SlideShare a Scribd company logo

Single Sign-On & Strong Authentication

Download as PPTX, PDF
Arun S M
Arun S M

Realization of Double SSO, a Prudent & Light-Weight SSO Solution.

Technology
1 of 30
Double SSO & Strong Authentication For Secure Network Establishment Project By:- Internal Guide:- External Guide:- Akshaya Kumar Y H M 1BM10CS004 Mrs Nagarathna N Dr Mohammad Misbahuddin Aruna S M 1BM10CS010 Associate Professor Senior Technical Officer, CNIE Sarthak Gupta 1BM10CS065 CSE,BMSCE CDAC, Bangalore 1
1. INTRODUCTION 2. LITERATURE REVIEW 3. REQUIREMENTS 4. DESIGN & IMPLIMENTATION 5. SOCIETAL IMPACTS 6. CONCLUSION 7. REFERENCE 2
Requirements Hardware Requirements • Application uses Server as one of the major component, we need the Client machines to connect to the Server and Network setup. • Processor • RAM : Intel i3 or above or equivalent : 4GB or more Software Requirements • Web Server , Service Provider and Client machines with web support. • Proposed implementation language is C / C++, however we may occasionally work with certain scripting languages to configure and work with the Server. 3
INTRODUCTION SINGLE SIGN-ON SYSTEM (SSO) Property of access control that enables a user to perform a single authentication to a service, and then get access to other protected services without the need to re-authenticate. DOUBLE SSO Double SSO is a secure server-side caching-based SSO architecture and a proxy-based pseudo-SSO system. 4
ADVANTAGES • With SSO, users' and administrators' lives become much easier as they will • • • • have to deal with a single digital identity for each user. Reduces IT help desk costs, by reducing the number of calls to the help desk about lost password. A user will have to provide this digital identity only once per day. This will increase user's productivity. The maintenance of authentication data and enforcement of authentication policies become much easier with SSO, since authentications data will be centralized. Reduces the chance that users will forget or lose their digital identities, therefore it reduces the risk of compromising a security system. 5
Double SSO Features • User Authorization is separated from Identification Process. • Asynchronous authorization is achieved. • Executes a minimum number of computations on the user side and requires parties to maintain the bare minimum number of keys. • Provably precludes the Replay Attack, the Man-in-the-Middle Attack and the Weakest Link Attack. Additionally, it is safe from repudiated parties. 6
Security Analysis • • • • • • The Weakest Link Attack Attacks on Security Parameters Attacks on Identity Proof The Replay Attack The Man-in-the-Middle Attack Repudiation of Parties 7
LITERATURE REVIEW SSO Categories • Web SSO : These solutions are for users who access applications using a web interface. • Enterprise SSO: These solutions are much broader than web SSO in that they provide SSO to almost all kinds of applications, not only to webenabled applications. • Network SSO : These solutions are for users who access applications in a corporate network domain either through a LAN, or wirelessly, or through a VPN connection. 8
Available SSO Solutions • • • • • Google SSO Solution Windows Live ID Microsoft Office SharePoint Server Active Directory Federation Service Liberty SSO Solution 9
Double SSO Components • Shamir's Identity-Based Signature Scheme • Zero-Knowledge Identification Protocol • Simmons' Impersonation-Proof Identity Verification Scheme 10
Shamir's Identity-Based Signature Scheme • The user uses her/his identity as a public key and asks a trusted Key Generation Center (KGC) to generate the corresponding private key. • • • • KGC generates RSA Public & Private Keys. KGC issues a Private key to the Sender. Sender signs on the message using the Private key issued by KGC. Receiver Verifies the message using Senders’ RSA Public key and Identity. 11
12
Zero-Knowledge Identification Protocol • • • • P sends witness ( calculated using random number ) to V V challenges P with a time-variant challenge P uses the challenge and secret to compute the response that she sends to V V uses the response and her challenge to decide whether the response is correct • A zero-knowledge protocol must satisfy three properties: Completeness: Prover is Honest Soundness: False Prover are not entertained Zero-knowledge: No Interaction can be Repudiated 13
14
Simmons' Impersonation-Proof Identity Verification Scheme • Simmons' scheme relies on an issuer's public authentication channel to validate a private authentication channel belonging to a user who wants to prove identity. • These two channels can be independent and based on two different authentication algorithms. • The scheme assumes a trusted issuer whose responsibility is to validate identification credentials of each user. 15
16
DESIGN & IMPLEMENTATION 17
Identity Provider Setup 1. Identity provider generates RSA public & private key (e,n) & (d,n) where n=p × q, p & q being two large prime numbers generated according to RSA algorithm 2. e & n are made public. 3. Identity Provider constructs a secret redundant data block seed. 18
19
User Registering to Identity Provider 20
21
User proving Identity to Identity Provider 22
23
Identity Provider verifies user to Service Provider 24
25
Societal Impact • Introduction of light weight and secure SSO will help in reducing cost of IT management. • Double SSO does not require time synchronization between involved parties, thus helping novices. • One Stage in Double SSO can be extracted and used independently as an Identification Protocol, thus reducing cost of additional identification algorithm. 26
Conclusion Lot of theories have been put in to explain and Implement SSO solution for different platform. It is always seldom confusing to choose which SSO solution is better. Double SSO considers all such aspect thus resolving the conflict. Many currently available SSO solutions involve high operational overhead as they contain Cryptographic value calculations. Double SSO enhances efficiency so that additional overhead is removed making it safe and suitable. 27
Work Plan 28
Resources & References 1. Double SSO – A Prudent and Lightweight SSO Scheme Master of Science Thesis in the Programme Secure and Dependable Computer Systems SARI HAJ HUSSEIN. Chalmers University of Technology Department of Computer Science and Engineering , Göteborg, Sweden, November 2010 2. M. Linden and I. Vilpola. An Empirical Study on the Usability of Logout in a Single Sign-on System. Proceedings of the 1st International Conference on Information Security Practice and Experience, Singapore, 2005. 3. A. Shamir. Identity-Based Cryptosystem and Signature Scheme. Proceedings ofCRYPTO 84, Santa Barbara, California, USA, 1984. 4. U. Fiege, A. Fiat and A. Shamir. Zero knowledge proofs of identity. Proceedings of the nineteenth annual ACM symposium on Theory of computing, New York, USA, 1987. 5. G. J. Simmons. An Impersonation-Proof Identity Verification Scheme. Proceedings of CRYPTO 87, Santa Barbara, California, USA, 1987. 29
Thank You Questions ? 30

Recommended

SecureOTP: Total One-Time-Password Solution
SecureOTP: Total One-Time-Password SolutionSecureOTP: Total One-Time-Password Solution
SecureOTP: Total One-Time-Password SolutionRafidah Ariffin
 
3 reasons your business can't ignore Two-Factor Authentication
3 reasons your business can't ignore Two-Factor Authentication3 reasons your business can't ignore Two-Factor Authentication
3 reasons your business can't ignore Two-Factor AuthenticationFortytwo
 
Two Factor Authentication Made Easy ICWE 2015
Two Factor Authentication Made Easy ICWE 2015Two Factor Authentication Made Easy ICWE 2015
Two Factor Authentication Made Easy ICWE 2015Alex Q. Chen
 
Avoiding Two-factor Authentication? You're Not Alone
Avoiding Two-factor Authentication? You're Not AloneAvoiding Two-factor Authentication? You're Not Alone
Avoiding Two-factor Authentication? You're Not AlonePortalGuard
 
Cartes Asia Dem 2010 V2
Cartes Asia Dem 2010 V2Cartes Asia Dem 2010 V2
Cartes Asia Dem 2010 V2Donald Malloy
 
2 factor authentication 3 [compatibility mode]
2 factor authentication 3 [compatibility mode]2 factor authentication 3 [compatibility mode]
2 factor authentication 3 [compatibility mode]Hai Nguyen
 
Nii sample pt_report
Nii sample pt_reportNii sample pt_report
Nii sample pt_reportChandan Bagai, GWAPT, CEHv8, CCNA
 
Two-factor Authentication
Two-factor AuthenticationTwo-factor Authentication
Two-factor AuthenticationPortalGuard dba PistolStar, Inc.
 

