Dynamic Authentication for Cross-Realm SOA-Based Business Processes
Abstract:
Modern distributed business applications are embedding an increasing degree of automation and dynamism, from dynamic supply-chain management, enterprise federations, and virtual collaborations to dynamic service interactions across organizations. Such dynamism leads to new challenges in security and dependability. In Service-Oriented Architecture (SOA), collaborating services may belong to different security realms but often need to be engaged dynamically at runtime. If a cross-realm authentication relationship cannot be generated dynamically at runtime between heterogeneous security realms, it is technically difficult to enable dynamic business processes through secure collaborations between services. A potential solution to this problem is to generate a trust relationship across security realms so that a user can use the credential in the local security realm to obtain the credentials to access resources in a remote realm. However, the process of generating such kinds of trust relationships between two disjoint security realms is very complex and time consuming, which could involve a large number of extra operations for credential conversion and require collaborations in multiple security realms. In this paper, we propose a new cross-realm authentication protocol for dynamic service interactions. This protocol does not require credential conversion or establishment of authentication paths.
Algorithm / Technique used:
Diffie -HellmanAlgorithm.
Algorithm Description:
Diffie-Hellman key exchange offers the best of both worlds -- it uses public key techniques to allow the exchange of a private encryption key! Let's take a look at how the protocol works, from the perspective of Alice and Bob, two users who wish to establish secure communications. We can assume that Alice and Bob k...
The Diffie-Hellman Key Exchange Algorithm is used to by two parties to create a session key. The two parties go through a 4 step process to generate the key. In order for an attacker to obtain the key, he/she must face the discrete logrithm problem. Here are the steps.
1: Station A or Station B selects a large, secure prime number p and a primitive root a (mod p). Both p and a can be made public.
2: Station A chooses a secret random x with 1 <= x <= p-2, and Station B selects a secret random y with 1 <= y <= p-2.
3: Station A send a^x (mod p) to Station B, and Station B sends a^y (mod p) to Station A.
4:Using the messages that they each have received, they can each calculate the session key K. Station A calculates K by K congruent to (a^y)^x (mod p), and Station B calculates K by K congruent to (a^x)^y (mod p).
System Architecture:
Existing System:
In Service-Oriented Architecture (SOA), collaborating services may belong to different security realms but often need to be engaged dynamically at runtime. If a cross-realm authentication relationship cannot be generated dynamically at runtime between heterogeneous security realms, it is technically difficult to enable dynamic business processes through secure collaborations between services. A potential solution to this problem is to generate a trust relationship across security realms so that a user can use the credential in the local security realm to obtain the credentials to access resources in a remote realm. However, the process of generating such kinds of trust relationships between two disjoint security realms is very complex and time consuming, which could involve a large number of extra operations for credential conversion and require collaborations in multiple security realms. In this paper, we propose a new cross-realm authentication protocol for dynamic service interactions. This protocol does not require credential conversion or establishment of authentication paths.
Proposed System: