research-article

Mechanisms for Mutual Attested Microservice Communication

Authors:

John ManferdelliAuthors Info & Claims

UCC '17 Companion: Companion Proceedings of the10th International Conference on Utility and Cloud Computing

Pages 59 - 64

https://doi.org/10.1145/3147234.3148102

Published: 05 December 2017 Publication History

Abstract

For systems composed of many rapidly-deployed microservices that cross networks and span trust domains, strong authentication between microservices is a prerequisite for overall system trustworthiness. We examine standard authentication mechanisms in this context, and we introduce new comprehensive, automated, and fine-grained mutual authentication mechanisms that rely on attestation, with particular attention to provisioning and managing secrets. Prototype implementations and benchmark results indicate that mutual attestation introduces only modest overheads and can be made to meet or exceed the performance of common but weaker authentication mechanisms in many scenarios.

References

[1]

Frederik Armknecht, Yacine Gasmi, Ahmad-Reza Sadeghi, Patrick Stewin, Martin Unger, Gianluca Ramunno, and Davide Vernizzi. 2008. An Efficient Implementation of Trusted Channels Based on OpenSSL. In Proc. ACM Workshop Scalable Trusted Comput.

Digital Library

[2]

Arnar Birgisson, Joe Gibbs Politz, Úlfar Erlingsson, Ankur Taly, Michael Vrable, and Mark Lentczner. 2014. Macaroons: Cookies with Contextual Caveats for Decentralized Authorization in the Cloud. In Proc. Annu. Netw. and Distrib. Syst. Security Symp.

[3]

George Coker, Joshua Guttman, Peter Loscocco, Amy Herzog, Jonathan Millen, Hanlon O'Brian, John Ramsdell, Ariel Segall, Justin Sheehy, and Brian Sniffen. 2011. Principles of Remote Attestation. International Journal of Information Security 10, 2 (2011), 63--81.

Digital Library

[4]

Wenliang Du, Jing Deng, Yunghsiang S. Han, Pramod K. Varshney, Jonathan Katz, and Aram Khalili. 2005. A Pairwise Key Predistribution Scheme for Wireless Sensor Networks. ACM Trans. Inf. and Syst. Security 8, 2 (2005), 228--258.

Digital Library

[5]

Zakir Durumeric, James Kasten, Michael Bailey, and J. Alex Halderman. 2013. Analysis of the HTTPS Certificate Ecosystem. In Proc. Internet Measurement Conf.

Digital Library

[6]

Yacine Gasmi, Ahmad-Reza Sadeghi, Patrick Stewin, Martin Unger, and N. Asokan. 2007. Beyond secure channels. In Proc. ACM Workshop Scalable Trusted Comput.

Digital Library

[7]

Kenneth Goldman, Ronald Perez, and Reiner Sailer. 2006. Linking remote attestation to secure tunnel endpoints. In Proc. ACM Workshop Secure Web Services.

Digital Library

[8]

Urs Hölzle. 2017. Bolstering security across Google Cloud. https://www.blog. google/topics/google-cloud/bolstering-security-across-google-cloud/. (March 2017).

[9]

Istio 2017. https://istio.io/. (June 2017).

[10]

Hongqian Karen Lu. 2014. Keeping Your API Keys in a Safe. In Proc. IEEE Int. Conf. Cloud Comput.

Digital Library

[11]

John Manferdelli, Tom Roeder, and Fred Schneider. 2013. The CloudProxy Tao for Trusted Computing. Technical Report UCB/EECS-2013-135. University of Califronia at Berkeley.

[12]

Jisoo Oh, Jaemin Park, Sungjin Park, and Jong-JinWon. 2016. TAaaS: Trustworthy Authentication as a Service. In Proc. IEEE Int. Conf. Cloud Comput.

[13]

Steven B. Roosa and Stephen Schultze. 2013. Trust Darknet: Control and Compromise in the Internet's Certificate Authority Model. IEEE Internet Comput. 17, 3 (Feb. 2013), 18--25.

Digital Library

[14]

Nabil Schear, Patrick T. Cable II, Thomas M. Moyer, Bryan Richard, and Robert Rudd. 2016. Bootstrapping and Maintaining Trust in the Cloud. In Proc. Annu. Comput. Security Appl. Conf.

Digital Library

[15]

Frederic Stumpf. 2010. Leveraging attestation techniques for trust establishment in distributed systems. Ph.D. Dissertation. Technische Universität Darmstadt.

[16]

Trusted Computing Group. 2011. Trusted Platform Module (TPM) Specification, version 1.2. https://www.trustedcomputinggroup.org/specs/TPM/. (1 March 2011).

[17]

Kevin Walsh. 2016. TLS with Trustworthy Certificate Authorities. In Proc. IEEE Conf. Commun. and Netw. Security.

[18]

Kevin Walsh and John Manferdelli. 2017. Intra-Cloud and Inter-Cloud Authentication. In Proc. IEEE Int. Conf. Cloud Comput.

