 Jun 2005 Las Vegas, Nevada, USA.
Understanding and enlivening AQM workings using computer simualtion
Shen, Chong, Zhang, Zhongwei and Lai, David. 2006. "Understanding and enlivening AQM workings using computer simualtion." Li, Hong (ed.) ASEE Mid-Atlantic Section Spring 2006 Conference (ASEE 2006). New York, United States 28 - 29 Apr 2006 New York, USA.
Achieving secure service sharing over IP networks
Lai, David, Zhang, Zhongwei and Shen, Chong. 2006. "Achieving secure service sharing over IP networks." Li, Hong (ed.) ASEE Mid-Atlantic Section Spring 2006 Conference (ASEE 2006). New York, United States 28 - 29 Apr 2006 New York, USA.
Efficient information propagation in service routing for next generation network
Lai, David and Zhang, Zhongwei. 2009. "Efficient information propagation in service routing for next generation network." Wen, Peng, Li, Yuefeng, Polkowski, Lech, Yao, Yiyu, Tsumoto, Shusaku and Wang, Guoyin (ed.) 4th International Conference on Rough Sets and Knowledge Technology (RSKT 2009). Gold Coast, Australia 14 - 16 Jul 2009 Berlin, Germany. https://doi.org/10.1007/978-3-642-02962-2_43
Integrated key exchange protocol capable of revealing spoofing and resisting dictionary attacks
Lai, David and Zhang, Zhongwei. 2004. "Integrated key exchange protocol capable of revealing spoofing and resisting dictionary attacks." Xue, Li, Zhou, JiangYing, Yung, Moti and Jakobsson, Markus (ed.) 2nd International Conference, Applied Cryptography and Network Security ACNS 2004. Yellow Mountain, China 08 - 11 Jun 2004 China.
Service re-routing for service network graph: efficiency, scalability and implementation
Lai, David and Zhang, Zhongwei. 2009. "Service re-routing for service network graph: efficiency, scalability and implementation." International Journal of Computer Networks and Communications. 1 (1), pp. 46-59.
An active approach to multimedia network management
Zhang, Zhongwei and Lai, David. 2005. "An active approach to multimedia network management." Mastorakis, Nikos and Passadis, Kostas (ed.) 9th WSEAS International Conference on Communications. Athens, Greece 11 - 16 Jul 2005 Athens, Greece.
Decentralized management of multimedia network using active network technology
Zhang, Zhongwei and Lai, David. 2005. "Decentralized management of multimedia network using active network technology." WSEAS Transactions on Communications. 4 (7), pp. 325-333.
Implementing and evaluating an adaptive secure routing protocol for mobile ad hoc network
Jin, Lu, Zhang, Zhongwei and Lai, David. 2006. "Implementing and evaluating an adaptive secure routing protocol for mobile ad hoc network." Powell, Steven (ed.) 5th Annual Wireless Telecommunication Symposium (WTS2006). Pomona, United States 27 - 29 Apr 2006 Pomona, California, USA.
Secure service sharing over networks for mobile users using service network graphs
Lai, David and Zhang, Zhongwei. 2006. "Secure service sharing over networks for mobile users using service network graphs." Powell, Steven (ed.) 5th Annual Wireless Telecommunication Symposium (WTS2006). Pomona, United States 27 - 29 Apr 2006 Pomona, California, USA.
Network service sharing infrastructure: service authentication and authorization revocation
Lai, David and Zhang, Zhongwei. 2005. "Network service sharing infrastructure: service authentication and authorization revocation." Mastorakis, Nikos and Passadis, Kostas (ed.) 9th WSEAS International Conference on Communications. Athens, Greece 11 - 16 Jul 2005 Athens, Greece.
An infrastructure for service authentication and authorization revocation in a dynamic aggregation of networks
Lai, David and Zhang, Zhongwei. 2005. "An infrastructure for service authentication and authorization revocation in a dynamic aggregation of networks." WSEAS Transactions on Communications. 4 (8), pp. 537-547.
A unified approach to ameliorate active queue management of network routers
Zhang, Zhongwei, Lai, David and Suthaharan, Shan. 2005. "A unified approach to ameliorate active queue management of network routers." Ohta, Naohisa (ed.) 2005 International Symposium on Intelligent Signal Processing and Communication Systems (ISPACS 2005). Hong Kong, China 13 - 16 Dec 2005 New York, United States.
Self-authentication of encrypted channels in service network graph
Lai, David and Zhang, Zhongwei. 2008. "Self-authentication of encrypted channels in service network graph." Cao, Jiang, Li, Minglu, Weng, Chuliang, Xiang, Yang, Wang, Xin, Tang, Hong, Hong, Feng, Liu, Hong and Wang, Yinglin (ed.) IFIP International Conference on Network and Parallel Computing (NPC 2008). Shanghai, China 18 - 21 Oct 2008 Los Alamitos, CA. United States. https://doi.org/10.1109/NPC.2008.20
Improving efficiency and scalability of service network graph by re-routing service routes
Lai, David and Zhang, Zhongwei. 2009. "Improving efficiency and scalability of service network graph by re-routing service routes." Nguyen, Ngoc Thanh, Nguyen, Huynh Phan and Grzech, Adam (ed.) ACIIDS 2009: 1st Asian Conference on Intelligent Information and Database Systems. Dong Hoi, Vietnam 01 - 03 Apr 2009 Piscataway, NJ. United States. https://doi.org/10.1109/ACIIDS.2009.31
An evaluation of electronic individual peer assessment in an introductory programming course
de Raadt, Michael, Lai, David and Watson, Richard. 2008. "An evaluation of electronic individual peer assessment in an introductory programming course." Lister, Raymond (ed.) 7th Baltic Sea Conference on Computing Education Research (Koli Calling 2007). Koli National Park, Finland 15 - 18 Nov 2007 Sydney, Australia.