idnits 2.17.1 draft-naqshbandi-kitten-hafc-00.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** There is 1 instance of lines with control characters in the document. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == The document doesn't use any RFC 2119 keywords, yet seems to have RFC 2119 boilerplate text. -- The document date (August 8, 2018) is 2085 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Missing Reference: '3' is mentioned on line 94, but not defined == Missing Reference: '4' is mentioned on line 94, but not defined -- Looks like a reference, but probably isn't: 'RFC2119' on line 108 == Missing Reference: '5' is mentioned on line 111, but not defined -- Possible downref: Non-RFC (?) normative reference: ref. '1' -- Possible downref: Non-RFC (?) normative reference: ref. '2' -- Possible downref: Non-RFC (?) normative reference: ref. '6' Summary: 1 error (**), 0 flaws (~~), 5 warnings (==), 5 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 1 F. Naqshbandi 2 INTERNET-DRAFT NIT, Delhi 3 Intended Status: Standards Track K. Verma 4 Expires: February 8, 2019 Assistant Professor 5 NIT, Delhi 7 August 8, 2018 9 Hybrid Algorithm to enhance Authentication in Fog Computing 10 draft-naqshbandi-kitten-hafc-00.txt 12 Status of this Memo 14 This Internet-Draft is submitted to IETF in full conformance with 15 the provisions of BCP 78 and BCP 79. 17 Internet-Drafts are working documents of the Internet Engineering 18 Task Force (IETF), its areas, and its working groups. Note that 19 other groups may also distribute working documents as 20 Internet-Drafts. 22 Internet-Drafts are draft documents valid for a maximum of six 23 months and may be updated, replaced, or obsoleted by other 24 documents at any time. It is inappropriate to use Internet-Drafts 25 as reference material or to cite them other than as 26 "work in progress." 28 The list of current Internet-Drafts can be accessed at 29 http://www.ietf.org/1id-abstracts.html 31 The list of Internet-Draft Shadow Directories can be accessed at 32 http://www.ietf.org/shadow.html 34 Copyright and License Notice 36 Copyright (c) 2018 IETF Trust and the persons identified as the 37 document authors. All rights reserved. 39 This document is subject to BCP 78 and the IETF Trust's Legal 40 Provisions Relating to IETF Documents 41 (http://trustee.ietf.org/license-info) in effect on the date of 42 publication of this document. Please review these documents 43 carefully, as they describe your rights and restrictions with 44 respect to this document. Code Components extracted from this 45 document must include Simplified BSD License text as described 46 in Section 4.e of the Trust Legal Provisions and are provided 47 without warranty as described in the Simplified BSD License. 49 Abstract 51 This document specifies the problem of attack on authenticity users. 52 The problem is discussed with respect to fog computing environment. 53 The threat exist when any user log in to access the service. 54 The two aspects are either the fog server is fake or the user node 55 is fake. The information stored on the server and transferred over 56 the connection. This information can be highly confidential and 57 sensitive. So to enhance security in this scenario, cloud server can 58 authenticate both the parties and establish the connection. There 59 are chances that it can get attacked and used by illegitimate users. 60 Therefore, there was an utmost need to increase the security on 61 authentication of the users. This document discusses a novel 62 approach to overcome the problem by using a hybrid approach. The 63 technique is based on user authentication and fog authentication 64 by cloud server. 66 Table of Contents 68 1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 69 2 Requirements Notation . . . . . . . . . . . . . . . . . . . . . 3 70 3 Terminology . . . . . . . . . . . . . . . . . . . . . . . . . . 3 71 4 Authentication Schemes . . . . . . . . . . . . . . . . . . . . . 3 72 5 Security Considerations. . . . .. . . . . . . . . . . . . . . . 4 73 6 IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 5 74 7 Other Considerations . . . . . . . . . . . . . . . . . . . . . . 5 75 8 Conclusions . . . . . . . . . . . . . . . . . . . . . . . . . . 6 76 9 References . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 77 9.1 Normative References . . . . . . . . . . . . . . . . . . . 