Internet DRAFT - draft-naqshbandi-kitten-hafc
draft-naqshbandi-kitten-hafc
<Networks Working Group> F. Naqshbandi
INTERNET-DRAFT NIT, Delhi
Intended Status: Standards Track K. Verma
Expires: February 8, 2019 Assistant Professor
NIT, Delhi
August 8, 2018
Hybrid Algorithm to enhance Authentication in Fog Computing
draft-naqshbandi-kitten-hafc-00.txt
Status of this Memo
This Internet-Draft is submitted to IETF in full conformance with
the provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as
Internet-Drafts.
Internet-Drafts are draft documents valid for a maximum of six
months and may be updated, replaced, or obsoleted by other
documents at any time. It is inappropriate to use Internet-Drafts
as reference material or to cite them other than as
"work in progress."
The list of current Internet-Drafts can be accessed at
http://www.ietf.org/1id-abstracts.html
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html
Copyright and License Notice
Copyright (c) 2018 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with
respect to this document. Code Components extracted from this
document must include Simplified BSD License text as described
in Section 4.e of the Trust Legal Provisions and are provided
without warranty as described in the Simplified BSD License.
F. Naqshbandi, K. Verma Expires February 8, 2019 [Page 1]
�
INTERNET DRAFT Hybrid Algorithm to enhance Authentication in Fog Computing August 8, 2018
Abstract
This document specifies the problem of attack on authenticity users.
The problem is discussed with respect to fog computing environment.
The threat exist when any user log in to access the service.
The two aspects are either the fog server is fake or the user node
is fake. The information stored on the server and transferred over
the connection. This information can be highly confidential and
sensitive. So to enhance security in this scenario, cloud server can
authenticate both the parties and establish the connection. There
are chances that it can get attacked and used by illegitimate users.
Therefore, there was an utmost need to increase the security on
authentication of the users. This document discusses a novel
approach to overcome the problem by using a hybrid approach. The
technique is based on user authentication and fog authentication
by cloud server.
Table of Contents
1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
2 Requirements Notation . . . . . . . . . . . . . . . . . . . . . 3
3 Terminology . . . . . . . . . . . . . . . . . . . . . . . . . . 3
4 Authentication Schemes . . . . . . . . . . . . . . . . . . . . . 3
5 Security Considerations. . . . .. . . . . . . . . . . . . . . . 4
6 IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 5
7 Other Considerations . . . . . . . . . . . . . . . . . . . . . . 5
8 Conclusions . . . . . . . . . . . . . . . . . . . . . . . . . . 6
9 References . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
9.1 Normative References . . . . . . . . . . . . . . . . . . . 6
9.2 Informative References . . . . . . . . . . . . . . . . . . 6
10 Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 7
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 7
F. Naqshbandi, K. Verma Expires February 8, 2019 [Page 2]
�
INTERNET DRAFT Hybrid Algorithm to enhance Authentication in Fog Computing August 8, 2018
1 Introduction
Fog computing is an advancement of cloud computing that came into
existence to reduce the load on the cloud server. When cloud
computing did not fulfil the client need like latency, data
overload, less computational speed to satisfy the need of clients
[1]. Fog servers were introduced as the intermediate layer to cloud.
They were connected to the clients all the time and sent the data
and data decisions to be saved to cloud server [2]. So for clients,
the efficiency of the server increased and for cloud server the
load also decreased by sharing with fog nodes. Every time when client
needs to connect to the fog node, they use their credentials to
login [3, 4]. But there was no system to authenticate the fog server
by the user node. In some scenarios,attacker can impersonate as the
fog server and communicate with the user node. This is serious
security threat on the system. Hence we need to authenticate both
user node as well the fog server.
2 Requirements Notation
In examples, "C:" , "F:" and "U:" indicate lines sent by the cloud
server, fog server and the user node respectively.
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC 2119 [RFC2119].
3 Terminology
FLIF :FLIF[5] is a form of progressive interlacing (a generalization
of the Adam7 algorithm). This means that any partial download of a
compressed file can be used as a reasonable lossy encoding of the
entire image.
Homomorphic encryption[6]: It allows complex mathematical operations
to be performed on encrypted data without using the original data.
For plain texts X1 and X2 and corresponding cipher text Y1 and Y2.
A homomorphic encryption scheme permits the computation of X1 (.) X2
from Y1 and Y2 without using P1 (.) P2. The cryptographic system is
multiplicative or additive depending on the nature(.).
4 Authentication Schemes
Authentication refers to validation of identity to access the
resources. It can be broadly divided into 2 categories: User based
F. Naqshbandi, K. Verma Expires February 8, 2019 [Page 3]
�
INTERNET DRAFT Hybrid Algorithm to enhance Authentication in Fog Computing August 8, 2018
authentication and Message authentication. User based authentication
deals with verifying user's identity. This is done mainly in common
known systems of authentication. The basic one is called two phase
that deals with username and password. The three phase approach that
either deals third component along with earlier two phase ones. The
third component can be biometric image of face, fingerprint etc. or
one-time-password based (OTP) or security question.
Message authentication works on the basic principle on hashing.
Every message that is passed to authentication system. It gets
encrypted with hash function which gives the output as a hash value.
The hash value can then be stored easily. The main algorithms for
these functions are MD5, SHA1, SHA2 and SHA3. The major difference
between all the algorithms is on the basis of the key size that is
used in hashing.
5 Security Considerations
The general authentications algorithms have been used till now to
connect to the fog node. But the existing security threats demands
the authentication algorithm to be more randomized as possible.
