6 research outputs found
SINGLE SIGN ON SYSTEM
This report is provided to explain regarding the Single Sign-On system. In this report, it
will give a thorough view on Single Sign-On focusing on the system purpose, scope of
study, methodology, results and conclusion. For the purpose point of view, this system is
a type of software authentication that enables a userto authenticate once and gainaccess
to the resources of multiple software systems. This is to make sure that the user
authentication process becomes easy as they don't have to enter multiple usernames and
passwords for multiple systems. In order to achieve this objective, the scope of the
system has to be analyzed first. For this system, it will only relate to the systemsthat are
web-based applications. In other words, we can call this system as Single Sign-On Web
Portal. For the methodology part, PHP language as well as Apache server will be used to
complete this project. It is one of the most demanding types of programming language
nowadays. This system will also be divided into 2 parts: user interface and administration
interface. For the results part, this report will shown the work progress as well as the
screenshot of the system interface. The discussions along the work progress will also
being included. Last but not, for the conclusion part, this report will conclude all the work
done and provide recommendation for system enhancement in the future. This report will
be guidance through out the system, from the first it being planned until the end product
comes out
Mk_accounts: an enterprise-wide account management tool for Unix operating systems
This masters project describes the development of a script called mk_accounts to aid account management tasks on Unix systems. At Cisco Systems within the Information Technology division, there was a need to improve the process by which user accounts were added, deleted or modified on Unix servers across the enterprise. After evaluating several alternatives, the decision was made to write a client-server script that could be rapidly deployed to all servers within the IT organization and operated from a central location. This script met all requirements in terms of security, availability, efficiency, scalability and flexibility. In addition, implementation was non-disruptive to the business, leveraged the existing infrastructure and was rapidly designed and deployed
Provably Secure Identity-Based Remote Password Registration
One of the most significant challenges is the secure user authentication. If it becomes breached, confidentiality and integrity of the data or services may be compromised. The most widespread solution for entity authentication is the password-based scheme. It is easy to use and deploy. During password registration typically users create or activate their account along with their password through their verification email, and service providers are authenticated based on their SSL/TLS certificate. We propose a password registration scheme based on identity-based cryptography, i.e. both the user and the service provider are authenticated by their short-lived identity-based secret key. For secure storage a bilinear map with a salt is applied, therefore in case of an offline attack the adversary is forced to calculate a computationally expensive bilinear map for each password candidate and salt that slows down the attack. New adversarial model with new secure password registration scheme are introduced. We show that the proposed protocol is based on the assumptions that Bilinear Diffie-Hellman problem is computationally infeasible, bilinear map is a one-way function and Mac is existentially unforgeable under an adaptive chosen-message attack
Interdomain User Authentication and Privacy
This thesis looks at the issue of interdomain user authentication, i.e. user
authentication in systems that extend over more than one administrative
domain. It is divided into three parts. After a brief overview of related
literature, the first part provides a taxonomy of current approaches to the
problem. The taxonomy is first used to identify the relative strengths and
weaknesses of each approach, and then employed as the basis for putting into
context four concrete and novel schemes that are subsequently proposed in
this part of the thesis. Three of these schemes build on existing technology;
the first on 2nd and 3rd-generation cellular (mobile) telephony, the second on
credit/debit smartcards, and the third on Trusted Computing. The fourth
scheme is, in certain ways, different from the others. Most notably, unlike the
other three schemes, it does not require the user to possess tamper-resistant
hardware, and it is suitable for use from an untrusted access device. An
implementation of the latter scheme (which works as a web proxy) is also
described in this part of the thesis.
As the need to preserve one’s privacy continues to gain importance in the
digital world, it is important to enhance user authentication schemes with
properties that enable users to remain anonymous (yet authenticated). In
the second part of the thesis, anonymous credential systems are identified as
a tool that can be used to achieve this goal. A formal model that captures
relevant security and privacy notions for such systems is proposed. From this
model, it is evident that there exist certain inherent limits to the privacy that
such systems can offer. These are examined in more detail, and a scheme
is proposed that mitigates the exposure to certain attacks that exploit these
limits in order to compromise user privacy. The second part of the thesis
also shows how to use an anonymous credential system in order to facilitate
what we call ‘privacy-aware single sign-on’ in an open environment. The
scheme enables the user to authenticate himself to service providers under
separate identifier, where these identifiers cannot be linked to each other,
even if all service providers collude. It is demonstrated that the anonymity
enhancement scheme proposed earlier is particularly suited in this special
application of anonymous credential systems.
Finally, the third part of the thesis concludes with some open research
questions