6 78 9.2 Informative References . . . . . . . . . . . . . . . . . . 6 79 10 Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 7 80 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 7 82 1 Introduction 84 Fog computing is an advancement of cloud computing that came into 85 existence to reduce the load on the cloud server. When cloud 86 computing did not fulfil the client need like latency, data 87 overload, less computational speed to satisfy the need of clients 88 [1]. Fog servers were introduced as the intermediate layer to cloud. 89 They were connected to the clients all the time and sent the data 90 and data decisions to be saved to cloud server [2]. So for clients, 91 the efficiency of the server increased and for cloud server the 92 load also decreased by sharing with fog nodes. Every time when client 93 needs to connect to the fog node, they use their credentials to 94 login [3, 4]. But there was no system to authenticate the fog server 95 by the user node. In some scenarios,attacker can impersonate as the 96 fog server and communicate with the user node. This is serious 97 security threat on the system. Hence we need to authenticate both 98 user node as well the fog server. 100 2 Requirements Notation 102 In examples, "C:" , "F:" and "U:" indicate lines sent by the cloud 103 server, fog server and the user node respectively. 105 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 106 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 107 document are to be interpreted as described in RFC 2119 [RFC2119]. 109 3 Terminology 111 FLIF :FLIF[5] is a form of progressive interlacing (a generalization 112 of the Adam7 algorithm). This means that any partial download of a 113 compressed file can be used as a reasonable lossy encoding of the 114 entire image. 116 Homomorphic encryption[6]: It allows complex mathematical operations 117 to be performed on encrypted data without using the original data. 118 For plain texts X1 and X2 and corresponding cipher text Y1 and Y2. 119 A homomorphic encryption scheme permits the computation of X1 (.) X2 120 from Y1 and Y2 without using P1 (.) P2. The cryptographic system is 121 multiplicative or additive depending on the nature(.). 123 4 Authentication Schemes 125 Authentication refers to validation of identity to access the 126 resources. It can be broadly divided into 2 categories: User based 127 authentication and Message authentication. User based authentication 128 deals with verifying user's identity. This is done mainly in common 129 known systems of authentication. The basic one is called two phase 130 that deals with username and password. The three phase approach that 131 either deals third component along with earlier two phase ones. The 132 third component can be biometric image of face, fingerprint etc. or 133 one-time-password based (OTP) or security question. 135 Message authentication works on the basic principle on hashing. 136 Every message that is passed to authentication system. It gets 137 encrypted with hash function which gives the output as a hash value. 138 The hash value can then be stored easily. The main algorithms for 139 these functions are MD5, SHA1, SHA2 and SHA3. The major difference 140 between all the algorithms is on the basis of the key size that is 141 used in hashing. 143 5 Security Considerations 145 The general authentications algorithms have been used till now to 146 connect to the fog node. But the existing security threats demands 147 the authentication algorithm to be more randomized as possible. 148 Therefore, there is need of algorithms that encompasses the 149 properties of the user based algorithm along with the message 150 authentication algorithms. In this draft, we propose a hybrid 151 approach that uses homomorphic encryption on fingerprint based login 152 system to authenticate user. For authenticating the fog server, an 153 OTP based authentication technique along with homomorphic 154 encryption. 156 In our proposed hybrid system, an user logs in for using the cloud 157 service or fog service by providing the credentials(username, 158 password, fingerprint). Then the credentials are encrypted using 159 homomorphic encryption and sent to the server for authentication. 160 Once it reaches the server, then gets decrypted and verified. If the 161 user is legitimate, then the service is granted to the nearest fog 162 server which is already authenticated. The allotment of fog server 163 to complete the request generated by user is provided by cloud 164 server. 