Securing network operations in a distributed environment is essential for today’s communications yet is complex. Different than client /server architecture a distributed environment may contain peer to peer, overlay or arbitrary distributed network protocols without a centralized server for network control, and authentication has to be conducted in a distributed way to deal with malicious nodes in the network. In this paper we study authentication in a distributed environment for detecting malicious nodes when they launch attacks or disrupt applications. We propose a virtual authentication ring architecture and present a token ring authentication algorithm for detecting malicious nodes
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Rowstron A. and Druschel. P. Pastry: Scalable, distributed object location and routing for largescale peer-to-peer systems. In Proc. IFIP/ACM Middleware 2001, Heidelberg, Germany, 2001.
Baruch Awerbuch and Christian Scheideler. Towards a scalable and robust DHT. In SPAA’06: Proceedings of the eighteenth annual ACM symposium on Parallelism in algorithms and architectures, 2006, pages 318.327,
Matthew Caesar et al. Virtual ring routing: network routing inspired by DHTs. In SIGCOMM’06: Proceedings of the 2006 conference on Applications, technologies, architectures, and protocols for computer communications, 2006, pages 351.362.
Miguel Castro et al. Secure routing for structured peer-to-peer overlay networks. SIGOPS Oper. Syst. Rev., 36(SI):299.314, 2002.
Prashant Dewan and Partha Dasgupta. Pride: peer-to-peer reputation infrastructure for decentralized environments. In WWW Alt. ’04: Proceedings of the 13th international World Wide Web conference on Alternate track papers & posters, 2004, pages 480.481.
John R. Douceur and Jon Howell. Byzantine Fault Isolation in the Farsite Distributed File System. In IPTPS. ’06: Proceedings of the 5th International Workshop on Peer-to-Peer Systems, Santa Barbara,CA,USA, February 2006.
J. Kohl and C. Neuman. The kerberos network authentication service, 1993.
Naoum Naoumov and Keith Ross. Exploiting p2p systems for ddos attacks. In InfoScale’06: Proceedings of the 1^st international conference on Scalable information systems, 2006, page 47.
Sylvia Ratnasamy et al. A scalable content-addressable network. In SIGCOMM’01: Proceedings of the 2001 conference on Applications, technologies, architectures, and protocols for computer communications, 2001, pages 161.172.
Emil Sit and Robert Morris. Security Considerations for Peer-to-Peer Distributed Hash Tables. In IPTPS’01: Revised Papers from the First International Workshop on Peer-to-Peer Systems, 2002, pages 261.269, London, UK.
Mudhakar Srivatsa and Ling Liu. Vulnerabilities and Security Threats in Structured Overlay Networks: A Quantitative Analysis. In ACSAC’04: Proceedings of the 20th Annual Computer Security Applications Conference (ACSAC’04), pages 252.261, Washington, DC, USA, 2004.
Ion Stoica et al . Chord: A Scalable Peer to peer Lookup Service for Internet Applications. In Proceedings of ACM SIGCOMM’01, UC San Diego, CA, USA, August 2001.
Dan S. Wallach. A Survey of Peer-to-Peer Security Issues.
B.Y. Zhao, J.D. Kubiatowicz, and A.D. Joseph. Tapestry: An infrastructure for fault-resilient wide-area location and routing. Technical Report. UMI Order Number: CSD-01-1141, University of California at Berkeley. 2001.
HAvard Johansen et al. Fireflies: Scalable Support for Intrusion-Tolerant Network Overlays. Eurosys 2006. Leuven, Belgium. April 2006.
Yih-Chun Hu et al. Efficient Security Mechanisms for Routing Protocols, In Proceedings of the Tenth Annual Network and Distributed System Security Symposium (NDSS 2003), pp. 57.73, ISOC, San Diego, CA, February 2003.
Richard BEejtlich, The TAO of Network Security Monitoring, ISBN:0-321-24677-2
Prahlad Fogla and Wenke Lee, Evading Network Anomaly Detection Systems: Formal Reasoning and Practical Techniques, CCS’06: Proceedings of the 13th ACM conference on Computer and communications security, pages 59.68, Alexandria, Virginia, USA
K. Wang and S. Stolfo. Anomalous payload-based network intrusion detection. In Recent Advances in Intrusion Detection (RAID), 2004.
K. Wang and S. Stolfo. Anomalous payload-based worm detection and signature generation. In Recent Advances in Intrusion Detection (RAID), 2005.
C. Kruegel and G. Vigna. Anomaly detection of web-based attacks. In Proceedings of the ACM Conference on Computer and Communication Security (ACM CCS), pages 251–261, 2003.
R. Sekar et al. Specification-based anomaly detection: A new approach for detecting network intrusions. In Proceedings of the ACM conference on Computer and communications security (ACM CCS), 2002.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2007 Springer
About this chapter
Cite this chapter
Li, N., Lee, D. (2007). Virtual Authentication Ring for Securing Network Operations. In: Labiod, H., Badra, M. (eds) New Technologies, Mobility and Security. Springer, Dordrecht. https://doi.org/10.1007/978-1-4020-6270-4_27
Download citation
DOI: https://doi.org/10.1007/978-1-4020-6270-4_27
Publisher Name: Springer, Dordrecht
Print ISBN: 978-1-4020-6269-8
Online ISBN: 978-1-4020-6270-4
eBook Packages: EngineeringEngineering (R0)