Recommended

SecureOTP: Total One-Time-Password Solution
SecureOTP: Total One-Time-Password SolutionSecureOTP: Total One-Time-Password Solution
SecureOTP: Total One-Time-Password SolutionRafidah Ariffin
 
3 reasons your business can't ignore Two-Factor Authentication
3 reasons your business can't ignore Two-Factor Authentication3 reasons your business can't ignore Two-Factor Authentication
3 reasons your business can't ignore Two-Factor AuthenticationFortytwo
 
Two Factor Authentication Made Easy ICWE 2015
Two Factor Authentication Made Easy ICWE 2015Two Factor Authentication Made Easy ICWE 2015
Two Factor Authentication Made Easy ICWE 2015Alex Q. Chen
 
Avoiding Two-factor Authentication? You're Not Alone
Avoiding Two-factor Authentication? You're Not AloneAvoiding Two-factor Authentication? You're Not Alone
Avoiding Two-factor Authentication? You're Not AlonePortalGuard
 
Cartes Asia Dem 2010 V2
Cartes Asia Dem 2010 V2Cartes Asia Dem 2010 V2
Cartes Asia Dem 2010 V2Donald Malloy
 
2 factor authentication 3 [compatibility mode]
2 factor authentication 3 [compatibility mode]2 factor authentication 3 [compatibility mode]
2 factor authentication 3 [compatibility mode]Hai Nguyen
 
Nii sample pt_report
Nii sample pt_reportNii sample pt_report
Nii sample pt_reportChandan Bagai, GWAPT, CEHv8, CCNA
 
Two-factor Authentication
Two-factor AuthenticationTwo-factor Authentication
Two-factor AuthenticationPortalGuard dba PistolStar, Inc.
 
Creating OTP with free software
Creating OTP with free softwareCreating OTP with free software
Creating OTP with free softwareGiuseppe Paterno'
 
Pen test methodology
Pen test methodologyPen test methodology
Pen test methodologyCahyo Darujati
 
One-Time Password
One-Time PasswordOne-Time Password
One-Time PasswordAta Ebrahimi
 
Why Penetration Testing Services Cyber51
Why Penetration Testing Services Cyber51Why Penetration Testing Services Cyber51
Why Penetration Testing Services Cyber51martinvoelk
 
Welcome to the 3rd generation in user authentication
Welcome to the 3rd generation in user authenticationWelcome to the 3rd generation in user authentication
Welcome to the 3rd generation in user authenticationMarketingArrowECS_CZ
 
Threshold cryptography
Threshold cryptographyThreshold cryptography
Threshold cryptographyMohibullah Saail
 
Cyber securityppt
Cyber securitypptCyber securityppt
Cyber securitypptSachin Roy
 
Soho routers: swords and shields CyberCamp 2015
Soho routers: swords and shields CyberCamp 2015Soho routers: swords and shields CyberCamp 2015
Soho routers: swords and shields CyberCamp 2015Iván Sanz de Castro
 
Netdefender
NetdefenderNetdefender
Netdefenderkrishna Maddikara
 
Psdot 19 four factor password authentication
Psdot 19 four factor password authenticationPsdot 19 four factor password authentication
Psdot 19 four factor password authenticationZTech Proje
 
Net Defender
Net DefenderNet Defender
Net Defenderkrishna maddikara
 
Infrastructure Saturday 2011 - Understanding PKI and Certificate Services
Infrastructure Saturday 2011 - Understanding PKI and Certificate ServicesInfrastructure Saturday 2011 - Understanding PKI and Certificate Services
Infrastructure Saturday 2011 - Understanding PKI and Certificate Serviceskieranjacobsen
 
Presentation
PresentationPresentation
PresentationSaeedUllah Jan
 
Kingston University Thesis - Design and Implementation of a Secure Web Applic...
Kingston University Thesis - Design and Implementation of a Secure Web Applic...Kingston University Thesis - Design and Implementation of a Secure Web Applic...
Kingston University Thesis - Design and Implementation of a Secure Web Applic...PROBOTEK
 
