Governance and Nation-Building in Nigeria: Some Reflections on Options for Po...
Sice2011 cdam by aladdin dandis (final)
1. Concurrent Distributed Authentication Model
(CDAM)
Aladdin T. Dandis
Information Security Compliance Officer
Jordan eGovernment Program / MoICT
1Aladdin T. Dandis / SICE2011 - Algeria
2. Agenda
Introduction
CDAM Ver. 1.0
Pros and Cons
CDAM Ver. 2.0
Pros and Cons
Conclusions
2Aladdin T. Dandis / SICE2011 - Algeria
3. Introduction
This project was originally concerned about applying
security and privacy considerations in school
systems.
The system is a web-database application.
The target client was a private school in Amman.
Problem
the old system lacks security and privacy considerations.
3Aladdin T. Dandis / SICE2011 - Algeria
4. Security
A number of processes
and technologies applied
to prevent unauthorized
parties from accessing
sensitive resources
Privacy
The human right to
control and manage data
about himself, without
being monitored by other
parties
4
Security Vs Privacy
Aladdin T. Dandis / SICE2011 - Algeria
6. Overview
What?
Concurrent Distributed Authentication Model
Why?
To authenticate online users.
How?
The username and password will be checked in many
separate authentication database servers rather than one.
6Aladdin T. Dandis / SICE2011 - Algeria
7. Architecture
7Aladdin T. Dandis / SICE2011 - Algeria
S1
Sender
Unit
Logging
Unit
Comparison
Unit
S2
S3
User
Legitimate
Login
False Login to
'Honey Pot'
Authentication
Servers Farm
The Object
System
False System
8. Characteristics
Authentication model
Built-in Authorization
Authentication token is used:
Token
Role + Real User Name = Role User Name
Example
Student + Ahmad.d = SAhmad.d
8Aladdin T. Dandis / SICE2011 - Algeria
9. Authentication & Authorization Algorithms
9Aladdin T. Dandis / SICE2011 - Algeria
Enter UserName, Password and
Role
Check for the requested object
Extract Role from the Token
Check ACLs for
the Role
Authorize User
Deny user and direct to
HoneyPot
Authorization
Module
Calculate the Hash
Take the first 5 characters of the hash
Take integer values for username and password
and Role
Check the 5
characters hash
Server 1
Server 2
Server 3
Authentication
Server Farm
ASF
Authentication
Module
Y
Y
Y N
N
10. Pros
Compromising one
authentication server will
not affect authentication
Using Hashing
Light authentication
Cons
Repeated Cipher patterns
No proof of origin
Denial of service
Vulnerable to sniffers
Homemade hashing
algorithm
10
Pros and Cons
Aladdin T. Dandis / SICE2011 - Algeria
12. Overview
Overcome Cons in CDAM Ver. 1.0
Still under coding and testing
Scalable for web applications
Multiple open standard and strong encryption
algorithms
M:N authentication acceptance
12Aladdin T. Dandis / SICE2011 - Algeria
13. Architecture
13Aladdin T. Dandis / SICE2011 - Algeria
S1
Sender
Unit
Logging
Unit
Comparison
Unit
S2
S3
User
Legitimate
Login
False Login to
'Honey Pot'
Authentication
Servers Farm
The Object
System
False System
14. Architecture
14Aladdin T. Dandis / SICE2011 - Algeria
S1
Sender
Unit
Logging
Unit
Comparison
Unit
S2
S3
User
Legitimate
Login
False Login to
'Honey Pot'
Authentication
Servers Farm
The Object
System
False System
15. Architecture
15Aladdin T. Dandis / SICE2011 - Algeria
S1
Sender
Unit
Logging
Unit
Comparison
Unit
S2
S3
User
Legitimate
Login
False Login to
'Honey Pot'
Authentication
Servers Farm
The Object
System
False System
Hashing Algorithm 1
Hashing Algorithm 2
Hashing Algorithm 3
16. Pros
Compromising
one
authentication
server will not
affect
authentication
Using Hashing
Light
authentication
Cons
Repeated Cipher
patterns
No proof of
origin
Denial of service
Vulnerable to
sniffers
Homemade
hashing
algorithm
16
Evaluation
Remedy
Full cipher is
written
SSL Certificate
M:N
Encrypted
channels
Open standard
hashing
algorithms
Aladdin T. Dandis / SICE2011 - Algeria
17. Future Work
Integration with OTP
Integration with Smart Card Systems
17Aladdin T. Dandis / SICE2011 - Algeria