• Nem Talált Eredményt

10 Conclusions

In document Acta 2502 y (Pldal 180-187)

In our research, we found that the trade-off problem - presented in the CAP and PACELC theorems - can have significant effects in different telemedicine use-cases.

Related works described the consequences of having an inappropriate balance be- tween availability and consistency. Our experiences in real-world telemedicine sce- narios helped us to demonstrate how our system can be easily tuned and adapted under different circumstances. We introduced a new methodology for modelling information critical heterogenous systems, and verified these systems and metrics by constructing state graphs and evaluating them via graph traversal. Moreover,

NO S(self) =Δ pc[self] =“NO S”

if(lat db[self]<db latency)

then lat db= [lat dbexcept ![self] =lat db[self] + 1]

pc= [pcexcept ![self] =“NO S”]

unchangeddb type,dbData,Cache else db type=“PC/EC”

Cache=false

dbData=[d(Head(clientData).d),typedb type]dbData

pc= [pcexcept ![self] =“DB”]

unchangedlat db

unchangeddb latency,proc latency,clientData,procData, readData,cachedData,K,num op,data,lat proc, d

Figure 8: Formal definition of the process from theNO S class SO NS(self) =Δ pc[self] =“SO NS”

if(lat db[self]<db latency)

then lat db= [lat dbexcept ![self] =lat db[self] + 1]

pc= [pc except![self] =“SO NS”]

unchangeddb type,dbData,K,Cache else db type=“PC/EL”

Cache=true

K= 3

dbData=[d(Head(clientData).d),typedb type]dbData

pc= [pc except![self] =“DB”]

unchangedlat db

unchangeddb latency,proc latency,clientData,procData, readData,cachedData,num op,data,lat proc,d

Figure 9: Formal definition of the process from theSO NS class SO S(self) =Δ pc[self] =“SO S”

if(lat db[self]<db latency)

then lat db= [lat db except![self] =lat db[self] + 1]

pc= [pcexcept ![self] =“SO S”]

unchangeddb type,dbData,K,Cache else db type=“PC/EL”

Cache=true

K= 0

dbData=[d(Head(clientData).d),typedb type]dbData

pc= [pcexcept ![self] =“DB”]

unchangedlat db

unchangeddb latency,proc latency,clientData,procData, readData,cachedData,num op,data,lat proc,d

Figure 10: Formal definition of the process from theSO S class

we presented a distance-based metric for the data quality measurement of numeric data portions in telemedicine systems. Since the mentioned use-cases are real tele-

O NS(self) =Δ pc[self] =“O NS”

if(lat db[self]<db latency)

then lat db= [lat db except ![self] =lat db[self] + 1]

pc= [pcexcept ![self] =“O NS”]

unchangeddb type,dbData,K,Cache else db type=“PA/EL”

Cache=true

K= 5

dbData=[d(Head(clientData).d),typedb type]dbData

pc= [pcexcept ![self] =“DB”]

unchangedlat db

unchangeddb latency,proc latency,clientData,procData, readData,cachedData,num op,data,lat proc,d

Figure 11: Formal definition of the process from theO NS class O S(self) =Δ pc[self] =“O S”

if(lat db[self]<db latency)

then lat db= [lat dbexcept ![self] =lat db[self] + 1]

pc= [pcexcept ![self] =“O S”]

unchangeddb type,dbData,K,Cache else db type=“PA/EL”

Cache=true

K= 3

dbData=[d(Head(clientData).d),typedb type]dbData

pc= [pcexcept ![self] =“DB”]

unchangedlat db

unchangeddb latency,proc latency,clientData,procData, readData,cachedData,num op,data,lat proc,d

Figure 12: Formal definition of the process from theO S class

medicine systems as well, it is planned to make measurements during their project pilots using event-based thechniques for tracking the applications and the servers.

System modelling and data quality measurements helped us to elaborate a tax- onomy for distributed telemedicine systems based on the trade-off problem and explore hypothetical-zero-latency phenomenon. In the future, we plan to extend our current taxonomy, introduce more use-cases that can be categorized and exam- inehypothetical-zero-latency cases in greater detail.

References

[1] Abadi, Daniel. Consistency tradeoffs in modern distributed database system design: CAP is only part of the story.IEEE Computer, 45:37–42, 2012. DOI:

10.1109/MC.2012.33.

[2] Bailis, Peter, Venkataraman, Shivaram, Franklin, Michael, Hellerstein, Joseph,

and Stoica, Ion. Probabilistically bounded staleness for practical partial quo- rums. Proceedings of the VLDB Endowment, 5, 2012. DOI: 10.14778/

2212351.2212359.

[3] Bhandari, Sabin, Sharma, Shree Krishna, and Wang, Xianbin. Latency min- imization in wireless IoT using prioritized channel access and data aggrega- tion. InGLOBECOM 2017 — 2017 IEEE Global Communications Conference, 2017. DOI: 10.1109/GLOCOM.2017.8255038.

[4] Bobba, Rakesh, Grov, Jon, Gupta, Indranil, Liu, Si, Meseguer, Jose, ¨Olveczky, Peter, and Skeirik, Stephen.Survivability: Design, Formal Modeling, and Val- idation of Cloud Storage Systems Using Maude. InAssured Cloud Computing, pages 10–48. Wiley, 2018. DOI: 10.1002/9781119428497.ch2.

[5] Boromisza, Piroska. A XVI. eg´eszs´eg¨ugyi infokommunik´aci´os konferenci´ar´ol jelentj¨uk. IME - Interdiszciplin´aris Magyar Eg´eszs´eg¨ugy, 17:55–57, 2018.

[6] Brewer, Eric. CAP twelve years later: How the ”rules” have changed. Com- puter, 45:23–29, 2012. DOI: 10.1109/MC.2012.37.

[7] F. Silva, Tiago. The good, the bad and the ugly in software development.

https://tiagodev.wordpress.com/tag/event-loop/. Accessed: 2021-03- 15.

[8] Gamal, Aya, Barakat, Sherif, and Rezk, Amira. Standardized electronic health record data modeling and persistence: A comparative review. Jour- nal of Biomedical Informatics, 114:103670, 2021. DOI: 10.1016/j.jbi.2020.

103670.

[9] Gessert, Felix, Wingerath, Wolfram, Friedrich, Steffen, and Ritter, Norbert.

NoSQL database systems: A survey and decision guidance. Computer Science

— Research and Development, 32:353–365, 2017. DOI: 10.1007/s00450- 016-0334-3.

[10] GlobalDots. https://www.globaldots.com/content-delivery-network- explained. Accessed: 2020-09-29.

[11] Google. Extend cloud firestore with cloud functions. https://firebase.

google.com/docs/firestore/extend-with-functions. Accessed: 2020-09- 29.

[12] Heinrich, Bernd, Kaiser, Marcus, and Klier, Mathias. How to measure data quality? — A metric based approach. InInternational Conference on Infor- mation Systems, 2007.

[13] HL7. FHIR overview. https://www.hl7.org/fhir/overview.html. Ac- cessed: 2020-09-25.

[14] Hungarian Government. Magyar k¨ozl¨ony, 2020. 157/2020. (IV. 29.), Accessed:

2020-09-25.

[15] J´anki, Zolt´an Rich´ard and Bilicki, Vilmos. Crosslayer cache for telemedicine.

InThe 12th Conference of PhD Students in Computer Science, pages 159–163, 2020.

[16] Kibsgaard, Martin and Kraus, Martin. Measuring the latency of an aug- mented reality system for robot-assisted minimally invasive surgery. In Proceedings of the 12th International Joint Conference on Computer Vi- sion, Imaging and Computer Graphics Theory and Applications — GRAPP, (VISIGRAPP 2017), pages 321–326. INSTICC, SciTePress, 2017. DOI:

10.5220/0006274203210326.

[17] Kraemer, Frank, Br¨aten, Anders, Tamkittikhun, Nattachart, and Palma, David. Fog computing in healthcare — A review and discussion.IEEE Access, 5:9206–9222, 2017. DOI: 10.1109/ACCESS.2017.2704100.

[18] Lamport, Leslie, Matthews, John, Tuttle, Mark, and Yu, Yuan. Specifying and verifying systems with TLA+. InProceedings of the 10th Workshop on ACM SIGOPS European Workshop, EW 10, pages 45–48, New York, NY, USA, 2002.

Association for Computing Machinery. DOI: 10.1145/1133373.1133382.

[19] Larburu, Nekane, Bults, Richard, and Hermens, Hermie. Quality-of-data man- agement for telemedicine systems. Procedia Computer Science, 63:451–458, 2015. DOI: 10.1016/j.procs.2015.08.367.

[20] Malindi, Phumzile. QoS in telemedicine. In Telemedicine Techniques and Applications, 2011. DOI: 10.5772/20240.

[21] Maude. Maude overview. http://maude.cs.illinois.edu/w/index.php/

Maude_Overview. Accessed: 2020-09-28.

[22] Microsoft. What are consistency levels in Azure Cosmos DB? https://docs.

microsoft.com/en-gb/azure/cosmos-db/consistency-levels, 2020. Ac- cessed: 2020-09-25.

[23] Newcombe, Chris, Rath, Tim, Zhang, Fan, Munteanu, Bogdan, Brooker, Marc, and Deardeuff, Michael. Use of formal methods at Ama- zon Web Services. https://lamport.azurewebsites.net/tla/formal- methods-amazon.pdf, 2014. Accessed: 2020-09-25.

[24] Poli, John. Compute performance — Distance of data as a mea- sure of latency. https://formulusblack.com/blog/compute-performance- distance-of-data-as-a-measure-of-latency/. Accessed: 2021-03-15.