Anti-tampering in Android and Take Look at Google SafetyNet Attestation API
Anti-tampering in Android and Take Look at Google SafetyNet Attestation APIAnti-tampering in Android and Take Look at Google SafetyNet Attestation API
Anti-tampering in Android and Take Look at Google SafetyNet Attestation APIArash Ramez
 
ppt
pptppt
pptVideoguy
 
Windows network
Windows networkWindows network
Windows networkJithesh Nair
 
How to do Cryptography right in Android Part Two
How to do Cryptography right in Android Part TwoHow to do Cryptography right in Android Part Two
How to do Cryptography right in Android Part TwoArash Ramez
 
Protecting Your POS System from PoSeidon and Other Malware Attacks
Protecting Your POS System from PoSeidon and Other Malware AttacksProtecting Your POS System from PoSeidon and Other Malware Attacks
Protecting Your POS System from PoSeidon and Other Malware AttacksNetop
 
Certificate pinning in android applications
Certificate pinning in android applicationsCertificate pinning in android applications
Certificate pinning in android applicationsArash Ramez
 
Efficient and Secure Single Sign on Mechanism for Distributed Network
Efficient and Secure Single Sign on Mechanism for Distributed NetworkEfficient and Secure Single Sign on Mechanism for Distributed Network
Efficient and Secure Single Sign on Mechanism for Distributed NetworkIJERA Editor
 
IRJET-Secured Approach for Authentication of Messages in Wireless Sensor Netw...
IRJET-Secured Approach for Authentication of Messages in Wireless Sensor Netw...IRJET-Secured Approach for Authentication of Messages in Wireless Sensor Netw...
IRJET-Secured Approach for Authentication of Messages in Wireless Sensor Netw...IRJET Journal
 

More Related Content

What's hot

Creating OTP with free software
Creating OTP with free softwareCreating OTP with free software
Creating OTP with free softwareGiuseppe Paterno'
 
Why Penetration Testing Services Cyber51
Why Penetration Testing Services Cyber51Why Penetration Testing Services Cyber51
Why Penetration Testing Services Cyber51martinvoelk
 
Welcome to the 3rd generation in user authentication
Welcome to the 3rd generation in user authenticationWelcome to the 3rd generation in user authentication
Welcome to the 3rd generation in user authenticationMarketingArrowECS_CZ
 
Cyber securityppt
Cyber securitypptCyber securityppt
Cyber securitypptSachin Roy
 
Soho routers: swords and shields CyberCamp 2015
Soho routers: swords and shields CyberCamp 2015Soho routers: swords and shields CyberCamp 2015
Soho routers: swords and shields CyberCamp 2015Iván Sanz de Castro
 
Psdot 19 four factor password authentication
Psdot 19 four factor password authenticationPsdot 19 four factor password authentication
Psdot 19 four factor password authenticationZTech Proje
 
Infrastructure Saturday 2011 - Understanding PKI and Certificate Services
Infrastructure Saturday 2011 - Understanding PKI and Certificate ServicesInfrastructure Saturday 2011 - Understanding PKI and Certificate Services
Infrastructure Saturday 2011 - Understanding PKI and Certificate Serviceskieranjacobsen
 
Kingston University Thesis - Design and Implementation of a Secure Web Applic...
Kingston University Thesis - Design and Implementation of a Secure Web Applic...Kingston University Thesis - Design and Implementation of a Secure Web Applic...
Kingston University Thesis - Design and Implementation of a Secure Web Applic...PROBOTEK
 
Anti-tampering in Android and Take Look at Google SafetyNet Attestation API
Anti-tampering in Android and Take Look at Google SafetyNet Attestation APIAnti-tampering in Android and Take Look at Google SafetyNet Attestation API
Anti-tampering in Android and Take Look at Google SafetyNet Attestation APIArash Ramez
 
How to do Cryptography right in Android Part Two
How to do Cryptography right in Android Part TwoHow to do Cryptography right in Android Part Two
How to do Cryptography right in Android Part TwoArash Ramez
 
Protecting Your POS System from PoSeidon and Other Malware Attacks
Protecting Your POS System from PoSeidon and Other Malware AttacksProtecting Your POS System from PoSeidon and Other Malware Attacks
Protecting Your POS System from PoSeidon and Other Malware AttacksNetop
 