Cited By

Kazanavičius J(2024)Research on legacy monolith applications decomposition into microservice architectureundefined10.20334/2024-018-MOnline publication date: 2024
https://doi.org/10.20334/2024-018-M
Jack CTeck SMing LHong D(2023)An Overview Analysis of Authentication Mechanism in Microservices-Based Software Architecture: A Discussion Paper2023 IEEE 8th International Conference On Software Engineering and Computer Systems (ICSECS)10.1109/ICSECS58457.2023.10256409(1-6)Online publication date: 25-Aug-2023
https://doi.org/10.1109/ICSECS58457.2023.10256409
Minna FMassacci F(2023)SoKComputers and Security10.1016/j.cose.2023.103119127:COnline publication date: 1-Apr-2023
https://dl.acm.org/doi/10.1016/j.cose.2023.103119
Show More Cited By

Index Terms

Mechanisms for Mutual Attested Microservice Communication
1. Networks
  1. Network properties
    1. Network security
      1. Security protocols
  2. Network services
    1. Cloud computing
2. Security and privacy
  1. Security services
  2. Systems security
    1. Operating systems security
      1. Trusted computing

Recommendations

Cryptanalysis of nonce-based mutual authentication scheme using smart cards
ICHIT'11: Proceedings of the 5th international conference on Convergence and hybrid information technology

Recently, many user authentication schemes using smart cards have been proposed to improve the security weaknesses in user authentication process. In 2008, Liu et al. proposed a new mutual authentication scheme using smart cards which is based on nonce ...
BP-MAP: A Secure and Convenient Mutual Authentication Protocol
Information Systems Security
Abstract
Authentication is a fundamental step in achieving security. Most often the authentication is asymmetric, in the sense that the server authenticates a client, while the client has no means to ascertain it is interacting with the legitimate server. ...
A nonce-based mutual authentication system with smart card

User authentication is an important security mechanism for recognizing legal remote users. We propose an available and secure authentication scheme for service provider to verify users without using verification table. It can resist most of the attacks ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

UCC '17 Companion: Companion Proceedings of the10th International Conference on Utility and Cloud Computing

December 2017

252 pages

ISBN:9781450351959

DOI:10.1145/3147234

General Chairs:
Ashiq Anjum
University of Derby, UK
,
Alan Sill
Texas Tech University, USA
,
Program Chairs:
Geoffrey Fox
Indiana University, USA
,
Yong Chen
Texas Tech University, USA

Copyright © 2017 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

SIGARCH: ACM Special Interest Group on Computer Architecture
IEEE TCSC: IEEE Technical Committee on Scalable Computing

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 05 December 2017

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

UCC '17

Sponsor:

SIGARCH
IEEE TCSC

UCC '17: 10th International Conference on Utility and Cloud Computing

December 5 - 8, 2017

Texas, Austin, USA

Acceptance Rates

Overall Acceptance Rate 38 of 125 submissions, 30%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

8
Total Citations
View Citations
299
Total Downloads

Downloads (Last 12 months)17
Downloads (Last 6 weeks)0

Reflects downloads up to 05 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Kazanavičius J(2024)Research on legacy monolith applications decomposition into microservice architectureundefined10.20334/2024-018-MOnline publication date: 2024
https://doi.org/10.20334/2024-018-M
Jack CTeck SMing LHong D(2023)An Overview Analysis of Authentication Mechanism in Microservices-Based Software Architecture: A Discussion Paper2023 IEEE 8th International Conference On Software Engineering and Computer Systems (ICSECS)10.1109/ICSECS58457.2023.10256409(1-6)Online publication date: 25-Aug-2023
https://doi.org/10.1109/ICSECS58457.2023.10256409
Minna FMassacci F(2023)SoKComputers and Security10.1016/j.cose.2023.103119127:COnline publication date: 1-Apr-2023
https://dl.acm.org/doi/10.1016/j.cose.2023.103119
Hamidy GYulianti SPhilippaerts PJoosen W(2023)TC4SE: A High-Performance Trusted Channel Mechanism for Secure Enclave-Based Trusted Execution EnvironmentsInformation Security10.1007/978-3-031-49187-0_13(246-264)Online publication date: 15-Nov-2023
https://dl.acm.org/doi/10.1007/978-3-031-49187-0_13
Niemi APop VEkberg J(2021)Trusted Sockets Layer: A TLS 1.3 Based Trusted Channel ProtocolSecure IT Systems10.1007/978-3-030-91625-1_10(175-191)Online publication date: 13-Nov-2021
https://doi.org/10.1007/978-3-030-91625-1_10
Dilshan DPiumika SRupasinghe CPerera ISiriwardena P(2020)MSChain: Blockchain based Decentralized Certificate Transparency for Microservices2020 Moratuwa Engineering Research Conference (MERCon)10.1109/MERCon50084.2020.9185320(1-6)Online publication date: Jul-2020
https://doi.org/10.1109/MERCon50084.2020.9185320
Hosseinzadeh SSequeiros BInácio PLeppänen V(2019)Recent trends in applying TPM to cloud computingSECURITY AND PRIVACY10.1002/spy2.933:1Online publication date: 28-Nov-2019
https://doi.org/10.1002/spy2.93
Joseph CChandrasekaran K(2019)Straddling the crevasse: A review of microservice software architecture foundations and recent advancementsSoftware: Practice and Experience10.1002/spe.272949:10(1448-1484)Online publication date: 19-Jul-2019
https://doi.org/10.1002/spe.2729

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten