SlideShare a Scribd company logo

Secure token passing protocol at app level

Augusto Ciuffoletti
Augusto Ciuffoletti

Algorithms based on the circulation of a unique token are often indicated in the coordination of distributed systems. We introduce the design of the token passing operation at application level, that exhibits the requirements of security, since the token is a sensitive resource, and scalability, since the token passing protocol must not implement security at expense of scalability. These characteristics make our solution suitable for large scale distributed infrastructures.

Technology
1 of 16
Download to read offline
Secure token passing at application level http://dx.doi.org/10.1016/j.future.2009.12.003 Augusto Ciuffoletti University of Pisa Pisa – ITALY augusto@di.unipi.it
What this paper is not about ● Many algorithms rely on a reliable token exchange (mutual exclusion, network overlay, etc) ● Few of them describe a protocol that effectively implements such operation ● None of them discusses an application level protocol ● Here we will not discuss an algorithm based on token exchange, but the token exchange itself ● Being implemented at the application level, it can be embedded in any sort of application
Basics of a token ● Token presence reflects in the state of the application ● Persistence of several tokens is to be avoided ● Long periods of absence of token are to be avoided ● The token circulates fairly in the system ● A token is never forged, or spoofed (by unauthorized entities)
A token passing protocol ● The presence of a token on a host must induce, after some time – the release of the token inside the host holding it, and – the presence of the token inside another host ● We consider that this operation (the token passing operation) is implemented with a protocol based on UDP datagrams ● In order to effectively implement the token passing operation, the protocol must fulfill some requirements...
Protocol requirements ● Token passing latency is concentrated around a value: this ensures fairness ● Token passing failure with token loss is an infrequent event: this event deteriorates the performance of the system ● Token duplication is deterministically excluded: it would be extremely difficult to detect and recover from this event ● The presence of several (distinct) tokens in the system is an infrequent event: it deteriorates the performance of the system
Protocol requirements ● The source of the token must be authenticated: this ensures that only trusted peers participate in token sharing The above requirement entails the maintenance of a trust relationship among participants. It is the kind of problem that may be solved using a token based scheme, and is related with the topology used to circulate the token. Here we propose a “vanilla” solution...
Token circulation topology ● We introduce a full mesh topology (all-to-all) and a randomized circulation of the token ● As a consequence, the membership consists of all hosts sharing the token ● Such membership relies on the existence of a Certification Authority ● All datagrams in the protocol are signed, and exceptionally contain the certificate ● Hosts maintain a cache of certificates, and public keys of the peers
Host architecture Token enters here Receiver Sender Port 9000 Process Unix pipe process Token exits here Local read/update Cache read
4-way token exchange protocol ● Types of packets: – Move pkt: submits token exchange – Acknowledge pkt: accepts packet exchange – Commit pkt: confirms token exchange – EarlyStop pkt: stops resending Commit pkts ● All types except EarlyStop can be resent ● Non conformant packets are silently dropped ● All packets are signed ● Resent packets carry sender certificate
Sender process state diagram Transition notation: ● event (rcv or timeout) ● ------- ● action (send etc.) Transition arrow: ● blue: high probability ● yellow: low probability ● red: failure Transition label: ● green: send event
Receiver process state diagram Transition notation: ● event (rcv or timeout) ● ------- ● action (send etc.) Transition arrow: ● blue: high probability ● yellow: low probability ● red: failure Transition label: ● green: send event
Is it real? ● In order to assess the consistency of our specification, we implemented the specification using the Perl language ● It is about 700 lines of Perl code ● Exchanged packets are about 50 bytes long, 4 per token passing operation ● The security issues are partially implemented in the prototype: we use public keys instead of certificates issued by a cert. authority.
Does it work? ● In order to assess the conformace of the prototype with respect to the requirements we run two experiments ● The first experiment was run in the real Internet, using a testbed of three hosts located in Italy and Greece ● The purpose was to establish the robustness against Internet failures ● The token kept bouncing among the hosts for as long as 20 days (one bounce every 5 secs) before being lost ● More details reported in paper...
Does it work? ● Another experiment was run in a virtual network composed of 10 virtual hosts (using Netkit support) ● In that case, we injected token loss events and induced randomized delays ● Also in this case the results were satisfactory. They are not published in this issue.
Conclusions ● A communication protocol that ensures a reliable token passing operation is a basic building block ● An authentication mechanism is required in order to protect from disruptive intrusions These results have been published in the Future Generation Computer Systems journal. The Perl implementation of the protocol is available at the Wandering Token home page.
Useful links ● Augusto Ciuffoletti. Secure token passing at application level. Future Generation Computer Systems, 2010. doi:10.1016/j.future.2009.12.003. ● Wandering token home page: http://www.di.unipi.it/~augusto/WanderingToken/index.html

Recommended

FastBFT
FastBFTFastBFT
FastBFTYongraeJo
 
SCP
SCPSCP
SCPYongraeJo
 
Verifying offchain computations using TrueBit. Sami Makela
Verifying offchain computations using TrueBit. Sami MakelaVerifying offchain computations using TrueBit. Sami Makela
Verifying offchain computations using TrueBit. Sami MakelaCyber Fund
 
ITFT_Semaphores and bounded buffer
ITFT_Semaphores and bounded bufferITFT_Semaphores and bounded buffer
ITFT_Semaphores and bounded bufferSneh Prabha
 
Practical Byzantine Fault Tolernace
Practical Byzantine Fault TolernacePractical Byzantine Fault Tolernace
Practical Byzantine Fault TolernaceYongraeJo
 
OmniLedger
OmniLedgerOmniLedger
OmniLedgerSIYIMA4
 
Process synchronization
Process synchronizationProcess synchronization
Process synchronizationSyed Hassan Ali
 
signals & message queues overview
signals & message queues overviewsignals & message queues overview
signals & message queues overviewVaishali Dayal
 

Recommended

FastBFT
FastBFTFastBFT
FastBFTYongraeJo
 
SCP
SCPSCP
SCPYongraeJo
 
Verifying offchain computations using TrueBit. Sami Makela
Verifying offchain computations using TrueBit. Sami MakelaVerifying offchain computations using TrueBit. Sami Makela
Verifying offchain computations using TrueBit. Sami MakelaCyber Fund
 
ITFT_Semaphores and bounded buffer
ITFT_Semaphores and bounded bufferITFT_Semaphores and bounded buffer
ITFT_Semaphores and bounded bufferSneh Prabha
 
Practical Byzantine Fault Tolernace
Practical Byzantine Fault TolernacePractical Byzantine Fault Tolernace
Practical Byzantine Fault TolernaceYongraeJo
 
OmniLedger
OmniLedgerOmniLedger
OmniLedgerSIYIMA4
 
Process synchronization
Process synchronizationProcess synchronization
Process synchronizationSyed Hassan Ali
 
signals & message queues overview
signals & message queues overviewsignals & message queues overview
signals & message queues overviewVaishali Dayal
 
Process synchronization
Process synchronizationProcess synchronization
Process synchronizationAli Ahmad
 
Transactional Memory
Transactional MemoryTransactional Memory
Transactional MemoryYuuki Takano
 
The paxos commit algorithm
The paxos commit algorithmThe paxos commit algorithm
The paxos commit algorithmahmed hamza
 
Monitors
MonitorsMonitors
MonitorsMohd Arif
 
Transactional Memory
Transactional MemoryTransactional Memory
Transactional MemorySmruti Sarangi
 
Semaphore
SemaphoreSemaphore
SemaphoreArafat Hossan
 
Process Synchronization
Process SynchronizationProcess Synchronization
Process Synchronizationvinay arora
 
