Yuanyuan Yang, Hui Li, Xiangdong Cheng, Xin Yang, Yaoguang Huo
{"title":"A High Security Signature Algorithm Based on Kerberos for REST-style Cloud Storage Service","authors":"Yuanyuan Yang, Hui Li, Xiangdong Cheng, Xin Yang, Yaoguang Huo","doi":"10.1109/UEMCON51285.2020.9298140","DOIUrl":null,"url":null,"abstract":"The Representational State Transfer (REST) is a distributed application architecture style which adopted on providing various network services. The identity authentication protocol Kerberos has been used to guarantee the security identity authentication of many service platforms. However, the deployment of Kerberos protocol is limited by the defects such as password guessing attacks, data tampering, and replay attacks. In this paper, an optimized Kerberos protocol is proposed and applied in a REST-style Cloud Storage Architecture. Firstly, we propose a Lately Used Newly (LUN) key replacement method to resist the password guessing attacks in Kerberos protocol. Secondly, we propose a formatted signature algorithm and a combination of signature string and time stamp method to cope with the problems of tampering and replay attacks which in deploying Kerberos. Finally, we build a security protection module using the optimized Kerberos protocol to guarantee a secure identity authentication and the reliable data communication between the client and the server. Analyses show that the module significantly improves the security of Kerberos protocol in REST-style cloud storage services.","PeriodicalId":433609,"journal":{"name":"2020 11th IEEE Annual Ubiquitous Computing, Electronics & Mobile Communication Conference (UEMCON)","volume":"9 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2020-10-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2020 11th IEEE Annual Ubiquitous Computing, Electronics & Mobile Communication Conference (UEMCON)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/UEMCON51285.2020.9298140","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0
Abstract
The Representational State Transfer (REST) is a distributed application architecture style which adopted on providing various network services. The identity authentication protocol Kerberos has been used to guarantee the security identity authentication of many service platforms. However, the deployment of Kerberos protocol is limited by the defects such as password guessing attacks, data tampering, and replay attacks. In this paper, an optimized Kerberos protocol is proposed and applied in a REST-style Cloud Storage Architecture. Firstly, we propose a Lately Used Newly (LUN) key replacement method to resist the password guessing attacks in Kerberos protocol. Secondly, we propose a formatted signature algorithm and a combination of signature string and time stamp method to cope with the problems of tampering and replay attacks which in deploying Kerberos. Finally, we build a security protection module using the optimized Kerberos protocol to guarantee a secure identity authentication and the reliable data communication between the client and the server. Analyses show that the module significantly improves the security of Kerberos protocol in REST-style cloud storage services.
REST (Representational State Transfer, Representational State Transfer)是一种用于提供各种网络服务的分布式应用程序架构风格。身份认证协议Kerberos已被用于许多业务平台的安全身份认证。但是,Kerberos协议的部署受到密码猜测攻击、数据篡改和重放攻击等缺陷的限制。本文提出了一种优化的Kerberos协议,并将其应用于rest风格的云存储架构中。首先,我们提出了一种新的LUN密钥替换方法来抵御Kerberos协议中的密码猜测攻击。其次,我们提出了一种格式化的签名算法和签名字符串与时间戳相结合的方法,以应对部署Kerberos时存在的篡改和重放攻击问题。最后,我们使用优化的Kerberos协议构建了一个安全保护模块,以保证客户端和服务器之间的安全身份验证和可靠的数据通信。分析表明,该模块显著提高了rest风格云存储服务中Kerberos协议的安全性。
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
