Internet DRAFT - draft-naqshbandi-kitten-hafc

draft-naqshbandi-kitten-hafc



<Networks Working Group>                                 F. Naqshbandi
INTERNET-DRAFT                                              NIT, Delhi                                             
Intended Status: Standards Track                              K. Verma                             
Expires: February 8, 2019                           Assistant Professor                                        
                                                            NIT, Delhi                                                         
                                                       
							 August 8, 2018  


      Hybrid Algorithm to enhance Authentication in Fog Computing
                      draft-naqshbandi-kitten-hafc-00.txt




Status of this Memo

   This Internet-Draft is submitted to IETF in full conformance with 
   the provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF), its areas, and its working groups. Note that
   other groups may also distribute working documents as
   Internet-Drafts.

   Internet-Drafts are draft documents valid for a maximum of six 
   months and may be updated, replaced, or obsoleted by other 
   documents at any time. It is inappropriate to use Internet-Drafts
   as reference material or to cite them other than as 
   "work in progress."

   The list of current Internet-Drafts can be accessed at
   http://www.ietf.org/1id-abstracts.html

   The list of Internet-Draft Shadow Directories can be accessed at
   http://www.ietf.org/shadow.html


Copyright and License Notice

      Copyright (c) 2018 IETF Trust and the persons identified as the 
      document authors. All rights reserved.

      This document is subject to BCP 78 and the IETF Trust's Legal 
      Provisions Relating to IETF Documents 
      (http://trustee.ietf.org/license-info) in effect on the date of
      publication of this document. Please review these documents 
      carefully, as they describe your rights and restrictions with 
      respect to this document. Code Components extracted from this 
      document must include Simplified BSD License text as described 
      in Section 4.e of the Trust Legal Provisions and are provided
      without warranty as described in the Simplified BSD License.

 


F. Naqshbandi, K. Verma  Expires February 8, 2019                [Page 1]

INTERNET DRAFT Hybrid Algorithm to enhance Authentication in Fog Computing  August 8, 2018


   Abstract

   This document specifies the problem of attack on authenticity users. 
   The problem is discussed with respect to fog computing environment. 
   The threat exist when any user log in to access the service.
   The two aspects are either the fog server is fake or the user node 
   is fake. The information stored on the server and transferred over 
   the connection. This information can be highly confidential and 
   sensitive. So to enhance security in this scenario, cloud server can 
   authenticate both the parties and establish the connection. There 
   are chances that it can get attacked and used by illegitimate users. 
   Therefore, there was an utmost need to increase the security on 
   authentication of the users. This document discusses a novel 
   approach to overcome the problem by using a hybrid approach. The 
   technique is based on user authentication and fog authentication
   by cloud server.





Table of Contents

   1  Introduction  . . . . . . . . . . . . . . . . . . . . . . . . .  3
   2 Requirements Notation  . . . . . . . . . . . . . . . . . . . . .  3
   3  Terminology . . . . . . . . . . . . . . . . . . . . . . . . . .  3
   4 Authentication Schemes . . . . . . . . . . . . . . . . . . . . .  3
   5  Security Considerations. . . . .. . . . . . . . . . . . . . . .  4
   6  IANA Considerations . . . . . . . . . . . . . . . . . . . . . .  5
   7 Other Considerations . . . . . . . . . . . . . . . . . . . . . .  5
   8 Conclusions  . . . . . . . . . . . . . . . . . . . . . . . . . .  6
   9 References . . . . . . . . . . . . . . . . . . . . . . . . . . .  6
     9.1  Normative References  . . . . . . . . . . . . . . . . . . .  6
     9.2  Informative References  . . . . . . . . . . . . . . . . . .  6
   10 Acknowledgements  . . . . . . . . . . . . . . . . . . . . . . .  7
   Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . .  7













 


F. Naqshbandi, K. Verma  Expires February 8, 2019                [Page 2]

INTERNET DRAFT Hybrid Algorithm to enhance Authentication in Fog Computing  August 8, 2018


1  Introduction

   Fog computing is an advancement of cloud computing that came into
   existence to reduce the load on the cloud server. When cloud
   computing did not fulfil the client need like latency, data 
   overload, less computational speed to satisfy the need of clients
   [1]. Fog servers were introduced as the intermediate layer to cloud. 
   They were connected to the clients all the time and sent the data 
   and data decisions to be saved to cloud server [2]. So for clients, 
   the efficiency of the server increased and for cloud server the 
   load also decreased by sharing with fog nodes. Every time when client
   needs to connect to the fog node, they use their credentials to 
   login [3, 4]. But there was no system to authenticate the fog server
   by the user node. In some scenarios,attacker can impersonate as the 
   fog server and communicate with the user node. This is serious 
   security threat on the system. Hence we need to authenticate both
   user node as well the fog server.