Lecture 5 process synchronization
Lecture 5 process synchronizationLecture 5 process synchronization
Lecture 5 process synchronizationKlintonChhun
 
Operating systems question bank
Operating systems question bankOperating systems question bank
Operating systems question bankanuradha raheja
 
Process Synchronization
Process SynchronizationProcess Synchronization
Process SynchronizationSonali Chauhan
 
6 Synchronisation
6 Synchronisation6 Synchronisation
6 SynchronisationDr. Loganathan R
 
Synchronization
SynchronizationSynchronization
SynchronizationMohd Arif
 
Process synchronization(deepa)
Process synchronization(deepa)Process synchronization(deepa)
Process synchronization(deepa)Nagarajan
 
PBFT
PBFTPBFT
PBFTAnna Yudina
 
Semaphores and Monitors
Semaphores and Monitors Semaphores and Monitors
Semaphores and Monitorssathish sak
 
We shall play a game....
We shall play a game....We shall play a game....
We shall play a game....Sadia Textile
 
Chapter 6 - Process Synchronization
Chapter 6 - Process SynchronizationChapter 6 - Process Synchronization
Chapter 6 - Process SynchronizationWayne Jones Jnr
 
Os module 2 c
Os module 2 cOs module 2 c
Os module 2 cGichelle Amon
 
SYNCHRONIZATION
SYNCHRONIZATIONSYNCHRONIZATION
SYNCHRONIZATIONatanuanwesha
 
Mutual Exclusion using Peterson's Algorithm
Mutual Exclusion using Peterson's AlgorithmMutual Exclusion using Peterson's Algorithm
Mutual Exclusion using Peterson's AlgorithmSouvik Roy
 
Omni ledger
Omni ledgerOmni ledger
Omni ledgerYongraeJo
 
Transport Layer
Transport LayerTransport Layer
Transport LayerDr Shashikant Athawale
 

More Related Content

What's hot

Process synchronization
Process synchronizationProcess synchronization
Process synchronizationAli Ahmad
 
Transactional Memory
Transactional MemoryTransactional Memory
Transactional MemoryYuuki Takano
 
The paxos commit algorithm
The paxos commit algorithmThe paxos commit algorithm
The paxos commit algorithmahmed hamza
 
Process Synchronization
Process SynchronizationProcess Synchronization
Process Synchronizationvinay arora
 
Lecture 5 process synchronization
Lecture 5 process synchronizationLecture 5 process synchronization
Lecture 5 process synchronizationKlintonChhun
 
Operating systems question bank
Operating systems question bankOperating systems question bank
Operating systems question bankanuradha raheja
 
Process Synchronization
Process SynchronizationProcess Synchronization
Process SynchronizationSonali Chauhan
 
Synchronization
SynchronizationSynchronization
SynchronizationMohd Arif
 
Process synchronization(deepa)
Process synchronization(deepa)Process synchronization(deepa)
Process synchronization(deepa)Nagarajan
 
Semaphores and Monitors
Semaphores and Monitors Semaphores and Monitors
Semaphores and Monitorssathish sak
 
We shall play a game....
We shall play a game....We shall play a game....
We shall play a game....Sadia Textile
 
Chapter 6 - Process Synchronization
Chapter 6 - Process SynchronizationChapter 6 - Process Synchronization
Chapter 6 - Process SynchronizationWayne Jones Jnr
 
Mutual Exclusion using Peterson's Algorithm
Mutual Exclusion using Peterson's AlgorithmMutual Exclusion using Peterson's Algorithm
Mutual Exclusion using Peterson's AlgorithmSouvik Roy
 

What's hot (20)

Process synchronization
Process synchronizationProcess synchronization
Process synchronization
 
Transactional Memory
Transactional MemoryTransactional Memory
Transactional Memory
 
The paxos commit algorithm
The paxos commit algorithmThe paxos commit algorithm
The paxos commit algorithm
 