Therefore, there is need of algorithms that encompasses the
properties of the user based algorithm along with the message
authentication algorithms. In this draft, we propose a hybrid
approach that uses homomorphic encryption on fingerprint based login
system to authenticate user. For authenticating the fog server, an
OTP based authentication technique along with homomorphic
encryption.
In our proposed hybrid system, an user logs in for using the cloud
service or fog service by providing the credentials(username,
password, fingerprint). Then the credentials are encrypted using
homomorphic encryption and sent to the server for authentication.
Once it reaches the server, then gets decrypted and verified. If the
user is legitimate, then the service is granted to the nearest fog
server which is already authenticated. The allotment of fog server
to complete the request generated by user is provided by cloud
server.
The proposed system authenticates the fog server using OTP based
technique. After defined time slot, the cloud server sends the OTP
to fog servers. If the OTP is verified, then the fog server is
authentic otherwise it is attacked and impersonated by attacker.
F. Naqshbandi, K. Verma Expires February 8, 2019 [Page 4]
�
INTERNET DRAFT Hybrid Algorithm to enhance Authentication in Fog Computing August 8, 2018
+------------------------------------------------------------+
| +--------------------------------------+ |
| | | |
| | Cloud Server | |
| | | |
| +--------------------------------------+ |
| | 2| |
| | |3 |
| 1| +-----------------------+ |
| | | | |
| |4 | Fog Server | |
| | | | |
| | +-----------------------+ |
| | 5| |
| | |6 |
| +------------------------------------+ |
| | | |
| | User Node | |
| | | |
| +------------------------------------+ |
| |
+------------------------------------------------------------+
1. User node sends request to access service along with credentials
encrypted.
2. Fog server send request for its authentication.
3. If fog server is authenticated, then its location is stored in
database.
4. If the user is authenticated, then service is grant to nearest fog
server.
5. Whenever the service has to be accessed, the communication with
fog server starts.
6. Fog server responds to user node by providing appropriate
decisions.
6 IANA Considerations
Nil
7 Other Considerations
F. Naqshbandi, K. Verma Expires February 8, 2019 [Page 5]
�
INTERNET DRAFT Hybrid Algorithm to enhance Authentication in Fog Computing August 8, 2018
The hashing function that is being used in SHA3 should have large
function values so that attacker cant' decrypt.
8 Conclusions
This document discusses an efficient scheme for enhancing the
authenticity of users and fog nodes by the cloud server. It is a two
step technique that uses homomorphic encryption while establishing
the connection of the data.
9 References
[1] Al Hamid, Hadeal Abdulaziz, et al. "A security model for
preserving the privacy of medical big data in a healthcare cloud
using a fog computing facility with pairing-based cryptography."
IEEE Access 5 (2017): 22313-22328.
[2] Abbasi, Bushra Zaheer, and Munam Ali Shah. "Fog computing:
Security issues, solutions and robust practices." Automation and
Computing (ICAC), 2017 23rd International Conference on. IEEE, 2017.
[3]Wang, Tian, et al. "A three-layer privacy preserving cloud
storage scheme based on computational intelligence in fog computing
." IEEE Transactions on Emerging Topics in Computational
Intelligence 2.1 (2018): 3-12.
[4]Liu, Ximeng, et al. "Hybrid privacy-preserving clinical decision
support system in fog-cloud computing." Future Generation Computer
Systems 78 (2018): 825-837.
[5]Sneyers, Jon, and Pieter Wuille. "FLIF: Free lossless image
format based on MANIAC compression." Image Processing (ICIP), 2016
IEEE International Conference on. IEEE, 2016.
[6] Van Dijk, Marten, et al. "Fully homomorphic encryption over
the integers." Annual International Conference on the Theory and
Applications of Cryptographic Techniques. Springer, Berlin,
Heidelberg, 2010.
9.1 Normative References
[1]Brakerski, Zvika, and Vinod Vaikuntanathan. "Fully homomorphic
encryption from ring-LWE and security for key dependent messages."
Annual cryptology conference. Springer, Berlin, Heidelberg, 2011.
9.2 Informative References
[1]Gentry, Craig, and Dan Boneh. A fully homomorphic encryption
F. Naqshbandi, K. Verma Expires February 8, 2019 [Page 6]
�
INTERNET DRAFT Hybrid Algorithm to enhance Authentication in Fog Computing August 8, 2018
scheme. Vol. 20. No. 09. Stanford: Stanford University, 2009.
[2]Brakerski, Zvika, and Vinod Vaikuntanathan. "Efficient fully
homomorphic encryption from (standard) LWE." SIAM Journal on
Computing 43.2 (2014): 831-871.
10 Acknowledgements
This document is prepared for M. Tech 2 year Major Project in
National Institute of Technology, Delhi (grant funded by the India
government (MHRD).
Authors' Addresses
Faraz Ahmad Naqshbandi
M. Tech Student
Department of Computer Science & Engineering
National Institute of Technology, Delhi
Narela, Delhi-110040, INDIA
Phone: +91- 9796666996
EMail: 172211004@nitdelhi.ac.in
Karan Verma
Assistant Professor
Department of Computer Science & Engineering
National Institute of Technology, Delhi
Narela, Delhi-110040, INDIA
Phone: +91- 7568169258
EMail: karan.verma.phd@gmail.com
F. Naqshbandi, K. Verma ExpiresFebruary 8, 2019 [Page 7]
