Scribd Logo
Upload

Welcome to Scribd!

  • Advanced Mechanism For: Single Sign-On For Distributed Computer Networks

    Uploaded by

    Dil Ip
    16 views21 pages
    This document proposes an advanced mechanism for single sign-on (SSO) in distributed computer networks. It summarizes that SSO allows access to multiple resources with one authentication, but this increases risks if credentials are compromised. The proposed system uses mutual authentication with RSA for provider authentication and signatures for user authentication. It aims to provide credential privacy, sound authentication, and address weaknesses in password-based and two-factor authentication schemes.

    Original Description:

    aasasa

    Original Title

    13071D7802design ppt_2

    Copyright

    © © All Rights Reserved

    Available Formats

    PPTX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document proposes an advanced mechanism for single sign-on (SSO) in distributed computer networks. It summarizes that SSO allows access to multiple resources with one authentication, but this increases risks if credentials are compromised. The proposed system uses mutual authentication with RSA for provider authentication and signatures for user authentication. It aims to provide credential privacy, sound authentication, and address weaknesses in password-based and two-factor authentication schemes.

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    16 views21 pages

    Advanced Mechanism For: Single Sign-On For Distributed Computer Networks

    Uploaded by

    Dil Ip
    This document proposes an advanced mechanism for single sign-on (SSO) in distributed computer networks. It summarizes that SSO allows access to multiple resources with one authentication, but this increases risks if credentials are compromised. The proposed system uses mutual authentication with RSA for provider authentication and signatures for user authentication. It aims to provide credential privacy, sound authentication, and address weaknesses in password-based and two-factor authentication schemes.

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 21

    Advanced Mechanism for Single Sign-On

    for Distributed Computer Networks


    by
    K.Niranjan Reddy
    under the guidance of

    G.Suresh Reddy
    Assoc.Professor & HOD
    Department of Information and Technology

    Abstract
    single sign-on(SSO) provides access to many
    resources once the user is initially authenticated .
    it increases the negative impact in case the
    credentials are available to other persons and
    misused.
    Therefore, single sign-on requires an increased
    focus on the protection of the user credentials,
    and should ideally be combined with strong
    authentication methods

    Conti
    Credential privacy
    Soundness of authentication

    Existing system
    Password based authentication
    Two-Factor Authentication technique
    With the increasing usage of network
    services, a user may need to maintain more
    and more ID/password pairs for accessing
    different distributed service providers.
    Existing SSO schemes which are failed to
    provide security

    Disadvantages of Existing
    In Password based authentication security is
    not reliable since leaking of the table could
    lead to system breakage.
    Two factor scheme vulnerable to
    impersonation attacks.
    * Credential privacy & soundness of
    authentication

    Proposed system
    Single sign on mechanism to access the multi
    service provider.
    Mutual authentication
    General RSA for service provider authentication
    Standard RSA signature for user authentication

    Advantages of proposed system

    Multiple passwords are no longer required


    Improves

    management

    of

    users

    accounts

    and

    authorizations to all associates systems


    Reduces

    administrative

    overhead

    in

    resetting

    forgotten passwords over multiple platforms and


    applications
    Reduces the time taken by users to log into multiple
    applications and platforms

    Modules
    Initiation for key distribution
    User registration for validation
    Provider side User identification
    Secure signature generation
    Secure RSA VES scheme for authentication.

    Initiation for key distribution

    The trusted authority generate the two


    prime for the key generation process.
    In this process RSA public and private keys
    are generated based on the above prime
    values.
    Finally it publish the all keys and maintain
    secret key itself.

    User registration for validation

    The user send the fixed size ID to the trusted authority .


    The trusted authority get the user ID and process it for
    validation.
    Each service provider maintain user ID in the RSA
    parameter.
    This transaction make in secure channel.

    Provider side User identification

    The user has responsible to send service request to


    service provider.
    User request processed at the service environment for
    validation process.
    Here the using of symmetric key encryption
    methodology provide the authentication to user.
    The service provider take the random values for
    encryption process.

    Credential attacks on chang lee scheme

    Here we predict the attacks in chang lee scheme .


    There is totally two types of attack happen in this area.
    Credential recovering attack allow the service provider
    to recover the user credential.
    The RSA public and private key pair provide the way to
    attack.
    Second one is impersonation attack, attacker E send the
    request to service provider as a normal user.

    Secure RSA VES scheme for authentication.

    In this phase, RSA-VES is employed to authenticate a


    user, while a normal signature is used for service
    provider authentication.
    The user send the process request to service provider .
    The service provider authenticate the user login by RSAVES scheme.
    Here the signature is used to the user authentication.

    Dataflow
    diagram

    start
    Initiation phase
    Prime selection
    &form key
    generation

    Publish key pair


    & keep secret
    key
    User registration phase
    User request
    Id &
    signatur
    e
    Service provider
    check

    Authentication phase

    end

    chec
    k
    valid

    User request
    send
    Service provider
    receive
    verify

    invalid

    User access

    ER Diagram

    Use case diagram

    Class diagram

    Sequence diagram

    conclusion
    SSO scheme protect against two basic requirements.
    Soundness- An unregistered user without a credential
    should not be able to access the services offered by
    service providers.
    Credential privacy guarantees that colluded dishonest
    service providers should not be able to fully recover a
    users credential and then impersonate the user to log
    in other service providers.

    THANK YOU

    You might also like