Monitors
MonitorsMonitors
Monitors
 
Transactional Memory
Transactional MemoryTransactional Memory
Transactional Memory
 
Semaphore
SemaphoreSemaphore
Semaphore
 
Process Synchronization
Process SynchronizationProcess Synchronization
Process Synchronization
 
Lecture 5 process synchronization
Lecture 5 process synchronizationLecture 5 process synchronization
Lecture 5 process synchronization
 
Operating systems question bank
Operating systems question bankOperating systems question bank
Operating systems question bank
 
Process Synchronization
Process SynchronizationProcess Synchronization
Process Synchronization
 
6 Synchronisation
6 Synchronisation6 Synchronisation
6 Synchronisation
 
Synchronization
SynchronizationSynchronization
Synchronization
 
Process synchronization(deepa)
Process synchronization(deepa)Process synchronization(deepa)
Process synchronization(deepa)
 
PBFT
PBFTPBFT
PBFT
 
Semaphores and Monitors
Semaphores and Monitors Semaphores and Monitors
Semaphores and Monitors
 
We shall play a game....
We shall play a game....We shall play a game....
We shall play a game....
 
Chapter 6 - Process Synchronization
Chapter 6 - Process SynchronizationChapter 6 - Process Synchronization
Chapter 6 - Process Synchronization
 
Os module 2 c
Os module 2 cOs module 2 c
Os module 2 c
 
SYNCHRONIZATION
SYNCHRONIZATIONSYNCHRONIZATION
SYNCHRONIZATION
 
Mutual Exclusion using Peterson's Algorithm
Mutual Exclusion using Peterson's AlgorithmMutual Exclusion using Peterson's Algorithm
Mutual Exclusion using Peterson's Algorithm
 

Similar to Secure token passing protocol at app level

A Python Petting Zoo
A Python Petting ZooA Python Petting Zoo
A Python Petting Zoodevondjones
 
Hyperledger Consensus Algorithms
Hyperledger Consensus AlgorithmsHyperledger Consensus Algorithms
Hyperledger Consensus AlgorithmsMabelOza12
 
Cryptomonday #3: Algorand @ CryptoLab
Cryptomonday #3: Algorand @ CryptoLabCryptomonday #3: Algorand @ CryptoLab
Cryptomonday #3: Algorand @ CryptoLabAdrianoDiLuzio
 
Slide used at ACM-SAC 2014 by Suzaki
Slide used at ACM-SAC 2014 by SuzakiSlide used at ACM-SAC 2014 by Suzaki
Slide used at ACM-SAC 2014 by SuzakiKuniyasu Suzaki
 
blockchain-and-trusted-computing
blockchain-and-trusted-computingblockchain-and-trusted-computing
blockchain-and-trusted-computingYongraeJo
 
Blockchain and smart contracts, what they are and why you should really care ...
Blockchain and smart contracts, what they are and why you should really care ...Blockchain and smart contracts, what they are and why you should really care ...
Blockchain and smart contracts, what they are and why you should really care ...maeste
 
Blockchain For Developers (Talk at Innopolis Blockchain Hackathon 2016)
Blockchain For Developers (Talk at Innopolis Blockchain Hackathon 2016)Blockchain For Developers (Talk at Innopolis Blockchain Hackathon 2016)
Blockchain For Developers (Talk at Innopolis Blockchain Hackathon 2016)Alex Chepurnoy
 
RPC in Smalltalk
RPC in Smalltalk RPC in Smalltalk
RPC in SmalltalkESUG
 
Getting started with quorum -101
Getting started with quorum -101 Getting started with quorum -101
Getting started with quorum -101 Chainstack
 
Collision avoidance using a wandering token in the PTP protocol
Collision avoidance using a wandering token in the PTP protocolCollision avoidance using a wandering token in the PTP protocol
Collision avoidance using a wandering token in the PTP protocolAugusto Ciuffoletti
 