2 Requirements Notation


   In examples, "C:" , "F:" and "U:" indicate lines sent by the cloud
   server, fog server and the user node respectively.

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
   document are to be interpreted as described in RFC 2119 [RFC2119].


3  Terminology

   FLIF :FLIF[5] is a form of progressive interlacing (a generalization
   of the Adam7 algorithm). This means that any partial download of a
   compressed file can be used as a reasonable lossy encoding of the
   entire image.

   Homomorphic encryption[6]: It allows complex mathematical operations
   to be performed on encrypted data without using the original data. 
   For plain texts X1 and X2 and corresponding cipher text Y1 and Y2. 
   A homomorphic encryption scheme permits the computation of X1 (.) X2
   from Y1 and Y2 without using P1 (.) P2. The cryptographic system is
   multiplicative or additive depending on the nature(.).  


4 Authentication Schemes

   Authentication refers to validation of identity to access the
   resources. It can be broadly divided into 2 categories: User based
 


F. Naqshbandi, K. Verma  Expires February 8, 2019                [Page 3]

INTERNET DRAFT Hybrid Algorithm to enhance Authentication in Fog Computing  August 8, 2018


   authentication and Message authentication. User based authentication
   deals with verifying user's identity. This is done mainly in common
   known systems of authentication. The basic one is called two phase
   that deals with username and password. The three phase approach that
   either deals third component along with earlier two phase ones. The
   third component can be biometric image of face, fingerprint etc. or
   one-time-password based (OTP) or security question.

   Message authentication works on the basic principle on hashing. 
   Every message that is passed to authentication system. It gets 
   encrypted with hash function which gives the output as a hash value. 
   The hash value can then be stored easily. The main algorithms for 
   these functions are  MD5, SHA1, SHA2 and SHA3. The major difference
   between all the algorithms is on the basis of the key size that is 
   used in hashing.


5  Security Considerations


   The general authentications algorithms have been used till now to
   connect to the fog node. But the existing security threats demands
   the authentication algorithm to be more randomized as possible.
   Therefore, there is need of algorithms that encompasses the
   properties of the user based algorithm along with the message
   authentication algorithms. In this draft, we propose a hybrid
   approach that uses homomorphic encryption on fingerprint based login
   system to authenticate user. For authenticating the fog server, an
   OTP based authentication technique along with homomorphic
   encryption.

   In our proposed hybrid system, an user logs in for using the cloud
   service or fog service by providing the credentials(username,
   password, fingerprint). Then the credentials are encrypted using
   homomorphic encryption and sent to the server for authentication.
   Once it reaches the server, then gets decrypted and verified. If the
   user is legitimate, then the service is granted to the nearest fog
   server which is already authenticated. The allotment of fog server 
   to complete the request generated by user is provided by cloud 
   server.

   The proposed system authenticates the fog server using OTP based
   technique. After defined time slot, the cloud server sends the OTP 
   to fog servers. If the OTP is verified, then the fog server is 
   authentic otherwise it is attacked and impersonated by attacker. 





 


F. Naqshbandi, K. Verma  Expires February 8, 2019                [Page 4]

INTERNET DRAFT Hybrid Algorithm to enhance Authentication in Fog Computing  August 8, 2018


         +------------------------------------------------------------+ 
         |           +--------------------------------------+         |   
         |           |                                      |         | 
         |           |           Cloud Server               |         |   
         |           |                                      |         |   
         |           +--------------------------------------+         | 
         |                    |                2|                     | 
         |                    |                 |3                    | 
         |                   1|           +-----------------------+   | 
         |                    |           |                       |   | 
         |                    |4          |       Fog Server      |   | 
         |                    |           |                       |   | 
         |                    |           +-----------------------+   | 
         |                    |                    5|                 | 
         |                    |                     |6                | 
         |               +------------------------------------+       | 
         |               |                                    |       | 
         |               |            User Node               |       | 
         |               |                                    |       | 
         |               +------------------------------------+       | 
         |                                                            | 
         +------------------------------------------------------------+

