Project

923 views

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
923
On SlideShare
0
From Embeds
0
Number of Embeds
3
Actions
Shares
0
Downloads
14
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Project

  1. 1. A Combination of Multi Factor Authentication and Single Sign-on Event to Improve Security for Ubiquitous Desktops in Virtual and Cloud Computing Environment <ul><ul><li>M. Neela Muhil Vannan (30906104028) </li></ul></ul><ul><ul><li>S. Santhosh (30906104042) </li></ul></ul><ul><li>Guided by, Ms. S. M. Poonkuzhali M.E., </li></ul><ul><li>Lecturer, </li></ul><ul><li>Department of Computer Science and Engineering </li></ul><ul><li>Meenakshi Sundararajan Engineering College. </li></ul>
  2. 2. Contents <ul><ul><li>Introduction </li></ul></ul><ul><ul><li>Existing System and Objective </li></ul></ul><ul><ul><li>Proposed System </li></ul></ul><ul><ul><li>System Architecture and Sequence of Modules </li></ul></ul><ul><ul><li>UML Diagrams </li></ul></ul><ul><ul><li>System Specification </li></ul></ul><ul><ul><li>Implementation of the Modules </li></ul></ul><ul><ul><li>Testing Conditions </li></ul></ul><ul><ul><li>Future Enhancements </li></ul></ul><ul><ul><li>References </li></ul></ul>4/14/2010
  3. 3. Introduction <ul><ul><li>Ubiquitous refers to catering of all services under a single framework </li></ul></ul><ul><ul><li>Integration of various services into a single piece of abstracted hardware constitutes the concept of virtualization </li></ul></ul><ul><ul><li>Extending this concept to a higher level of usage in the organizational level means the application and deployment of Cloud computing </li></ul></ul><ul><ul><li>Cloud Computing offers various services like, Software as a Service, Platform as a Service, Storage as a Service </li></ul></ul><ul><ul><li>Private clouds in organizations may provide all three mentioned above. </li></ul></ul>4/14/2010
  4. 4. Existing System And Objective <ul><ul><li>Emphasis is on low cost and decentralization of the entire infrastructure </li></ul></ul><ul><ul><li>Usage of Thin clients is usually encouraged in the cloud computing setup </li></ul></ul><ul><ul><li>Private Cloud requires a higher level of authentication than the one present at this stage </li></ul></ul><ul><ul><li>Impersonation and other types of attacks from insiders cause major loss of data </li></ul></ul><ul><ul><li>To provide a secure ubiquitous framework for desktop virtualization and cloud computing environments using a single sign on event strengthened by multi-factor authentication. </li></ul></ul>4/14/2010
  5. 5. Proposed System <ul><ul><li>Usage of multi factor authentication and single sign-on event </li></ul></ul><ul><ul><li>LDAP is used for Profile Matching and initial Authentication </li></ul></ul><ul><ul><li>Kerberos based authentication service for single sign on and multifactor authentication </li></ul></ul><ul><ul><li>Super User / Administrator for granting and revoking privileges </li></ul></ul><ul><ul><li>Security and simplicity of each transaction makes this the most suitable for light weight thin clients </li></ul></ul>4/14/2010
  6. 6. Design and Relationship Figure 3 Relationships between Ubiquitous Desktop and Thin Clients Figure 2 Access of Multiple Services 4/14/2010
  7. 7. Proposed System Architecture 4/14/2010
  8. 8. Sequence of Modules and Implementation <ul><ul><li>Module 1 - Virtual Systems and Virtual Networking Environment Setup for Cloud Computing using VMWare Workstation </li></ul></ul><ul><ul><li>Module 2 - Enabling Access and profile creation for the users using LDAP </li></ul></ul><ul><ul><li>Module 3 - Enabling Permissions and Accesses for LDAP Users with SUDO </li></ul></ul><ul><ul><li>Module 4 - Setting up Kerberos Server and Clients for Multifactor authentication and Single Sign on Event </li></ul></ul>4/14/2010
