Embed Size (px)
DESCRIPTION
aasasa
Citation preview
Advanced Mechanism for Single Sign-On for Distributed Computer Networks
by K.Niranjan Reddy
under the guidance of
G.Suresh ReddyAssoc.Professor & HOD
Department of Information and Technology
VNR VIGNANA JYOTHI INSTITUTE OF ENGINEERING AND TECHNOLOGY
single sign-on(SSO) provides access to many resources once the user is initially authenticated .
it increases the negative impact in case the credentials are available to other persons and misused.
Therefore, single sign-on requires an increased focus on the protection of the user credentials, and should ideally be combined with strong authentication methods
Abstract
Credential privacy Soundness of authentication
Conti…
Password based authentication Two-Factor Authentication technique With the increasing usage of network
services, a user may need to maintain more and more ID/password pairs for accessing different distributed service providers.
Existing SSO schemes which are failed to provide security
Existing system
In Password based authentication security is not reliable since leaking of the table could lead to system breakage.
Two factor scheme vulnerable to impersonation attacks.
* Credential privacy & soundness of authentication
Disadvantages of Existing
Single sign on mechanism to access the multi service provider.
Mutual authentication
General RSA for service provider authentication
Standard RSA signature for user authentication
Proposed system
• Multiple passwords are no longer required
• Improves management of users’ accounts and
authorizations to all associates systems
• Reduces administrative overhead in resetting forgotten
passwords over multiple platforms and applications
• Reduces the time taken by users to log into multiple
applications and platforms
Advantages of proposed system
Initiation for key distribution
User registration for validation
Provider side User identification
Secure signature generation
Secure RSA VES scheme for authentication.
Modules
The trusted authority generate the two prime for the key generation process.
In this process RSA public and private keys are generated based on the above prime values.
Finally it publish the all keys and maintain secret key itself.
Initiation for key distribution
The user send the fixed size ID to the trusted authority .
The trusted authority get the user ID and process it for validation.
Each service provider maintain user ID in the RSA parameter.
This transaction make in secure channel.
User registration for validation
The user has responsible to send service request to service provider.
User request processed at the service environment for validation process.
Here the using of symmetric key encryption methodology provide the authentication to user.
The service provider take the random values for encryption process.
Provider side User identification
Here we predict the attacks in chang lee scheme . There is totally two types of attack happen in this area. Credential recovering attack allow the service provider
to recover the user credential. The RSA public and private key pair provide the way to
attack. Second one is impersonation attack, attacker E send the
request to service provider as a normal user.
Credential attacks on chang lee scheme
In this phase, RSA-VES is employed to authenticate a user, while a normal signature is used for service provider authentication.
The user send the process request to service provider . The service provider authenticate the user login by RSA-
VES scheme. Here the signature is used to the user authentication.
Secure RSA VES scheme for authentication.
Dataflow diagram
start
Initiation phase
Prime selection &form key generation
Publish key pair & keep secret
key
User registration phase
User request
Service provider check
Id & signatur
e
Authentication phase
User request send
Service provider receive
verify User access
valid
invalid
check
end
ER Diagram
Use case diagram
Class diagram
Sequence diagram
SSO scheme protect against two basic requirements.
Soundness- An unregistered user without a credential should not be able to access the services offered by service providers.
Credential privacy guarantees that colluded dishonest service providers should not be able to fully recover a user’s credential and then impersonate the user to log in other service providers.
conclusion
THANK YOU
.
