AHAC: Advanced Network-Hiding Access Control Framework

Author:

Xu Mudi1ORCID,Chen Benfeng2,Tan Zhizhong1ORCID,Chen Shan3,Wang Lei1,Liu Yan1,San Tai Io4,Fong Sou Wang4,Wang Wenyong1,Feng Jing5

Affiliation:

1. School of Computer Science and Engineering, Macau University of Science and Technology, Macau 999078, China

2. AI Thrust, The Hong Kong University of Science and Technology (Guangzhou), Guangzhou 510000, China

3. Hangzhou Xianyin Information Technology Co., Ltd., Hangzhou 310000, China

4. Fnetlink Tecnology Co., Ltd., Macau 999078, China

5. China Telecom Co., Ltd. Sichuan Branch, Chengdu 610000, China

Abstract

In the current context of rapid Internet of Things (IoT) and cloud computing technology development, the Single Packet Authorization (SPA) protocol faces increasing challenges, such as security threats from Distributed Denial of Service (DDoS) attacks. To address these issues, we propose the Advanced Network-Hiding Access Control (AHAC) framework, designed to enhance security by reducing network environment exposure and providing secure access methods. AHAC introduces an independent control surface as the access proxy service and combines it with a noise generation mechanism for encrypted access schemes, replacing the traditional RSA signature method used in SPA protocols. This framework significantly improves system security, reduces computational costs, and enhances key verification efficiency. The AHAC framework addresses several limitations inherent in SPA: users need to know the IP address of resources in advance, exposing the resource address to potential attacks; SPA’s one-way authentication mechanism is insufficient for multi-level authentication in dynamic environments; deploying the knocking module and protected resources on the same host can lead to resource exhaustion and service unavailability under heavy loads; and SPA often uses high-overhead encryption algorithms like RSA2048. To counter these limitations, AHAC separates the Port Knocking module from the access control module, supports mutual authentication, and implements an extensible two-way communication mechanism. It also employs ECC and ECDH algorithms, enhancing security while reducing computational costs. We conducted extensive experiments to validate AHAC’s performance, high availability, extensibility, and compatibility. The experiments compared AHAC with traditional SPA in terms of time cost and performance.

Funder

Macao Science and Technology Development Fund Project

Publisher

MDPI AG

Reference34 articles.

1. A survey on zero trust architecture: Challenges and future trends;He;Wirel. Commun. Mob. Comput.,2022

2. Toward Zero-Trust 6GC: A Software Defined Perimeter Approach with Dynamic Moving Target Defense Mechanism;Abdelhay;IEEE Wirel. Commun.,2024

3. Intelligent authentication for identity and access management: A review paper;Mohammed;Int. J. Manag. Eng. (IJMIE),2013

4. Strengthening Enterprise Security through the Adoption of Zero Trust Architecture—A Focus on Micro-segmentation Approach;Joo;Converg. Secur. J.,2023

5. Sheikh, N., Pawar, M., and Lawrence, V. (2021, January 10–13). Zero trust using network micro segmentation. Proceedings of the IEEE INFOCOM 2021—IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS), Vancouver, BC, Canada.

同舟云学术

1.学者识别学者识别

2.学术分析学术分析

3.人才评估人才评估

"同舟云学术"是以全球学者为主线,采集、加工和组织学术论文而形成的新型学术文献查询和分析系统,可以对全球学者进行文献检索和人才价值评估。用户可以通过关注某些学科领域的顶尖人物而持续追踪该领域的学科进展和研究前沿。经过近期的数据扩容,当前同舟云学术共收录了国内外主流学术期刊6万余种,收集的期刊论文及会议论文总量共计约1.5亿篇,并以每天添加12000余篇中外论文的速度递增。我们也可以为用户提供个性化、定制化的学者数据。欢迎来电咨询!咨询电话:010-8811{复制后删除}0370

www.globalauthorid.com

TOP

Copyright © 2019-2024 北京同舟云网络信息技术有限公司
京公网安备11010802033243号  京ICP备18003416号-3