Certificate pinning in android applications
Certificate pinning in android applicationsCertificate pinning in android applications
Certificate pinning in android applicationsArash Ramez
 

What's hot (20)

Creating OTP with free software
Creating OTP with free softwareCreating OTP with free software
Creating OTP with free software
 
Pen test methodology
Pen test methodologyPen test methodology
Pen test methodology
 
One-Time Password
One-Time PasswordOne-Time Password
One-Time Password
 
Why Penetration Testing Services Cyber51
Why Penetration Testing Services Cyber51Why Penetration Testing Services Cyber51
Why Penetration Testing Services Cyber51
 
Welcome to the 3rd generation in user authentication
Welcome to the 3rd generation in user authenticationWelcome to the 3rd generation in user authentication
Welcome to the 3rd generation in user authentication
 
Threshold cryptography
Threshold cryptographyThreshold cryptography
Threshold cryptography
 
Cyber securityppt
Cyber securitypptCyber securityppt
Cyber securityppt
 
Soho routers: swords and shields CyberCamp 2015
Soho routers: swords and shields CyberCamp 2015Soho routers: swords and shields CyberCamp 2015
Soho routers: swords and shields CyberCamp 2015
 
Netdefender
NetdefenderNetdefender
Netdefender
 
Psdot 19 four factor password authentication
Psdot 19 four factor password authenticationPsdot 19 four factor password authentication
Psdot 19 four factor password authentication
 
Net Defender
Net DefenderNet Defender
Net Defender
 
Infrastructure Saturday 2011 - Understanding PKI and Certificate Services
Infrastructure Saturday 2011 - Understanding PKI and Certificate ServicesInfrastructure Saturday 2011 - Understanding PKI and Certificate Services
Infrastructure Saturday 2011 - Understanding PKI and Certificate Services
 
Presentation
PresentationPresentation
Presentation
 
Kingston University Thesis - Design and Implementation of a Secure Web Applic...
Kingston University Thesis - Design and Implementation of a Secure Web Applic...Kingston University Thesis - Design and Implementation of a Secure Web Applic...
Kingston University Thesis - Design and Implementation of a Secure Web Applic...
 
Anti-tampering in Android and Take Look at Google SafetyNet Attestation API
Anti-tampering in Android and Take Look at Google SafetyNet Attestation APIAnti-tampering in Android and Take Look at Google SafetyNet Attestation API
Anti-tampering in Android and Take Look at Google SafetyNet Attestation API
 
ppt
pptppt
ppt
 
Windows network
Windows networkWindows network
Windows network
 
How to do Cryptography right in Android Part Two
How to do Cryptography right in Android Part TwoHow to do Cryptography right in Android Part Two
How to do Cryptography right in Android Part Two
 
Protecting Your POS System from PoSeidon and Other Malware Attacks
Protecting Your POS System from PoSeidon and Other Malware AttacksProtecting Your POS System from PoSeidon and Other Malware Attacks
Protecting Your POS System from PoSeidon and Other Malware Attacks
 
Certificate pinning in android applications
Certificate pinning in android applicationsCertificate pinning in android applications
Certificate pinning in android applications
 

Similar to Single Sign-On & Strong Authentication

Efficient and Secure Single Sign on Mechanism for Distributed Network
Efficient and Secure Single Sign on Mechanism for Distributed NetworkEfficient and Secure Single Sign on Mechanism for Distributed Network
Efficient and Secure Single Sign on Mechanism for Distributed NetworkIJERA Editor
 
IRJET-Secured Approach for Authentication of Messages in Wireless Sensor Netw...
IRJET-Secured Approach for Authentication of Messages in Wireless Sensor Netw...IRJET-Secured Approach for Authentication of Messages in Wireless Sensor Netw...
IRJET-Secured Approach for Authentication of Messages in Wireless Sensor Netw...IRJET Journal
 
Nt2580 Final Project Essay Examples
Nt2580 Final Project Essay ExamplesNt2580 Final Project Essay Examples
Nt2580 Final Project Essay ExamplesSherry Bailey
 
