A User Authentication Method for M2M Environments | SpringerLink

A User Authentication Method for M2M Environments Jin-Mook Kim, Hwa-Young Jeong and Bong-Hwa Hong

Abstract The request about green IT technology is increasing recently. M2M is more request to IT Technology for Cloud computing. And effective use request of computer resource is increasing. So, necessity about Cloud computing is increasing rapidly thereby. However, Cloud computing environment have big security problems because embody using virtualization technology. It is Authentication that must solve in Cloud computing environment urgently. Therefore, we wishes to propose protocol that can solve suitable user and services certification in cloud computing environment. An novel authentication protocol that based on Kerberos. But it is faster than Kerberos and implement is easy. Keywords Authentication


Cloud computing

1 Introduction An interest about the cloud computing techniques is increasing rapidly for efficient use about the Green-IT technology and confined computer resource recently. J.-M. Kim (&) Department of Information Technology Education, Sunmoon University, Cheonan, South Korea e-mail: [email protected] H.-Y. Jeong
B.-H. Hong Department of Information & Telecommunication, Kyunghee Cyber University, Seoul, South Korea e-mail: [email protected] B.-H. Hong e-mail: [email protected]

James J. (Jong Hyuk) Park et al. (eds.), Computer Science and Convergence, Lecture Notes in Electrical Engineering 114, DOI: 10.1007/978-94-007-2792-2_56,  Springer Science+Business Media B.V. 2012

589

590

J.-M. Kim et al.

The cloud computing technique refers to computing ability that take advantage of internet technology and offer IT resources (Software, Storage, Server, Network) that is done virtualized service. Because of the cloud computing is based on virtual technology. Those have characteristic that all systems can act as server compare with existent server-client environment. It can lend idleness IT resources through this to necessary user effectively, reduce purchase expense of IT resources, and have usable characteristic effectively. If examine same native place about cloud computing, abroad proposed in Google by first and Amazon, Microsoft, Oracle, IBM, Yahoo, and so on show high interest. But in domestic, government cleared market scale that plan to rear until hereafter 2014 being early state because original-technology is insufficient.

2 Related Work 2.1 Security Threats As before, the cloud computing is embodied through virtualization technique. Therefore, they have much difficulty to apply developed security services that is suitable to existent server-client environment. We show security threat elements in the cloud computing environment on Table 1. Security threats

Explain

Malware Outflow of information Denial of service Authentication

Transmission malignancy code using user request feign Leakage of importance information by inner user Service refusal attack through recursive service requests User certification about virtual machine

It is an authentication service that should be solved as is most urgent among security threat elements appear in Table 1. A user authentication service that when user wishes to use IT-resources, decide permission availability, and use possibility degree for IT-resources.

2.2 Authentication Service The famous authentication service is two kinds. That is a Kerberos and PKI. The Kerberos have a Ticket Server (TS) between user and application server to provide user requested service. TS make the ticket and forward to user. When a application server received ticket from user, using ticket test authentication by TS.

A User Authentication Method

591

Table 1 Font sizes of headings. Table captions should always be positioned above the tables Heading level Example Font size and style Title (centered) 1st-level heading 2nd-level heading 3rd-level heading 4th-level heading

Lecture Notes … 1 Introduction 2.1 Printing Area Headings. Text follows … Remark. Text follows …

14 12 10 10 10

point, point, point, point, point,

bold bold bold bold italic

Fig. 1

And application server response to user can be service that is user wanted. This process displayed in Fig. 1. The Public Key Infrastructure (PKI) is to examine authenticate that CA that is the third trust engine issue, and issues certificate to users using public key cipher system and offer certificate about user. It shows to Fig. 2. The Kerberos or PKI have much difficult because it have much problems for applies in cloud computing environment. Because a Kerberos uses asymmetric key cipher system, Ticket server issues ticket each user for authentication particularly. And Ticket server must store this. Therefore, Ticket server has much overhead about huge ticket issued history. And the PKI establishes CA that issue certificate that is very big load to use in cloud computing environment that changed network condition. So, we wishes to propose a more efficient secure authentication protocol that is based public key cryptographic method and modified exist the Kerberos authenticate server. We address our propose protocol more detail in Chap. 3.

