Authentication over Internet Protocol

• Autorzy: Apiecionek Ł. , Czerniak J. M. , Romantowski M. , Ewald D. , Tsizh B. , Zarzycki H. , Dobrosielski W. T.

Identyfikatory

DOI

10.24425/bpasts.2020.131846

• Języki publikacji: EN

Abstrakty

EN

Defending against DoS (denial of service) attacks has become a great challenge, especially for institutions that provide access to their services in the public network. State-of-the-art identity concealing tools and vast number of computers connected to the network require ensuring appropriate means for entities at risk to enable defence from the particular type of threats. This article presents a concept of user authentication in IP communication. The concept consists in providing the receiver with the possibility to determine sender՚s identity at the Internet layer level. This provides both the capability of defence against DoS attacks and possibility of utilizing the presented model over existing Internet network, which is directly responsible for transmission. The authors hope that the concept is a significant step in the perception of public network data transmission.

Słowa kluczowe

EN

network security; communication; Internet Protocol; DoS attacks

• Wydawca: Polska Akademia Nauk, Wydział IV Nauk Technicznych
• Czasopismo: Bulletin of the Polish Academy of Sciences. Technical Sciences
• Rocznik: 2020
• Tom: Vol. 68, nr 2
• Strony: 245--253
• Opis fizyczny: Bibliogr. 31 poz., rys., tab.

Twórcy

autor

Apiecionek Ł.

• Institute of Technology, Department of Computer Science, Kazimierz Wielki University, Poland

autor

Czerniak J. M.

• Institute of Technology, Department of Computer Science, Kazimierz Wielki University, Poland

autor

Romantowski M.

• Institute of Technology, Department of Computer Science, Kazimierz Wielki University, Poland

autor

Ewald D.

• Institute of Technology, Department of Computer Science, Kazimierz Wielki University, Poland

autor

Tsizh B.

• Prof. Stepan Gzhytsky National University of Veterinary Medicine and Biotechnologies Lviv, Ukraine

autor

Zarzycki H.

• University of Information Technology and Managment Copernicus, ul. Inowrocławska 56, 53-648 Wrocław, Poland

autor

Dobrosielski W. T.

• Institute of Technology, Department of Computer Science, Kazimierz Wielki University, Poland