Algorand Consensus Algorithm
Algorand Consensus AlgorithmAlgorand Consensus Algorithm
Algorand Consensus AlgorithmVanessa Lošić
 
Networking- OSI Layer Protocol Functions
Networking- OSI Layer Protocol FunctionsNetworking- OSI Layer Protocol Functions
Networking- OSI Layer Protocol FunctionsGayathri Kesavan
 
TLS - 2016 Velocity Training
TLS - 2016 Velocity TrainingTLS - 2016 Velocity Training
TLS - 2016 Velocity TrainingPatrick Meenan
 

Similar to Secure token passing protocol at app level (20)

Omni ledger
Omni ledgerOmni ledger
Omni ledger
 
Transport Layer
Transport LayerTransport Layer
Transport Layer
 
A Python Petting Zoo
A Python Petting ZooA Python Petting Zoo
A Python Petting Zoo
 
Hyperledger Consensus Algorithms
Hyperledger Consensus AlgorithmsHyperledger Consensus Algorithms
Hyperledger Consensus Algorithms
 
Cryptomonday #3: Algorand @ CryptoLab
Cryptomonday #3: Algorand @ CryptoLabCryptomonday #3: Algorand @ CryptoLab
Cryptomonday #3: Algorand @ CryptoLab
 
Slide used at ACM-SAC 2014 by Suzaki
Slide used at ACM-SAC 2014 by SuzakiSlide used at ACM-SAC 2014 by Suzaki
Slide used at ACM-SAC 2014 by Suzaki
 
blockchain-and-trusted-computing
blockchain-and-trusted-computingblockchain-and-trusted-computing
blockchain-and-trusted-computing
 
Blockchain and smart contracts, what they are and why you should really care ...
Blockchain and smart contracts, what they are and why you should really care ...Blockchain and smart contracts, what they are and why you should really care ...
Blockchain and smart contracts, what they are and why you should really care ...
 
Transport Layer Description By Varun Tiwari
Transport Layer Description By Varun TiwariTransport Layer Description By Varun Tiwari
Transport Layer Description By Varun Tiwari
 
Blockchain For Developers (Talk at Innopolis Blockchain Hackathon 2016)
Blockchain For Developers (Talk at Innopolis Blockchain Hackathon 2016)Blockchain For Developers (Talk at Innopolis Blockchain Hackathon 2016)
Blockchain For Developers (Talk at Innopolis Blockchain Hackathon 2016)
 
RPC in Smalltalk
RPC in Smalltalk RPC in Smalltalk
RPC in Smalltalk
 
Getting started with quorum -101
Getting started with quorum -101 Getting started with quorum -101
Getting started with quorum -101
 
Collision avoidance using a wandering token in the PTP protocol
Collision avoidance using a wandering token in the PTP protocolCollision avoidance using a wandering token in the PTP protocol
Collision avoidance using a wandering token in the PTP protocol
 
Algorand Consensus Algorithm
Algorand Consensus AlgorithmAlgorand Consensus Algorithm
Algorand Consensus Algorithm
 
Qt Application Programming with C++ - Part 2
Qt Application Programming with C++ - Part 2Qt Application Programming with C++ - Part 2
Qt Application Programming with C++ - Part 2
 
Akka Remoting
Akka RemotingAkka Remoting
Akka Remoting
 
Networking- OSI Layer Protocol Functions
Networking- OSI Layer Protocol FunctionsNetworking- OSI Layer Protocol Functions
Networking- OSI Layer Protocol Functions
 
TLS - 2016 Velocity Training
TLS - 2016 Velocity TrainingTLS - 2016 Velocity Training
TLS - 2016 Velocity Training
 
The wandering token
The wandering tokenThe wandering token
The wandering token
 
Twisted
TwistedTwisted
Twisted
 

More from Augusto Ciuffoletti

An open-source testbed for IoT systems
An open-source testbed for IoT systemsAn open-source testbed for IoT systems
An open-source testbed for IoT systemsAugusto Ciuffoletti
 
