Integrating Kerberos in OpenStack cloud infrastructure as a service
Infrastructure as a Service (IaaS) is one of the three fundamental service models of cloud computing besides Platform as a Service (PaaS) and Software as a Service (SaaS). IaaS provides access to the computing resources such as compute, storage and networking services in a virtualized environment using a public connection like internet. Instead of having to purchase hardware outright, users can purchase IaaS based on their consumption, similar to electricity or other utility billing. An IaaS consumer can usually access these resources through a web browser need not manage or control the underlying physical infrastructure but has control over operating systems, storage, deployed applications, and possibly limited control of select networking components. IaaS can be utilized by enterprise customers to create cost effective and easily scalable IT solutions. Amazon Web Services (AWS), Microsoft Azure, Google Compute Engine (GCE), Rackspace are the leading IaaS providers. OpenStack is one such open source IaaS platform. OpenStack is an open source cloud computing operating system. OpenStack operating system assimilates the underlying physical infrastructure into a pool of common resources such as compute, storage and networks. These resources can be provisioned into flexible units that are quickly allotted as per the user's demands. Users can configure their systems using these resources on a self-service and pay as you use basis from a web based user interface. OpenStack evolves to be a popular IaaS solution. This research primarily focuses on OpenStack's central identity management service called as keystone. Keystone is organized as a group of internal services such as identity, token, catalog and policy services. All the users in OpenStack are registered with keystone. The identity service authenticates OpenStack users and services based on user credentials such as username and password. Upon validating these credentials keystone generates and issues an authentication token called as "Bearer token" which the user uses subsequently to access OpenStack services. The user forwards this token to access other OpenStack services in order to perform certain user related operations. On receiving it, the OpenStack service verifies the token validation time and authorizes the user to perform the requested operation. In the recent times there has been a growing interest in the OpenStack user community to improve the user authentication in keystone. The current authentication mechanism uses bearer tokens. Bearer token means that whoever possesses the token has all the rights associated with that person. These tokens are forwarded by the users across all of the public services in an OpenStack deployment. Hence, if a malicious entity steals the bearer token associated with a person, it can impersonate as the original user. As OpenStack grows and this token is presented to the ever increasing list of services the vulnerability of this mechanism increases which may compromise the security of OpenStack users and needs to be addressed. To address the problem of token impersonation a secure user authentication protocol like Kerberos can prove to be very effective. Kerberos mechanism allows users to authenticate using symmetric key encryption by the collaboration of a reliable third-party called as a Key Distribution Center (KDC). In addition to that, Kerberos allow users access to the services without the need of repeating the authentication process as long as the session stays alive; this feature is known as single sign on. In this thesis, a systematic study of the keystone architecture and the existing token based user authentication is conducted. Based on it a proof of concept model of Kerberos is designed to verify the feasibility to integrate Kerberos with the existing token based authentication. This proposed model is further implemented at the keystone by leveraging the underlying token mechanism and by linking the Kerberos credentials with the token which provides an added layer of security to the existing mechanism. Benchmark tests are performed to evaluate the cost incurred by the proposed implementation.