AUTHENTICATION ALGORITHM FOR PARTICIPANTS OF INFORMATION INTEROPERABILITY IN PROCESS OF OPERATING SYSTEM REMOTE LOADING ON THIN CLIENT
Read the full article ';
For citation: Gatchin Yu.A., Teploukhova O.A. Authentication algorithm for participants of information interoperability in process of operating system remote loading on thin client. Scientific and Technical Journal of Information Technologies, Mechanics and Optics, 2016, vol. 16, no. 3, pp. 497–505. doi: 10.17586/2226-1494-2016-16-3-497-505
Subject of Research.This paper presents solution of authentication problem for all components of information interoperabilityin process of operation system network loading on thin client from terminal server. System Definition. In the proposed solution operation system integrity check is made by hardware-software module, including USB-token with protected memory for secure storage of cryptographic keys and loader. The key requirement for the solution is mutual authentication of four participants: terminal server, thin client, token and user. We have created two algorithms for the problem solution. The first of the designed algorithms compares the encrypted one-time password (random number) with the reference value stored in the memory of the token and updates this number in case of successful authentication. The second algorithm uses the public and private keys of the token and the server. As a result of cryptographic transformation, participants are authenticated and the secure channel is formed between the token, thin client and terminal server. Main Results. Additional research was carried out to find out if the designed algorithms meet the necessary requirements. Criteria used included applicability in a multi-access terminal system architecture, potential threats evaluation and overall system security. According to analysis results, it is recommended to use the algorithm based on PKI due to its high scalability and usability. High level of data security is proved as a result of asymmetric cryptography application with the guarantee that participants' private keys are never sent in the authentication process. Practical Relevance. The designed PKI-based algorithm allows solving the problem with the use of cryptographic algorithms according to state standard even in its absence on asymmetric cryptography. Thus, it can be applied in the State Information Systems with increased requirements to information security.
Acknowledgements. The work is a winner of the program "Participation of Youth Research and Innovation Competition" ("UMNIK"). It has been given a diploma "For the Best Report" at the IV All-Russian Congress of Young Scientists (2015).
1. Mikhalevich I.F. Problems of creation of trusted environment of functioning of the automated control systems, protected construction. XII Vserossiiskoe Soveshchanie po Problemam Upravleniya VSPU-2014 [XII All-Russia meeting on Control Problems VSPU 2014]. Moscow, 2014, pp. 9201–9207.
2. Shpunt Ya. Using thin clients. Benefits, costs, and pitfalls. Intelligent Enterprise/RE, 2011, no. 5(227), pp. 54–55. (In Russian)
3. Kohlenberg T., Ben-Shalom O., Dunlop J., Rub J. Evaluating thin-client security in a changing threat landscape. IT@Intel White Paper, 2010, 8 p.
4. Novikov S.V., Zima V.M., Andrushkevich D.V. Approach to building securer distributed networks of data processing based on trusted infrastructure. SPIIRAS Proceedings, 2015, vol. 38, no. 1, pp. 34–51. (In Russian)
5. Gatchin Yu.A., Teploukhova O.A. Integrity monitoring implementation for the operating system image loaded through a network to the thin clients. Scientific and Technical Journal of Information Technologies, Mechanics and Optics, 2015, vol. 15, no. 6, pp. 1115–1121. doi: 10.17586/2226-1494-2015-15-6-1115-1121
6. Balmer S. Trusted Computing Base Extension Control System For Client Workstations. Masters Thesis. Monterey, California, Naval Postgraduate School, 1999, 118 p.
7. Balmer S.R., Irvine C.E. Analysis of terminal server architectures for thin clients in a high assurance network. Proc. 23rd National Information Systems Security Conference. Baltimore, MD, 2000, pp. 192–202.
8. Gatchin Yu.A., Teploukhova O.A. Realization of the protected connection to the state information systems on the basis of the slim client. The International Technical-Economic Journal, 2015, no. 5, pp. 55–62.
9. van der Walt D. FreeRADIUS. Manage your network resources with FreeRADIUS. Beginner's Guide. Packt Publishing, 2011, 344 p.
10. Teploukhova O.A. Building a model of security threats operating system image loaded over the network to the thin client terminal access systems. Sbornik Tezisov Dokladov III Vserossiiskogo Kongressa Molodykh Uchenykh [Proc. III All-Russian Congress of Young Scientists]. St. Petersburg, 2014, no. 1, pp. 235–237. (In Russian)
11. Smith R.E. Authentication: From Passwords to Public Keys. Addison-Wesley Professional, 2001, 576 p.
12. Alferov A.P., Zubov A.Yu., Kuz'min A.S., Cheremushkin A.V. Osnovy Kriptografii [Basics of Cryptography]. Moscow, Gelios ARV, 2005, 480 p.
13. Gorbatov V.S., Polyanskaya O.Yu. Osnovy Tekhnologii PKI [Basics of PKI Technology]. Moscow, Goryachaya Liniya – Telekom, 2004, 248 p.
This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License