Design and implementation of a low-cost modular sensor
Design and implementation of a low-cost modular sensorDesign and implementation of a low-cost modular sensor
Design and implementation of a low-cost modular sensorAugusto Ciuffoletti
 
Automated deployment of a microservice based monitoring architecture
Automated deployment of a microservice based monitoring architectureAutomated deployment of a microservice based monitoring architecture
Automated deployment of a microservice based monitoring architectureAugusto Ciuffoletti
 
OCCI Monitoring at OGF42 - Concepts and demo
OCCI Monitoring at OGF42 - Concepts and demoOCCI Monitoring at OGF42 - Concepts and demo
OCCI Monitoring at OGF42 - Concepts and demoAugusto Ciuffoletti
 
Extending the OCCI API with monitoring capabilities
Extending the OCCI API with monitoring capabilitiesExtending the OCCI API with monitoring capabilities
Extending the OCCI API with monitoring capabilitiesAugusto Ciuffoletti
 
Monitoring a virtual network infrastructure - An IaaS perspective
Monitoring a virtual network infrastructure - An IaaS perspectiveMonitoring a virtual network infrastructure - An IaaS perspective
Monitoring a virtual network infrastructure - An IaaS perspectiveAugusto Ciuffoletti
 
TIP: a course about IP convergence technology
TIP: a course about IP convergence technologyTIP: a course about IP convergence technology
TIP: a course about IP convergence technologyAugusto Ciuffoletti
 
Network Monitoring in the age of the Cloud
Network Monitoring in the age of the CloudNetwork Monitoring in the age of the Cloud
Network Monitoring in the age of the CloudAugusto Ciuffoletti
 
Grid Infrastructure Architecture A Modular Approach from CoreGRID
Grid Infrastructure Architecture A Modular Approach from CoreGRIDGrid Infrastructure Architecture A Modular Approach from CoreGRID
Grid Infrastructure Architecture A Modular Approach from CoreGRIDAugusto Ciuffoletti
 
Scalable concurrency control in a dynamic membership
Scalable concurrency control in a dynamic membershipScalable concurrency control in a dynamic membership
Scalable concurrency control in a dynamic membershipAugusto Ciuffoletti
 
Prototype Implementation of a Demand Driven Network Monitoring Architecture
Prototype Implementation of a Demand Driven Network Monitoring ArchitecturePrototype Implementation of a Demand Driven Network Monitoring Architecture
Prototype Implementation of a Demand Driven Network Monitoring ArchitectureAugusto Ciuffoletti
 
IEEE1588 - Collision avoidance for Delay_Req messages in broadcast media
IEEE1588 - Collision avoidance for Delay_Req messages in broadcast mediaIEEE1588 - Collision avoidance for Delay_Req messages in broadcast media
IEEE1588 - Collision avoidance for Delay_Req messages in broadcast mediaAugusto Ciuffoletti
 
Network Monitoring in the age of the Cloud
Network Monitoring in the age of the CloudNetwork Monitoring in the age of the Cloud
Network Monitoring in the age of the CloudAugusto Ciuffoletti
 

More from Augusto Ciuffoletti (20)

An open-source testbed for IoT systems
An open-source testbed for IoT systemsAn open-source testbed for IoT systems
An open-source testbed for IoT systems
 
0 basic
0 basic0 basic
0 basic
 
Thingspeak: integrazione
Thingspeak: integrazioneThingspeak: integrazione
Thingspeak: integrazione
 
Thingspeak: fondamenti
Thingspeak: fondamentiThingspeak: fondamenti
Thingspeak: fondamenti
 
Design and implementation of a low-cost modular sensor
Design and implementation of a low-cost modular sensorDesign and implementation of a low-cost modular sensor
Design and implementation of a low-cost modular sensor
 