Bibliografia

• [1] C.E. Shannon, “A mathematical theory of communication”, The BELL System Technical Journal 27, 379–423 and 623–656 (1948).
• [2] IBM Knowledge Center, (last modified 2012) [Online]. Available: http://publib.boulder.ibm.com/infocenter/eserver/v1r2/index.jsp? topic=%2Fewlminfo%2Feicaawkldbalancing.htm [Accessed: 22-Feb-2020].
• [3] B. Dowling and K. Paterson, “A cryptographic analysis of the wireguard protocol”, in ACNS, 2018.
• [4] RSA Laboratories. PKCS 1 v2.1: RSA Cryptography Standard June 2002, (last modified 2012) [Online]. Available: ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2- 1.pdf [Accessed: 22-Feb-2020].
• [5] Open source router and firewall platform, (last modified 2019) [Online]. Available: https://vyos.io [Accessed: 22-Feb-2020].
• [6] “Standards for efficient cryptography.” Technical report, SEC 1: Elliptic Curve Cryptography, 2012.
• [7] D. Mazur, A. Paszkiewicz, M. Bolanowski, G. Budzik, and M. Oleksy, “Analysis of possible sdn use in the rapid prototyping pro-cess as part of the industry 4.0”, Bull. Pol. Ac.: Tech., 67(1), 21‒30 (2019).
• [8] Rewolucja w bezpiecznych połączeniach VPN z WireGuard, (last modified 2019) [Online]. Available: https://www.hostersi.pl/rewolucja-wbezpiecznychpolaczeniach-vpn-z-wireguard/ [Accessed: 22-Feb-2020].
• [9] “Request for comments 791, protocol specification.” Technical report, Information Sciences Intitute, September 1981.
• [10] SHA-3 project, (last modified 2019) [Online]. Available: https://csrc.nist.gov/projects/hash-functions/sha-3-project [Accessed: 22-Feb-2020].
• [11] Kerberos FAQ, v2.0, (last modified 2000) [Online]. Available: http://www.faqs.org/faqs/kerberos-faq/general/ [Accessed: 22-Feb-2020].
• [12] R. Rivest, “Request for comments: 1321, The MD5 messagedigest Algorithm”, Network Working Group, April 1992.
• [13] C. Neuman, T. Yu, S. Hartman, and K. Raeburn. “The kerberos network authentication service (v5). Request for Comments: 4120”, Network Working Group, 2005.
• [14] C. L. Schuba, M. G. Huhn, E. H. Spafford, and A. Sundaram. “Analysis of a denial of service attack on tcp.” Computer Science Technical Reports, 1327, 1996.
• [15] R.K.C. Chang, “Defending against flooding-based distributed denial-of-service attacks: a tutorial”, IEEE Commun. Mag. 40, 42‒51 (2002).
• [16] D. Moore, G.M. Voelker, and S. Savage. “Inferring internet denial-of-service activity”, ACM Trans. Comput. Sys. 24, 115–139 (2006).
• [17]P. Pietkiewicz, K. Nalepa, W. Miąskowski, and M. Wilamowska-Korsak, “A system for monitoring and controlling a thermal energy store and an energy capture system”, Bull. Pol. Ac.: Tech., 66(6), 941‒946 (2018).
• [18]VYATTA, (last modified 2008) [Online]. Available: http://www.vyatta.com [Accessed: 22-Feb-2020].
• [19]M. Chiang and A.R. Calderbank. “Layering as optimization decomposition: A mathematical theory of network architectures”, Proceedings of the IEEE, 95, 255–312 (2007).
• [20]J.K. Millen, “A resource allocation model for denial of service”, IEEE Computer Society Symposium, 137–147 (1992).
• [21]S. Kent and K. Seo, “Request for comments: 4301, security architecture for the internet protocol.” NetworkWorking Group, December 2005.
• [22]S. Kent, “Request for comments: 4302, ip authentication header.” Network Working Group, December 2005.
• [23]GNU shishi, (last modified 2002) [Online]. Available: http://www.gnu.org/software/shishi/ [Accessed: 22-Feb-2020].
• [24]M.A. Sirbu and J.C.I. Chuang, “Distributed authentication in kerberos using public key cryptography”, Network and Distributed System Security, 134–141 (1997).
• [25] B.C. Neuman and T. Ts’o, ”Kerberos: an authentication service for computer networks”, IEEE Commun. Mag., 32, 33‒38 (1994).
• [26] Heimdal kerberos and security software, (last modified 2008) [Online]. Available: http://www.h5l.org/ [Accessed: 22-Feb-2020].
• [27] C. Meadows, “A formal framework and evaluation method for network denial of service”, IEEE Computer Security Foundations Workshop, 4–13 (1999).
• [28] “Digital signature standards (dss).” Technical Report vol. 74, pp. 27287‒27288, National Institiute of Standards and Technology.
• [29] Microsoft NTLM, (last modified 2012) [Online]. Available: http://msdn.microsoft.com/enus/ library/ windows/desktop/aa378749(v=vs.85).aspx [Accessed: 22-Feb-2020].
• [30] J. Donenfeld, “Wireguard: Next generation kernel network tunnel”, in 24th Annual Network and Distributed System Security Symposium, (2017).
• [31] K. Park and H. Lee, “On the effectiveness of probabilistic packet marking for ip traceback un-der denial of service attack”, Computer Science Technical Reports, (2007).

Uwagi

PL

Opracowanie rekordu ze środków MNiSW, umowa Nr 461252 w ramach programu "Społeczna odpowiedzialność nauki" - moduł: Popularyzacja nauki i promocja sportu (2020).