3 A User Authentication Method (AUAM) 3.1 Architecture of AUAM A propose protocol in this treatise shows Fig. 3. We compose Authentication Server (AS) and CPS that served various cloud computing services. Table 2 shows terminologies that use in proposal scheme.

592

J.-M. Kim et al.

Fig. 2

Fig. 3

3.2 Procedure of AUAM 3.2.1 Initial Procedure Our proposal scheme has two preconditions. (1) Protocol gets two-level acts for user register and service request. (2) For user authentication that use public-key cipher system at initial procedure. Initial procedure that run user register and user authentication explain in Fig. 3. Initial procedure is consisted of two detail sub procedures. (1) First, User sends ID, Password to AS for user registration check. An AS makes Random Number and that encodes by Session Key to CPS. This time, a CPS confirms EAS using store user ID, RND to user list.

A User Authentication Method

593

Table 2 Font sizes of headings. Table captions should always be positioned above the tables Identifiers Explain ID, PW # RND M TS OTP AS SAS CPS Enkey[M] Dekey[M] s_key h(M) {a||b} Pu_key Pr_key service# ,(comma) Req_AN

User id, password Number stream Pseudo random number Message (plaintext) Time stamp One time password Authentication server Superior authentication server Cloud-service provide server Encryption to M using key Decryption to M using key Session key Make a message digest using Hash Function Concatenates a data ‘a’ and ‘b’ A public key on the asymmetric key algorithm A private key on the asymmetric key algorithm A service number Separator Request authentication number

(2) If User transmits encrypted Service # and ID to CPS for service request, then a CPS searching ID in stored user list. And confirm service # that is decrypt using fined random number. A CPS make Service number confirm information and send to user. A user and AS, and CPS create initial authentication information and have process that exchange mutually preparing on user register and service request using RND.

3.2.2 Authentication Procedure Figure 4 explain about service authentication request and confirm procedure. A user AS and CPS has three steps service authentication request process. It is process that user transmits information for user authentication via AS for service request to CPS at first step and AS and CPS confirm. Second process that CPS supplies authentication information via AS for user authentication confirms result to user. AS delivers service that user requires to CPS at three steps in right case because follow one step and two step with upside and CPS flows user authentication from AS with user. So we can prevent, and can keep away variation about service request in midway beforehand about security attack that user through above service request and certification procedure disguises social position to gouge CPS. Also, user can detect a man-in-the-middle attack.

594

J.-M. Kim et al.

Fig. 4

4 Evaluations We evaluate the Kerberos and PKI with our proposal scheme for compare performance, user accessibility in this chapter. It is display in Table 3.

User authentication Message authentication Usability Efficiency

Kerberos

PKI

Proposal

Symmetric None Normal Fast

Asymmetric Possible Normal Slow

Hybrid Possible More More

A proposed authentication protocols is expected that initial system lag time happens relatively comparing with the Kerberos. However, latency may not affect great total operating time. And propose scheme do not need more troublesome procedure that is cross authentication like a PKI. We described comparative analysis for our proposal against by exist the Kerberos and a PKI. However, this is logical vantage point. So, we will compare characteristics of other various systems with our proposal system on open cloud computing environment hereafter.

A User Authentication Method

595

5 Conclusion We are proposed basic idea about effective and more secure user and service authentication protocol in cloud computing environment in this treatise. The cloud computing is high utilization convenience and is receiving ream by next generation internet service because industrial ripple effect is too big. However, it is convenient however and if security service problem is not decided beforehand although industrial expectation effect is high, it may be dead loss. So, we propose an new idea that can solve user and service authentication protocol in cloud computing environment. It can support access control, user authentication, message integrity. Forward we try to solve our proposal scheme have many weakness near future.

References 1. Thomas D (2008) Enabling application agility-software as a service, Cloud computing and dynamic languages. J Object Technol 7(4), May–June 2008 2. Lawton G (2008) Developing software online with platform-as-a-service technology. Comput, June 2008 3. Amazon (2008) Amazon Web Service: Overview of Security Process. http://aws.amazon.com, white paper, Sep. 2008 4. Armbrust M (2009) Above the Clouds: A Berkley View of Cloud Computing. http:// radlab.cs.berkeley.edu 5. Amazon Elastic Compute Cloud (Amazon EC2). http://aws.amazon.com/ec2 6. Amazon Simple Storage Service (Amazon S3). http://aws.amazon.com/s3