ZHAW 2016 - OCCI for monitoring
ZHAW 2016 - OCCI for monitoringZHAW 2016 - OCCI for monitoring
ZHAW 2016 - OCCI for monitoring
 
Open Cloud Computing Interface
Open Cloud Computing InterfaceOpen Cloud Computing Interface
Open Cloud Computing Interface
 
Laboratorio Openstack
Laboratorio OpenstackLaboratorio Openstack
Laboratorio Openstack
 
Automated deployment of a microservice based monitoring architecture
Automated deployment of a microservice based monitoring architectureAutomated deployment of a microservice based monitoring architecture
Automated deployment of a microservice based monitoring architecture
 
OCCI Monitoring at OGF42 - Concepts and demo
OCCI Monitoring at OGF42 - Concepts and demoOCCI Monitoring at OGF42 - Concepts and demo
OCCI Monitoring at OGF42 - Concepts and demo
 
Extending the OCCI API with monitoring capabilities
Extending the OCCI API with monitoring capabilitiesExtending the OCCI API with monitoring capabilities
Extending the OCCI API with monitoring capabilities
 
2013 03 occi-monitoring
2013 03 occi-monitoring2013 03 occi-monitoring
2013 03 occi-monitoring
 
Monitoring a virtual network infrastructure - An IaaS perspective
Monitoring a virtual network infrastructure - An IaaS perspectiveMonitoring a virtual network infrastructure - An IaaS perspective
Monitoring a virtual network infrastructure - An IaaS perspective
 
TIP: a course about IP convergence technology
TIP: a course about IP convergence technologyTIP: a course about IP convergence technology
TIP: a course about IP convergence technology
 
Network Monitoring in the age of the Cloud
Network Monitoring in the age of the CloudNetwork Monitoring in the age of the Cloud
Network Monitoring in the age of the Cloud
 
Grid Infrastructure Architecture A Modular Approach from CoreGRID
Grid Infrastructure Architecture A Modular Approach from CoreGRIDGrid Infrastructure Architecture A Modular Approach from CoreGRID
Grid Infrastructure Architecture A Modular Approach from CoreGRID
 
Scalable concurrency control in a dynamic membership
Scalable concurrency control in a dynamic membershipScalable concurrency control in a dynamic membership
Scalable concurrency control in a dynamic membership
 
Prototype Implementation of a Demand Driven Network Monitoring Architecture
Prototype Implementation of a Demand Driven Network Monitoring ArchitecturePrototype Implementation of a Demand Driven Network Monitoring Architecture
Prototype Implementation of a Demand Driven Network Monitoring Architecture
 
IEEE1588 - Collision avoidance for Delay_Req messages in broadcast media
IEEE1588 - Collision avoidance for Delay_Req messages in broadcast mediaIEEE1588 - Collision avoidance for Delay_Req messages in broadcast media
IEEE1588 - Collision avoidance for Delay_Req messages in broadcast media
 
Network Monitoring in the age of the Cloud
Network Monitoring in the age of the CloudNetwork Monitoring in the age of the Cloud
Network Monitoring in the age of the Cloud
 

Recently uploaded

Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?XfilesPro
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetHyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetEnjoy Anytime
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 

Recently uploaded (20)

Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetHyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 

