November 18, 2019 –
Title: Novel cryptographic authentication mechanisms for supply chains and OpenStack
Ph.D. Candidate: Reza Rahaeimehr
Major Advisor: Prof. Marten van Dijk
Associate Advisors: Dr. Laurent Michel and Dr. Benjamin Fuller
Date/Time: Monday, Nov. 18th, 2019 4:10-5:10 P.M.
Location: ITE 336
No matter what a system is, a proper authentication mechanism is the key to securing the system. An authentication mechanism may control who can operate the system or modify the data, distinguish a fake object or user from the legitimate one, verify the origin of a request, and so on. In this dissertation, I focus on the two use-cases of authentication.
The first use-case is about supply chains. A supply chain is a network of partners that cooperate in the production, delivery, and sale of particular products. Using Radio-Frequency Identification (RFID) tags is the most adopted strategy in developing a counterfeit product detection mechanism for supply chains. Here, I introduce the Connectionless method, a new direction for RFID based counterfeit product detection mechanism, that utilizes the memory of modern RFID tags to eliminate the need for having local databases on the premise of partners. Then, I propose a cryptographic solution based on the connectionless method, which significantly improves the availability of the system and costs less.
The second use-case is about OpenStack, the prevalent open-source cloud computing platform. OpenStack has a prominent position among all Cloud computing platforms. It uses a token-based authentication and authorization mechanism. Until now, OpenStack has utilized four token formats, which all of them have suffered from the bearer token problem. The bearer token is a token whoever gets it, can use it on behalf of the owner of the token. OpenStack is a highly modular system with a massive codebase. Hence, as like any other software, an adversary can find some bugs. If the adversary can capture user tokens by exploiting the bugs, he can cause intolerable damage to users and the cloud. To mitigate this problem, I introduce Recursive Augment Fernet Token (RAFT), a new tokening mechanism for OpenStack, which improves the security guarantees of OpenStack in the presence of compromised modules. The heart of this authentication mechanism is a cryptographic self-descriptive token that does not need persistent storage. RAFT allows users to issue very short life tokens with determined privileges.
During my oral defense, I will talk about the second use case, Recursive Augmented Fernet Token for OpenStack.