[25] Saini, Anjali and Yadav, P.K. Distributed system and its role in healthcare system. International Journal of Computer Science and Mobile Computing, 4:302–308, 2015.

Evaluating the Performance

of a Novel JWT Revocation Strategy

L´ aszl´ o Viktor J´ anoky

ab

, P´ eter Ekler

ac

, and J´ anos Levendovszky

de

Abstract

JSON Web Tokens (JWT) provide a scalable, distributed way of user access control for modern web-based systems. The main advantage of the scheme is that the tokens are valid by themselves - through the use of digital signing - also imply its greatest weakness. Once issued, there is no trivial way to revoke a JWT token. In our work, we present a novel approach for this revocation problem, overcoming some of the problems of currently used solutions. To compare our solution to the established solutions, we also introduce the mathematical framework of comparison, which we ultimately test using real-world measurements.

Keywords: JWT, JSON Web Tokens, user access control

1 Introduction

In the field of web application security, JSON Web Tokens play an increasingly significant role. They are very well suited for application in distributed systems, as their validation can be done by the consuming service, without the need for central access to a trusted source. This property, however, also means that there is no easy way to revoke a token once it has been issued.

This paper overviews the current revocation strategies and introduces a math- ematical framework for comparison to help system designers find the optimal solu- tion. The mathematical framework is then validated with measurements on a real

The research reported in this paper was supported by the BME Artificial Intelligence TKP2020 IE grant of NKFIH Hungary (BME IE-MI-SC TKP2020). Project no. FIEK 16-1-2016-0007 has been implemented with the support provided from the National Research, Development and Innovation Fund of Hungary, financed under the Centre for Higher Education and Industrial Cooperation – Research infrastructure development (FIEK 16) funding scheme.

aDepartment of Automation and Applied Informatics, Budapest University of Technology and Economics, Hungary

bE-mail:janoky.laszlo@aut.bme.hu, ORCID:0000-0002-9070-9026

cE-mail:peter.ekler@aut.bme.hu, ORCID:0000-0002-2396-3606

dDepartment of Networked Systems and Services, Budapest University of Technology and Economics, Hungary

eE-mail:levendov@hit.bme.hu, ORCID:0000-0003-1406-442X

DOI:10.14232/actacyb.289455

application. We also further elaborate on our novel solution, first introduced in [7]. After its brief introduction, our method is compared with the other strategies using the common mathematical framework.

The paper is structured as follows: Section 1 provides an overview of the cur- rently used revocation schemes and their main characteristics. In Section 2, we present a detailed description of our new approach. Section 3 deals with the formal description of the performance characteristics of the different strategies, including our solution. In Section 4, we verify our cost model by measuring different revo- cation schemes in a real application. Finally, Section 5 wraps the discussion by providing an overview of the work done.

1.1 Literature review

The main source of literature regarding JSON Web Tokens is theRequest for Com- ments (RFC) documents of the Internet Society (ISOC). For example, RFC 7519 [9] describes the basics of JSON Web Tokens (JWT) as ”URL safe means of repre- senting claims to be transferred between two parties”.

While this definition is correct, JWTs are increasingly used in web applications as part of different authentication and authorization schemes, such as bearer tokens [6] in the OAuth2 framework [5] [10] or OpenID Connect [13]. The introspection of these tokens are described in RFC 7662 [12], which briefly touches the question of revocation without providing details on its implementation.

As the problem is more of a practical than theoretical kind, current industry approaches for JWT revocation can be found in technical documentation of different authentication solutions [11] [2], or technical blog posts such as [4] instead of more traditional scientific papers.

1.2 Overview of JSON Web Token Revocation methods

A JWT used to determine access for a protected resource is called an access token in these schemes. The token is usually digitally signed or otherwise cryptographically secured [8]. In both cases, we simply refer to the signing key or the public key as a secret.

In most scenarios, the access tokens are issued along with a second, more tradi- tional, server-side token called a refresh token. This second token makes it possible for the client to acquire a new access token in the future.

When a client logs out from the system, the refresh token is destroyed, and existing JWT tokens are revoked. This revocation is not a trivial task, as the validity of a JWT is determined by the cryptographic assurance, which cannot be easily revoked.

Short-lived tokens: Each generated JWT token has a finite, usually very short lifespan. In this scheme, a token is never directly revoked, but the means of acquiring new tokens are made unavailable (i.e. the refresh token is destroyed).

Hence when the short lifespan runs out, no further access is possible to the system.

Blacklist: In the case of a blacklist, revoked access tokens are placed in a shared location (typically a database), where each consuming service can check for invalidated tokens. The big downside of this approach is that it requires data access for each request served - even for ones with valid tokens; thus, the token’s validity can no longer be determined in itself.

Secret change: A rarely used solution for invalidation is the changing of the cryptographic secret used to issue and check the validity of tokens. Changing this secret leads to all tokens being revoked, but still logged in users can apply for new ones using their refresh token.

In document Acta 2502 y (Pldal 180-187)