  9. 9. System Design UML Diagrams <ul><ul><li>The Unified Modeling Language is a tool that can be used efficiently to analyze and design any systems. </li></ul></ul><ul><ul><li>The following slides contain the required UML diagrams for the design of the proposed system. </li></ul></ul><ul><ul><ul><li>Activity Diagram </li></ul></ul></ul><ul><ul><ul><li>Use Case Diagram </li></ul></ul></ul><ul><ul><ul><li>Sequence Diagram </li></ul></ul></ul><ul><ul><ul><li>Collaboration Diagram </li></ul></ul></ul><ul><ul><ul><li>Class Diagram </li></ul></ul></ul>4/14/2010
  10. 10. Activity Diagram 4/14/2010
  11. 11. Use Case Diagram 4/14/2010
  12. 12. Sequence Diagram 1 4/14/2010
  13. 13. Sequence Diagram 2 4/14/2010
  14. 14. Collaboration Diagram 1 4/14/2010
  15. 15. Collaboration Diagram 2 4/14/2010
  16. 16. Class Diagram 4/14/2010
  17. 17. System Specification <ul><ul><li>Hardware Requirement </li></ul></ul><ul><ul><ul><li>Powerful Server for Cloud Computing System with high resources </li></ul></ul></ul><ul><ul><ul><li>Thin Clients with minimal processing capabilities </li></ul></ul></ul><ul><ul><li>Software Requirement </li></ul></ul><ul><ul><ul><li>OpenLDAP Package </li></ul></ul></ul><ul><ul><ul><li>Kerberos Package </li></ul></ul></ul><ul><ul><ul><li>VNC Viewer & RDP </li></ul></ul></ul>4/14/2010
  18. 18. Module 1 - Virtual Systems and Virtual Networking Environment Setup for Cloud Computing using VMWare Workstation <ul><ul><li>Creating a cloud server, with storage as a service as the purpose </li></ul></ul><ul><ul><li>Team with an Ethernet port assigned solely for the purpose of creating the LAN between these systems </li></ul></ul><ul><ul><li>Setting up a Repository </li></ul></ul><ul><ul><li>Setting Up the Domain Name Server and Setting Hostnames to the Virtual Systems </li></ul></ul><ul><ul><li>Setting up the VNC viewer and RDP connection and Cloud Setup </li></ul></ul>4/14/2010
  19. 19. Implementation – Module 1 4/14/2010
  20. 20. Module 2 - Enabling Access and profile creation for the users using LDAP <ul><ul><li>LDIF Format, Configuration Files </li></ul></ul><ul><ul><li>The base template - OU, UID,CN, Object class, Password, Home directory </li></ul></ul><ul><ul><li>Generation of secure password - slappasswd , crypt algorithm </li></ul></ul><ul><ul><li>Add the user in the usual method - useradd </li></ul></ul><ul><ul><li>Convert them to LDIF format - ./migrate_passwd.pl </li></ul></ul><ul><ul><li>Add to the LDAP database - ldapadd </li></ul></ul>4/14/2010
  21. 21. Implementation – Module 2 4/14/2010
  22. 22. Module 3 - Enabling Permissions and Accesses for LDAP Users with SUDO <ul><ul><li>Enabling Permissions and Accesses for LDAP Users with SUDO </li></ul></ul><ul><ul><li>Access to a file is granted or withheld by comparing the identity of the user making the request against permissions associated with the file </li></ul></ul><ul><ul><li>Sudo gives the ability for a user to execute a command or process that is not available ordinarily but by acting as a different user with privileges </li></ul></ul>4/14/2010
  23. 23. Implementation – Module 3 4/14/2010
  24. 24. Module 4 - Setting up Kerberos Server and Clients for Multifactor authentication and Single Sign on Event <ul><ul><li>Network authentication protocol </li></ul></ul><ul><ul><li>Uses secret-key cryptography. </li></ul></ul><ul><ul><li>Firewalls assume that &quot;the bad guys&quot; are on the outside, which is often a very bad assumption </li></ul></ul><ul><ul><li>Most of the really damaging incidents of computer crime are carried out by insiders </li></ul></ul><ul><ul><li>Kerberos authentication makes use of a trusted third party, termed a key distribution center (KDC) </li></ul></ul>4/14/2010
