S-Space College of Engineering/Engineering Practice School (공과대학/대학원) Dept. of Computer Science and Engineering (컴퓨터공학부) Theses (Master's Degree_컴퓨터공학부)
TLS Cross Credential (TLS-CC) for Authentication in Delegated Networks
위임된 네트워크에서의 인증을 위한 TLS 상호증명
- PWINT MYAT KAY KHINE
- 공과대학 컴퓨터공학부
- Issue Date
- 서울대학교 대학원
- 학위논문 (석사)-- 서울대학교 대학원 공과대학 컴퓨터공학부, 2017. 8. 권태경.
- Nowadays, most of the content providers such as media and entertainment companies use the Content Delivery Network (CDN) services for faster delivery and higher availability. Using a globally distributed server infrastructure to absorb the network traffic, CDNs are believed to offer faster experience to the end-users and a degree of protection from Distributed Denial of Service (DDoS) attacks. However, despite the benefits of such features, there are several drawbacks related to the authentication of the third party edge networks of CDN. Current mechanisms either trust the CDN providers with the private keys or allow a certification authority to issue the CDN a certificate. Both mechanisms are undesirable in terms of attack space expansion due to the sharing of private keys or in terms of domain confusion and complicated revocation process of the CDNs certificate.
This paper proposes an authentication mechanism in CDN edge networks which does not require trusting the CDN or allowing the certification authority to issue a shared certificate to CDN. Using an object called a cross credential (CC) which can prove the delegated relationship between the CDN edge and the origin server, the proposed mechanism offers efficient solution to the above security concerns with extremely low latency and computation overhead compared to the existing solutions. We implemented our proposed mechanism by extending the standard Transport Layer Security (TLS) protocol to create the CC in the back-end channel and verify the CC in the front-end channel for edge server authentication.