F. Naqshbandi INTERNET-DRAFT NIT, Delhi Intended Status: Standards Track K. Verma Expires: February 8, 2019 Assistant Professor NIT, Delhi August 8, 2018 Hybrid Algorithm to enhance Authentication in Fog Computing draft-naqshbandi-kitten-hafc-00.txt Status of this Memo This Internet-Draft is submitted to IETF in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet-Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/1id-abstracts.html The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html Copyright and License Notice Copyright (c) 2018 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. F. Naqshbandi, K. Verma Expires February 8, 2019 [Page 1]  INTERNET DRAFT Hybrid Algorithm to enhance Authentication in Fog Computing August 8, 2018 Abstract This document specifies the problem of attack on authenticity users. The problem is discussed with respect to fog computing environment. The threat exist when any user log in to access the service. The two aspects are either the fog server is fake or the user node is fake. The information stored on the server and transferred over the connection. This information can be highly confidential and sensitive. So to enhance security in this scenario, cloud server can authenticate both the parties and establish the connection. There are chances that it can get attacked and used by illegitimate users. Therefore, there was an utmost need to increase the security on authentication of the users. This document discusses a novel approach to overcome the problem by using a hybrid approach. The technique is based on user authentication and fog authentication by cloud server. Table of Contents 1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 2 Requirements Notation . . . . . . . . . . . . . . . . . . . . . 3 3 Terminology . . . . . . . . . . . . . . . . . . . . . . . . . . 3 4 Authentication Schemes . . . . . . . . . . . . . . . . . . . . . 3 5 Security Considerations. . . . .. . . . . . . . . . . . . . . . 4 6 IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 5 7 Other Considerations . . . . . . . . . . . . . . . . . . . . . . 5 8 Conclusions . . . . . . . . . . . . . . . . . . . . . . . . . . 6 9 References . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 9.1 Normative References . . . . . . . . . . . . . . . . . . . 6 9.2 Informative References . . . . . . . . . . . . . . . . . . 6 10 Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 7 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 7 F. Naqshbandi, K. Verma Expires February 8, 2019 [Page 2]  INTERNET DRAFT Hybrid Algorithm to enhance Authentication in Fog Computing August 8, 2018 1 Introduction Fog computing is an advancement of cloud computing that came into existence to reduce the load on the cloud server. When cloud computing did not fulfil the client need like latency, data overload, less computational speed to satisfy the need of clients [1]. Fog servers were introduced as the intermediate layer to cloud. They were connected to the clients all the time and sent the data and data decisions to be saved to cloud server [2]. So for clients, the efficiency of the server increased and for cloud server the load also decreased by sharing with fog nodes. Every time when client needs to connect to the fog node, they use their credentials to login [3, 4]. But there was no system to authenticate the fog server by the user node. In some scenarios,attacker can impersonate as the fog server and communicate with the user node. This is serious security threat on the system. Hence we need to authenticate both user node as well the fog server. 2 Requirements Notation In examples, "C:" , "F:" and "U:" indicate lines sent by the cloud server, fog server and the user node respectively. The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119 [RFC2119]. 3 Terminology FLIF :FLIF[5] is a form of progressive interlacing (a generalization of the Adam7 algorithm). This means that any partial download of a compressed file can be used as a reasonable lossy encoding of the entire image. Homomorphic encryption[6]: It allows complex mathematical operations to be performed on encrypted data without using the original data. For plain texts X1 and X2 and corresponding cipher text Y1 and Y2. A homomorphic encryption scheme permits the computation of X1 (.) X2 from Y1 and Y2 without using P1 (.) P2. The cryptographic system is multiplicative or additive depending on the nature(.). 4 Authentication Schemes Authentication refers to validation of identity to access the resources. It can be broadly divided into 2 categories: User based F. Naqshbandi, K. Verma Expires February 8, 2019 [Page 3]  INTERNET DRAFT Hybrid Algorithm to enhance Authentication in Fog Computing August 8, 2018 authentication and Message authentication. User based authentication deals with verifying user's identity. This is done mainly in common known systems of authentication. The basic one is called two phase that deals with username and password. The three phase approach that either deals third component along with earlier two phase ones. The third component can be biometric image of face, fingerprint etc. or one-time-password based (OTP) or security question. Message authentication works on the basic principle on hashing. Every message that is passed to authentication system. It gets encrypted with hash function which gives the output as a hash value. The hash value can then be stored easily. The main algorithms for these functions are MD5, SHA1, SHA2 and SHA3. The major difference between all the algorithms is on the basis of the key size that is used in hashing. 5 Security Considerations The general authentications algorithms have been used till now to connect to the fog node. But the existing security threats demands the authentication algorithm to be more randomized as possible. Therefore, there is need of algorithms that encompasses the properties of the user based algorithm along with the message authentication algorithms. In this draft, we propose a hybrid approach that uses homomorphic encryption on fingerprint based login system to authenticate user. For authenticating the fog server, an OTP based authentication technique along with homomorphic encryption. In our proposed hybrid system, an user logs in for using the cloud service or fog service by providing the credentials(username, password, fingerprint). Then the credentials are encrypted using homomorphic encryption and sent to the server for authentication. Once it reaches the server, then gets decrypted and verified. If the user is legitimate, then the service is granted to the nearest fog server which is already authenticated. The allotment of fog server to complete the request generated by user is provided by cloud server. The proposed system authenticates the fog server using OTP based technique. After defined time slot, the cloud server sends the OTP to fog servers. If the OTP is verified, then the fog server is authentic otherwise it is attacked and impersonated by attacker. F. Naqshbandi, K. Verma Expires February 8, 2019 [Page 4]  INTERNET DRAFT Hybrid Algorithm to enhance Authentication in Fog Computing August 8, 2018 +------------------------------------------------------------+ | +--------------------------------------+ | | | | | | | Cloud Server | | | | | | | +--------------------------------------+ | | | 2| | | | |3 | | 1| +-----------------------+ | | | | | | | |4 | Fog Server | | | | | | | | | +-----------------------+ | | | 5| | | | |6 | | +------------------------------------+ | | | | | | | User Node | | | | | | | +------------------------------------+ | | | +------------------------------------------------------------+ 1. User node sends request to access service along with credentials encrypted. 2. Fog server send request for its authentication. 3. If fog server is authenticated, then its location is stored in database. 4. If the user is authenticated, then service is grant to nearest fog server. 5. Whenever the service has to be accessed, the communication with fog server starts. 6. Fog server responds to user node by providing appropriate decisions. 6 IANA Considerations Nil 7 Other Considerations F. Naqshbandi, K. Verma Expires February 8, 2019 [Page 5]  INTERNET DRAFT Hybrid Algorithm to enhance Authentication in Fog Computing August 8, 2018 The hashing function that is being used in SHA3 should have large function values so that attacker cant' decrypt. 8 Conclusions This document discusses an efficient scheme for enhancing the authenticity of users and fog nodes by the cloud server. It is a two step technique that uses homomorphic encryption while establishing the connection of the data. 9 References [1] Al Hamid, Hadeal Abdulaziz, et al. "A security model for preserving the privacy of medical big data in a healthcare cloud using a fog computing facility with pairing-based cryptography." IEEE Access 5 (2017): 22313-22328. [2] Abbasi, Bushra Zaheer, and Munam Ali Shah. "Fog computing: Security issues, solutions and robust practices." Automation and Computing (ICAC), 2017 23rd International Conference on. IEEE, 2017. [3]Wang, Tian, et al. "A three-layer privacy preserving cloud storage scheme based on computational intelligence in fog computing ." IEEE Transactions on Emerging Topics in Computational Intelligence 2.1 (2018): 3-12. [4]Liu, Ximeng, et al. "Hybrid privacy-preserving clinical decision support system in fog-cloud computing." Future Generation Computer Systems 78 (2018): 825-837. [5]Sneyers, Jon, and Pieter Wuille. "FLIF: Free lossless image format based on MANIAC compression." Image Processing (ICIP), 2016 IEEE International Conference on. IEEE, 2016. [6] Van Dijk, Marten, et al. "Fully homomorphic encryption over the integers." Annual International Conference on the Theory and Applications of Cryptographic Techniques. Springer, Berlin, Heidelberg, 2010. 9.1 Normative References [1]Brakerski, Zvika, and Vinod Vaikuntanathan. "Fully homomorphic encryption from ring-LWE and security for key dependent messages." Annual cryptology conference. Springer, Berlin, Heidelberg, 2011. 9.2 Informative References [1]Gentry, Craig, and Dan Boneh. A fully homomorphic encryption F. Naqshbandi, K. Verma Expires February 8, 2019 [Page 6]  INTERNET DRAFT Hybrid Algorithm to enhance Authentication in Fog Computing August 8, 2018 scheme. Vol. 20. No. 09. Stanford: Stanford University, 2009. [2]Brakerski, Zvika, and Vinod Vaikuntanathan. "Efficient fully homomorphic encryption from (standard) LWE." SIAM Journal on Computing 43.2 (2014): 831-871. 10 Acknowledgements This document is prepared for M. Tech 2 year Major Project in National Institute of Technology, Delhi (grant funded by the India government (MHRD). Authors' Addresses Faraz Ahmad Naqshbandi M. Tech Student Department of Computer Science & Engineering National Institute of Technology, Delhi Narela, Delhi-110040, INDIA Phone: +91- 9796666996 EMail: 172211004@nitdelhi.ac.in Karan Verma Assistant Professor Department of Computer Science & Engineering National Institute of Technology, Delhi Narela, Delhi-110040, INDIA Phone: +91- 7568169258 EMail: karan.verma.phd@gmail.com F. Naqshbandi, K. Verma ExpiresFebruary 8, 2019 [Page 7]