  25. 25. Module 4 - Continued....... <ul><ul><li>Consists of two logically separate parts: an Authentication Server (AS) and a Ticket Granting Server (TGS) </li></ul></ul><ul><ul><li>Works on the basis of &quot;tickets&quot; which serve to prove the identity of users </li></ul></ul><ul><ul><li>Each entity on the network — whether a client or a server — shares a secret key known only to itself and to the KDC which has a database of the secret keys </li></ul></ul><ul><ul><li>Knowledge of this key serves to prove an entity's identity </li></ul></ul><ul><ul><li>The security of the protocol relies heavily on participants maintaining loosely synchronized time and on short-lived assertions of authenticity called Kerberos tickets </li></ul></ul>4/14/2010
  26. 26. Implementation – Module 4 4/14/2010
  27. 27. Working of the project 4/14/2010
  28. 28. Testing Conditions <ul><ul><li>Unit Testing - Testing Script </li></ul></ul><ul><ul><ul><li>Network Connectivity and DNS Testing </li></ul></ul></ul><ul><ul><ul><li>Wrong Username or Password Testing </li></ul></ul></ul><ul><ul><ul><li>Sudo Permissions Testing </li></ul></ul></ul><ul><ul><ul><li>Ticket Expiry and Time Skew </li></ul></ul></ul>4/14/2010
  29. 29. Testing – Case 1 – Network Connectivity and DNS Testing 4/14/2010
  30. 30. Testing – Case 2 – Wrong Username or Password Testing 4/14/2010
  31. 31. Testing – Case 3 – Sudo Permissions Testing 4/14/2010
  32. 32. Testing – Case 4 – Ticket Expiry and Time Skew Testing 4/14/2010
  33. 33. Testing – Case 4 – Ticket Expiry and Time Skew Testing 4/14/2010
  34. 34. Conclusion <ul><ul><li>Multifactor authentication & Single sign-on event increases security </li></ul></ul><ul><ul><li>Ubiqutousness of this environment is made available if the fully qualified domain name [FQDN] is known </li></ul></ul>4/14/2010
  35. 35. Future Enhancements and Possibilities <ul><ul><li>Need not be a single type of Operating System like the experimental setup we were using throughout this project </li></ul></ul><ul><ul><li>This might also be ported to hybrid clouds that span a large region and have high level of dedicated resources specified for the cloud server </li></ul></ul><ul><ul><li>Graphical version of the sudo can be also used but the future holds much more extent of improvements to be made possible for this project </li></ul></ul>4/14/2010
  36. 36. References <ul><ul><li>Amazon Web Services; </li></ul></ul><ul><ul><ul><ul><li>http://www.amazon.com/gp/browse.html?node=201590011 </li></ul></ul></ul></ul><ul><ul><li>C. Border (2007), “The development and deployment of a multi-user, remote access virtualization system for networking, security, and system administration classes,” Proceedings of the 38th SIGCSE technical symposium on Computer science education, Covington, Kentucky, USA: ACM, pp. 576-580. </li></ul></ul><ul><ul><li>“ IBM Press room - 2007-11-15 IBM Introduces Ready-to-Use Cloud Computing - United States”; </li></ul></ul><ul><ul><ul><ul><li>http://www-03.ibm.com/press/us/en/pressrelease/22613.wss . </li></ul></ul></ul></ul><ul><ul><li>“ Kerberos: The Network Authentication Protocol” </li></ul></ul><ul><ul><ul><ul><li>http://web.mit.edu/kerberos </li></ul></ul></ul></ul><ul><ul><li>“ OpenLDAP 2.2 Administrator’s Guide” </li></ul></ul><ul><ul><ul><ul><li>http://www.openldap.org/doc/admin22/ </li></ul></ul></ul></ul><ul><ul><li>Paul Doyle, Mark Deegan, Ciaran O’Driscoll, Michael Gleeson, and Brian Gillespie (2008), Ubiquitous Desktops with Multi-factor Authentication published in Third International Conference on Digital Information Management, 2008. ICDIM 2008 - IEEE. </li></ul></ul><ul><ul><li>Roderick W. Smith (2005), Linux in a Windows World, O’Reilly Publishers, First Edition. </li></ul></ul>4/14/2010
  37. 37. Thank You 4/14/2010

×