A framework for federated two-factor authentication enabling cost-effective secure access to distributed cyberinfrastructure
Article No.: 7, Pages 1 - 8
Abstract
As cyber attacks become increasingly sophisticated, the security measures used to mitigate the risks must also increase in sophistication. One time password (OTP) systems provide strong authentication because security credentials are not reusable, thus thwarting credential replay attacks. The credential changes regularly, making brute-force attacks significantly more difficult. In high performance computing, end users may require access to resources housed at several different service provider locations. The ability to share a strong token between multiple computing resources reduces cost and complexity. The National Science Foundation (NSF) Extreme Science and Engineering Discovery Environment (XSEDE) provides access to digital resources, including supercomputers, data resources, and software tools. XSEDE will offer centralized strong authentication for services amongst service providers that leverage their own user databases and security profiles. This work implements a scalable framework built on standards to provide federated secure access to distributed cyberinfrastructure.
References
[1]
W. Akkerman. pyrad: Python RADIUS Implementation. https://github.com/wichert/pyrad.
[2]
J. Basney, M. Humphrey, and V. Welch. The myproxy online credential repository. Software: Practice and Experience, 35(9):801--816, 2005.
[3]
L. Florio and K. Wierenga. Eduroam, providing mobility for roaming users. In Proceedings of the EUNIS 2005 Conference, Manchester, 2005.
[4]
FreeRADIUS: The world's most popular RADIUS Server. http://www.freeradius.org.
[5]
N. Haller, C. Metz, P. Nesser, and M. Straw. A One-Time Password System. RFC 2289 (Standard), Feb. 1998.
[6]
V. Hazlewood, P. Kovatch, M. Ezell, M. Johnson, and P. Redd. Improved grid security posture through multi-factor authentication. Grid Computing, IEEE/ACM International Workshop on, 0:106--113, 2011.
[7]
D. Muruganantham, M. Helm, and T. Genovese. ESnet authentication services and trust federations. In Journal of Physics: Conference Series, volume 16, page 591. IOP Publishing, 2005.
[8]
D. Muruganantham, M. Helm, T. Genovese, R. Morelli, and J. Webster. ESnet RAF Progress Report. Work in progress, May 2005.
[9]
C. Rigney, S. Willens, A. Rubens, and W. Simpson. Remote Authentication Dial In User Service (RADIUS). RFC 2865 (Draft Standard), June 2000. Updated by RFCs 2868, 3575, 5080.
[10]
S. Winter, M. McCauley, S. Venaas, and K. Wierenga. Transport Layer Security (TLS) encryption for RADIUS. http://tools.ietf.org/html/draft-ietf-radext-radsec, Feb. 2012.
[11]
XSEDE. XSEDE Overview. https://www.xsede.org/ca/overview, 2012.
Index Terms
- A framework for federated two-factor authentication enabling cost-effective secure access to distributed cyberinfrastructure
Recommendations
A Usable and Secure Two-Factor Authentication Scheme
There are many secure authentication schemes that are secure but difficult to use. Most existing network applications authenticate users with a username and password pair. Such systems using the reusable passwords are susceptible to attacks based on the ...
Design of a lightweight two-factor authentication scheme with smart card revocation
Smart card based authentication schemes present user-friendly and secure communication mechanism over insure public channel. Recently, Li et al. designed an authentication scheme with pre-smart card authentication to present efficient login phase and ...
Flexible Enforcement of Multi-factor Authentication with SSH via Linux-PAM for Federated Identity Users
PEARC '17: Practice and Experience in Advanced Research Computing 2017: Sustainability, Success and ImpactA computational science project with restricted-access data was awarded an allocation by XSEDE in 2016 to use the Bridges supercomputer at the Pittsburgh Supercomputing Center (PSC). As a condition of the license agreement for access to the data, multi-...
Comments
Please enable JavaScript to view thecomments powered by Disqus.Information & Contributors
Information
Published In
Copyright © 2012 ACM.
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 16 July 2012
Check for updates
Author Tags
Qualifiers
- Research-article
Conference
XSEDE12
XSEDE12: 2012 eXtreme Science and Engineering Discovery Environment 2012
July 16 - 20, 2012
Illinois, Chicago, USA
Acceptance Rates
Overall Acceptance Rate 129 of 190 submissions, 68%
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 216Total Downloads
- Downloads (Last 12 months)6
- Downloads (Last 6 weeks)2
Reflects downloads up to 28 Sep 2024
Other Metrics
Citations
View Options
Get Access
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in