A New Simplified Federated Single Sign-on System

The work presented in this MPhil thesis addresses this challenge by developing a new simplified FSSO system that allows end-users to access desktop systems, web-based services/applications and non-web based services/applications using one authentication process. This new system achieves this using two major components: an “Authentication Infrastructure Integration Program (AIIP) and an “Integration of Desktop Authentication and Web-based Authentication (IDAWA). The AIIP acquires Kerberos tickets (for end-users who have been authenticated by a Kerberos single sign-on system in one net- work domain) from Kerberos single sign-on systems in different network domains without establishing trust between these Kerberos single sign-on systems. The IDAWA is an extension to the web-based authentication systems (i.e. the web portal), and it authenticates end-users by verifying the end-users\u27 Kerberos tickets. This research also developed new criteria to determine which FSSO system can deliver true single sign-on to the end-users (i.e. allowing end-users to access desktop systems, web-based services/applications and non-web based services/applications using one authentication process). The evaluation shows that the new simplified FSSO system (i.e. the combination of AIIP and IDAWA) can deliver true single sign-on to the end- users. In addition, the evaluation shows the new simplified FSSO system has advantages over existing FSSO systems as it does not require additional modifications to network domains\u27 existing non-web based authentication infrastructures (i.e. Kerberos single sign- on systems) and their firewall rules

Efficient Three Party Key Exchange Protocol

Key exchange protocols allow two or more parties communicating over a public network to establish a common secret key called a session key. In 1976, Diffie and Hellman proposed the first practical key exchange (DH key exchange) protocol. In 2005, Abdalla and Pointcheval suggested a new variation of the computational DH assumption called chosen based computational Diffie Hellman (CCDH) and presented simple password based authenticated key exchange protocols. Since then several three party password authenticated key agreement protocols have been proposed In 2007, Lu and Cao proposed a simple 3 party authenticated key exchange (S-3PAKE) protocol. Kim and Koi found that this protocol cannot resist undetectable online password guessing attack and gave fixed STPKE' protocol as a countermeasure using exclusive-or operation. Recently, Tallapally and Padmavathy found that STPKE' is still vulnerable to undetectable online password guessing attack and gave a modified STPKE' protocol. Unfortunately, we find that, although modified STPKE' protocol can resist undetectable online password guessing attack but it is vulnerable to man in the middle attack. Also, we propose and analyze an efficient protocol against all the known attacks

Man-in-the-Machine : Exploiting Ill-Secured Communication Inside the Computer

Peer reviewe