Russian Call Girls in Nagpur Grishma Call 7001035870 Meet With Nagpur Escorts
A New Security Model For Distributed System
1. A New Collaborative Trust
Enhanced Security Model
for Distributed System
By: Sanoj (MU10CO13)
Tileswar Nath(MU10CO12)
2. Introduction
• A distributed system is susceptible to a variety of security threats.
• A principal can impersonate other principal and authentication becomes
an important requirement
• Authentication is a process by which one principal verifies the identity of
other principal.
• In one way authentication only one principal verifies the identity of the
other principal.
• In mutual authentication both communicating principals verify each
other’s identity.
3. Proposed Approach
• The proposed approach enhances the performance of complete system by
sharing the authentication workload among all other nodes.
• Agent based system with various functionalities as monitoring the
servers, balancing the load of service providers and service request in case
of unavailability of servers.
4. Features of proposed approach
Assumptions
client must have to share some resources such as processor, some basic
services etc., in order to access the existing resources and services of the
distributed system.
Client has to inform about duration of its availability in the distributed
system to SuperHost.
5. Load Balancing
An agent system is used to balance the load of service providers.
Agent records the service registries and maximum load that a server can
handle in terms of clients.
Agent allocates the list of below loaded servers to client. Whenever a
client requests for a service, agent provides the references of servers
according to their load status.
if all the servers are overloaded for the requested service, the agent
system can play the role of server by itself.
6. Life time for client and server
The life time of client and server is controlled by SuperHost. However the
client and server can also make an explicit leaving request to SuperHost.
In the former case, at the time of joining the system, SuperHost informs
client about its life time. If client remains idle for a predefined period of
time, the SuperHost can assume the client from the system implicitly
assuming that client does not want to continue with this system.
7. Components of CTES model
SuperHost
SuperHost is the trustworthy node which acts as central controller of
systems.
This system is also responsible to investigate the client about its
trustworthiness, to monitor the life time of clients and servers.
It provides various to users related to its operation such as record
update, reference of Authentication Server (AS) to client and reference of
agent to server respectively
8. Key Distribution Center (KDC)
KDC (Key Distribution Center) is a collective name for AS (Authentication
Server) and TGS (Ticket Granting Server) .
Each client contacts AS to receive TGT (Ticket- Granting Ticket) and then
TGS to receive a session key and a SGT (Service-Granting Ticket) before
making a request for services.
9. Agent
An agent system registers the services offered by servers, keeps load status of
service providers, provides the list of servers on request of client, and serves the
request of client in case of unavailability of service providers.
Client
Any new node registered by the SuperHost is termed as client node. Each
node is required to send a request to SuperHost at the time of joining the
system
A unique client_id has been assigned to each client by SuperHost. A client can
make requests for services and resources in the distributed system for which it
has to authenticate through the KDC.
Server
Server is a service provider which is authorized by the SuperHost to
provide services in the distributed system.
10. CTES Model for Client
Joining of a client
1. Client ---> SuperHost
Client requests the SuperHost for registration by giving its identity and
capability list. Capability list includes the list of resources and basic services
owned by the node. SuperHost recognizes him as a client.
2. SuperHost --->Client SuperHost displays an agreement for the registration
to the client which means that each client has to follow the rules and policies
mentioned in the agreement. For this SuperHost demands the capability list
of the client.
11. 3. Client --->SuperHost
Client provides capability list to SuperHost. The capability list contains a list of
objects to which the process has right to access. In the proposed model, it
consists of available resources and basic services that client holds.
4. SuperHost--->Client
At the end of this process, SuperHost stores the reference and details of new
client for the use by itself and other nodes of the system administration.
SuperHost also provides a client_id to the client for its authentication. This
client_id is the result of a crypto-based function (generally user defined).
12. Service request by a client
Step 1: Authentication by KDC
1. Client ---> AS
The Client requests AS with its Client_id for TGT (Ticket Granting Ticket).
2. AS --->Client
The AS checks to existence of the client from SuperHost. If it is, the AS returns
a session key (for the communication from client to TGS) in encrypted form
using the password of the client and Ticket-Granting Ticket which includes the
Client_id, client network address, ticket validity period and client/TGS session
key in encrypted form using the secret key of the TGS.
13. 3. Client ---> TGS
After receiving the reply from the AS, client decrypts the session key with its
password. Here client sends the TGT to TGS.
4. TGS ---> Client
TGS decrypts the message with its own secret key and returns the reference
of Agent system with a session key to access the service.
14. Step 2: Request for references of servers to agent
1. Client ---> Agent
In the first step of this process, client makes a request to agent for some
service with client_id and a valid session-id for authentication.
2. Agent ---> Client
Agent searches the requested service in its database and if it finds, it checks
the load status of the server. Agent provides the reference according to the
load status of servers, that is, underloaded to client.
15. 3. Client --->Server
After receiving a list of servers for the requested service, client is free to make
a new request to any of the server. Client sends client_id and service name in
request message to destined server
4. Server --->Client
As server receives a request from any of the clients, it updates its load and
also sends a load update message to Agent. Server provides service to the
client and charges for the service.
16. Conclusion
• This paper makes an attempt to build a trustworthy system using Kerberos
extended by trust and its requirement in the distributed system.
• For this both authorization and authentication aspects are considered. The
proposed approach provides a promising solution with trust policies as
authorization semantics.
• A Reactive agent system is proposed in order to balance the load of
systems and to maintain the list of services and servers.
• Distributing the authentication workload in an efficient manner enhances
the overall performance of the system