   1. User node sends request to access service along with credentials
   encrypted.

   2. Fog server send request for its authentication.

   3. If fog server is authenticated, then its location is stored in
   database.

   4. If the user is authenticated, then service is grant to nearest fog
   server.

   5. Whenever the service has to be accessed, the communication with
   fog server starts.

   6. Fog server responds to user node by providing appropriate
   decisions.


6  IANA Considerations

   Nil


7 Other Considerations 

 


F. Naqshbandi, K. Verma  Expires February 8, 2019                [Page 5]

INTERNET DRAFT Hybrid Algorithm to enhance Authentication in Fog Computing  August 8, 2018


   The hashing function that is being used in SHA3 should have large
   function values so that attacker cant' decrypt.

8 Conclusions

   This document discusses an efficient scheme for enhancing the
   authenticity of users and fog nodes by the cloud server. It is a two
   step technique that uses homomorphic encryption while establishing
   the connection of the data.

9 References

   [1] Al Hamid, Hadeal Abdulaziz, et al. "A security model for
   preserving the privacy of medical big data in a healthcare cloud
   using a fog computing facility with pairing-based cryptography." 
   IEEE Access 5 (2017): 22313-22328.

   [2] Abbasi, Bushra Zaheer, and Munam Ali Shah. "Fog computing:
   Security issues, solutions and robust practices." Automation and
   Computing (ICAC), 2017 23rd International Conference on. IEEE, 2017.

   [3]Wang, Tian, et al. "A three-layer privacy preserving cloud 
   storage scheme based on computational intelligence in fog computing
   ." IEEE Transactions on Emerging Topics in Computational 
   Intelligence 2.1 (2018): 3-12.

   [4]Liu, Ximeng, et al. "Hybrid privacy-preserving clinical decision
   support system in fog-cloud computing." Future Generation Computer
   Systems 78 (2018): 825-837.

   [5]Sneyers, Jon, and Pieter Wuille. "FLIF: Free lossless image 
   format based on MANIAC compression." Image Processing (ICIP), 2016
   IEEE International Conference on. IEEE, 2016.

   [6] Van Dijk, Marten, et al. "Fully homomorphic encryption over 
   the integers." Annual International Conference on the Theory and
   Applications of Cryptographic Techniques. Springer, Berlin,
   Heidelberg, 2010.


9.1  Normative References

   [1]Brakerski, Zvika, and Vinod Vaikuntanathan. "Fully homomorphic
   encryption from ring-LWE and security for key dependent messages."
   Annual cryptology conference. Springer, Berlin, Heidelberg, 2011.
9.2  Informative References

   [1]Gentry, Craig, and Dan Boneh. A fully homomorphic encryption
 


F. Naqshbandi, K. Verma  Expires February 8, 2019                [Page 6]

INTERNET DRAFT Hybrid Algorithm to enhance Authentication in Fog Computing  August 8, 2018


   scheme. Vol. 20. No. 09. Stanford: Stanford University, 2009.

   [2]Brakerski, Zvika, and Vinod Vaikuntanathan. "Efficient fully
   homomorphic encryption from (standard) LWE." SIAM Journal on
   Computing 43.2 (2014): 831-871.


10 Acknowledgements 

   This document is prepared for M. Tech 2 year Major Project in
   National Institute of Technology, Delhi (grant funded by the India
   government (MHRD).

Authors' Addresses


   Faraz Ahmad Naqshbandi
   M. Tech Student
   Department of Computer Science & Engineering 
   National Institute of Technology, Delhi
   Narela, Delhi-110040, INDIA
   Phone: +91- 9796666996
   EMail: 172211004@nitdelhi.ac.in

   Karan Verma
   Assistant Professor
   Department of Computer Science & Engineering 
   National Institute of Technology, Delhi
   Narela, Delhi-110040, INDIA
   Phone: +91- 7568169258
   EMail:  karan.verma.phd@gmail.com


















F. Naqshbandi, K. Verma  ExpiresFebruary 8, 2019                [Page 7]