166 The proposed system authenticates the fog server using OTP based 167 technique. After defined time slot, the cloud server sends the OTP 168 to fog servers. If the OTP is verified, then the fog server is 169 authentic otherwise it is attacked and impersonated by attacker. 171 +------------------------------------------------------------+ 172 | +--------------------------------------+ | 173 | | | | 174 | | Cloud Server | | 175 | | | | 176 | +--------------------------------------+ | 177 | | 2| | 178 | | |3 | 179 | 1| +-----------------------+ | 180 | | | | | 181 | |4 | Fog Server | | 182 | | | | | 183 | | +-----------------------+ | 184 | | 5| | 185 | | |6 | 186 | +------------------------------------+ | 187 | | | | 188 | | User Node | | 189 | | | | 190 | +------------------------------------+ | 191 | | 192 +------------------------------------------------------------+ 194 1. User node sends request to access service along with credentials 195 encrypted. 197 2. Fog server send request for its authentication. 199 3. If fog server is authenticated, then its location is stored in 200 database. 202 4. If the user is authenticated, then service is grant to nearest fog 203 server. 205 5. Whenever the service has to be accessed, the communication with 206 fog server starts. 208 6. Fog server responds to user node by providing appropriate 209 decisions. 211 6 IANA Considerations 213 Nil 215 7 Other Considerations 216 The hashing function that is being used in SHA3 should have large 217 function values so that attacker cant' decrypt. 219 8 Conclusions 221 This document discusses an efficient scheme for enhancing the 222 authenticity of users and fog nodes by the cloud server. It is a two 223 step technique that uses homomorphic encryption while establishing 224 the connection of the data. 226 9 References 228 [1] Al Hamid, Hadeal Abdulaziz, et al. "A security model for 229 preserving the privacy of medical big data in a healthcare cloud 230 using a fog computing facility with pairing-based cryptography." 231 IEEE Access 5 (2017): 22313-22328. 233 [2] Abbasi, Bushra Zaheer, and Munam Ali Shah. "Fog computing: 234 Security issues, solutions and robust practices." Automation and 235 Computing (ICAC), 2017 23rd International Conference on. IEEE, 2017. 237 [3]Wang, Tian, et al. "A three-layer privacy preserving cloud 238 storage scheme based on computational intelligence in fog computing 239 ." IEEE Transactions on Emerging Topics in Computational 240 Intelligence 2.1 (2018): 3-12. 242 [4]Liu, Ximeng, et al. "Hybrid privacy-preserving clinical decision 243 support system in fog-cloud computing." Future Generation Computer 244 Systems 78 (2018): 825-837. 246 [5]Sneyers, Jon, and Pieter Wuille. "FLIF: Free lossless image 247 format based on MANIAC compression." Image Processing (ICIP), 2016 248 IEEE International Conference on. IEEE, 2016. 250 [6] Van Dijk, Marten, et al. "Fully homomorphic encryption over 251 the integers." Annual International Conference on the Theory and 252 Applications of Cryptographic Techniques. Springer, Berlin, 253 Heidelberg, 2010. 255 9.1 Normative References 257 [1]Brakerski, Zvika, and Vinod Vaikuntanathan. "Fully homomorphic 258 encryption from ring-LWE and security for key dependent messages." 259 Annual cryptology conference. Springer, Berlin, Heidelberg, 2011. 260 9.2 Informative References 262 [1]Gentry, Craig, and Dan Boneh. A fully homomorphic encryption 263 scheme. Vol. 20. No. 09. Stanford: Stanford University, 2009. 265 [2]Brakerski, Zvika, and Vinod Vaikuntanathan. "Efficient fully 266 homomorphic encryption from (standard) LWE." SIAM Journal on 267 Computing 43.2 (2014): 831-871. 269 10 Acknowledgements 271 This document is prepared for M. Tech 2 year Major Project in 272 National Institute of Technology, Delhi (grant funded by the India 273 government (MHRD). 275 Authors' Addresses 277 Faraz Ahmad Naqshbandi 278 M. Tech Student 279 Department of Computer Science & Engineering 280 National Institute of Technology, Delhi 281 Narela, Delhi-110040, INDIA 282 Phone: +91- 9796666996 283 EMail: 172211004@nitdelhi.ac.in 285 Karan Verma 286 Assistant Professor 287 Department of Computer Science & Engineering 288 National Institute of Technology, Delhi 289 Narela, Delhi-110040, INDIA 290 Phone: +91- 7568169258 291 EMail: karan.verma.phd@gmail.com