direkt zum Inhalt springen

direkt zum Hauptnavigationsmenü

Sie sind hier

TU Berlin

Inhalt des Dokuments

SecureFog Vault: Implementation of an AAA-service at the edge of the network

Lupe

Group members: David De Troch, Marcus-Alexander Dobbeck
Supervisor: Vlado Handziski

The number of devices connected to the internet is on a rise and their computing power is increasing evermore. Access to these, often critical devices must be secured appropriately to prevent misuse. Currently, authentication, authorization, and accounting mostly happen in the cloud. This introduces latency and the need for a constant internet connection and thus limits the functionality of applications because of security concerns.

In this set-up users must authenticate themselves by providing credentials (e.g.: username/ password, token, ...) to be able to access a service. After the user is coupled with an identity, the authorization service uses this information to decide whether the user has the appropriate rights to make use of the service requested. The accounting part keeps track of who used which resource, which can be checked if something goes wrong. The collection of these services is called AAA service.

In this project, a local service got implemented that can provide these functionalities and disconnections between the cloud and the gateway itself can be handled. Because of resource constraints, only a subset of users can be proactively cached in the local database. Token-based authorization was implemented to keep the information on the client-side. The cloud database serves as a secure reference repository. The measurements that can be seen are the latencies for authentication and authorization for different scenarios. It includes a comparison between using a stateless and a stateful connectivity monitor. This is used to check whether the cloud database can be accessed or not. The project describes the implementation of the shown microservice architecture using the Go language, Kong Proxy, and Hashicorp Vault

Ergebnisse

Lupe

Zusatzinformationen / Extras

Direktzugang:

Schnellnavigation zur Seite über Nummerneingabe