Secure token passing protocol at app level

  • 1. Secure token passing at application level http://dx.doi.org/10.1016/j.future.2009.12.003 Augusto Ciuffoletti University of Pisa Pisa – ITALY augusto@di.unipi.it
  • 2. What this paper is not about ● Many algorithms rely on a reliable token exchange (mutual exclusion, network overlay, etc) ● Few of them describe a protocol that effectively implements such operation ● None of them discusses an application level protocol ● Here we will not discuss an algorithm based on token exchange, but the token exchange itself ● Being implemented at the application level, it can be embedded in any sort of application
  • 3. Basics of a token ● Token presence reflects in the state of the application ● Persistence of several tokens is to be avoided ● Long periods of absence of token are to be avoided ● The token circulates fairly in the system ● A token is never forged, or spoofed (by unauthorized entities)
  • 4. A token passing protocol ● The presence of a token on a host must induce, after some time – the release of the token inside the host holding it, and – the presence of the token inside another host ● We consider that this operation (the token passing operation) is implemented with a protocol based on UDP datagrams ● In order to effectively implement the token passing operation, the protocol must fulfill some requirements...
  • 5. Protocol requirements ● Token passing latency is concentrated around a value: this ensures fairness ● Token passing failure with token loss is an infrequent event: this event deteriorates the performance of the system ● Token duplication is deterministically excluded: it would be extremely difficult to detect and recover from this event ● The presence of several (distinct) tokens in the system is an infrequent event: it deteriorates the performance of the system
  • 6. Protocol requirements ● The source of the token must be authenticated: this ensures that only trusted peers participate in token sharing The above requirement entails the maintenance of a trust relationship among participants. It is the kind of problem that may be solved using a token based scheme, and is related with the topology used to circulate the token. Here we propose a “vanilla” solution...
  • 7. Token circulation topology ● We introduce a full mesh topology (all-to-all) and a randomized circulation of the token ● As a consequence, the membership consists of all hosts sharing the token ● Such membership relies on the existence of a Certification Authority ● All datagrams in the protocol are signed, and exceptionally contain the certificate ● Hosts maintain a cache of certificates, and public keys of the peers
  • 8. Host architecture Token enters here Receiver Sender Port 9000 Process Unix pipe process Token exits here Local read/update Cache read
  • 9. 4-way token exchange protocol ● Types of packets: – Move pkt: submits token exchange – Acknowledge pkt: accepts packet exchange – Commit pkt: confirms token exchange – EarlyStop pkt: stops resending Commit pkts ● All types except EarlyStop can be resent ● Non conformant packets are silently dropped ● All packets are signed ● Resent packets carry sender certificate
  • 10. Sender process state diagram Transition notation: ● event (rcv or timeout) ● ------- ● action (send etc.) Transition arrow: ● blue: high probability ● yellow: low probability ● red: failure Transition label: ● green: send event
  • 11. Receiver process state diagram Transition notation: ● event (rcv or timeout) ● ------- ● action (send etc.) Transition arrow: ● blue: high probability ● yellow: low probability ● red: failure Transition label: ● green: send event
  • 12. Is it real? ● In order to assess the consistency of our specification, we implemented the specification using the Perl language ● It is about 700 lines of Perl code ● Exchanged packets are about 50 bytes long, 4 per token passing operation ● The security issues are partially implemented in the prototype: we use public keys instead of certificates issued by a cert. authority.
  • 13. Does it work? ● In order to assess the conformace of the prototype with respect to the requirements we run two experiments ● The first experiment was run in the real Internet, using a testbed of three hosts located in Italy and Greece ● The purpose was to establish the robustness against Internet failures ● The token kept bouncing among the hosts for as long as 20 days (one bounce every 5 secs) before being lost ● More details reported in paper...
  • 14. Does it work? ● Another experiment was run in a virtual network composed of 10 virtual hosts (using Netkit support) ● In that case, we injected token loss events and induced randomized delays ● Also in this case the results were satisfactory. They are not published in this issue.
  • 15. Conclusions ● A communication protocol that ensures a reliable token passing operation is a basic building block ● An authentication mechanism is required in order to protect from disruptive intrusions These results have been published in the Future Generation Computer Systems journal. The Perl implementation of the protocol is available at the Wandering Token home page.
  • 16. Useful links ● Augusto Ciuffoletti. Secure token passing at application level. Future Generation Computer Systems, 2010. doi:10.1016/j.future.2009.12.003. ● Wandering token home page: http://www.di.unipi.it/~augusto/WanderingToken/index.html