Slide Deck – Session 10 – FRSecure CISSP Mentor Program 2017
Slide Deck – Session 10 – FRSecure CISSP Mentor Program 2017Slide Deck – Session 10 – FRSecure CISSP Mentor Program 2017
Slide Deck – Session 10 – FRSecure CISSP Mentor Program 2017FRSecure
 
Identity-Based Key Management in MANETs Using Public Key Cryptography
Identity-Based Key Management in MANETs Using Public Key CryptographyIdentity-Based Key Management in MANETs Using Public Key Cryptography
Identity-Based Key Management in MANETs Using Public Key CryptographyCSCJournals
 
An Identity-Based Mutual Authentication with Key Agreement
An Identity-Based Mutual Authentication with Key AgreementAn Identity-Based Mutual Authentication with Key Agreement
An Identity-Based Mutual Authentication with Key Agreementijtsrd
 
Secure Data Sharing in Cloud Computing Using Revocable-Storage Identity-Based...
Secure Data Sharing in Cloud Computing Using Revocable-Storage Identity-Based...Secure Data Sharing in Cloud Computing Using Revocable-Storage Identity-Based...
Secure Data Sharing in Cloud Computing Using Revocable-Storage Identity-Based...Yashwanth Reddy
 
Slide Deck Class Session 10 – FRSecure CISSP Mentor Program
Slide Deck Class Session 10 – FRSecure CISSP Mentor ProgramSlide Deck Class Session 10 – FRSecure CISSP Mentor Program
Slide Deck Class Session 10 – FRSecure CISSP Mentor ProgramFRSecure
 
Jiit;project 2013-2014;cse;project presentation
Jiit;project 2013-2014;cse;project presentationJiit;project 2013-2014;cse;project presentation
Jiit;project 2013-2014;cse;project presentationChakshu Sharma
 
API Security In Cloud Native Era
API Security In Cloud Native EraAPI Security In Cloud Native Era
API Security In Cloud Native EraWSO2
 
Mutual Authentication For Wireless Communication
Mutual Authentication For Wireless CommunicationMutual Authentication For Wireless Communication
Mutual Authentication For Wireless Communicationmanish kumar
 
Providing security to online banking Project Presentation-3.pptx
Providing security to online banking Project Presentation-3.pptxProviding security to online banking Project Presentation-3.pptx
Providing security to online banking Project Presentation-3.pptxSanviSanvi11
 
Safenet Authentication Service, SAS
Safenet Authentication Service, SASSafenet Authentication Service, SAS
Safenet Authentication Service, SASrobbuddingh
 
Empirical Study of a Key Authentication Scheme in Public Key Cryptography
Empirical Study of a Key Authentication Scheme in Public Key CryptographyEmpirical Study of a Key Authentication Scheme in Public Key Cryptography
Empirical Study of a Key Authentication Scheme in Public Key CryptographyIJERA Editor
 
Implementing an improved security for collin’s database and telecommuters
Implementing an improved security for collin’s database and telecommutersImplementing an improved security for collin’s database and telecommuters
Implementing an improved security for collin’s database and telecommutersRishabh Gupta
 
Datasheet app vulnerability_assess
Datasheet app vulnerability_assessDatasheet app vulnerability_assess
Datasheet app vulnerability_assessBirodh Rijal
 
Whatscrypt Messenger for android project
Whatscrypt Messenger for android projectWhatscrypt Messenger for android project
Whatscrypt Messenger for android projectMuthukumaranM13
 
Enhanced Security Through Token
Enhanced Security Through TokenEnhanced Security Through Token
Enhanced Security Through TokenIRJET Journal
 

Similar to Single Sign-On & Strong Authentication (20)

Efficient and Secure Single Sign on Mechanism for Distributed Network
Efficient and Secure Single Sign on Mechanism for Distributed NetworkEfficient and Secure Single Sign on Mechanism for Distributed Network
Efficient and Secure Single Sign on Mechanism for Distributed Network
 
IRJET-Secured Approach for Authentication of Messages in Wireless Sensor Netw...
IRJET-Secured Approach for Authentication of Messages in Wireless Sensor Netw...IRJET-Secured Approach for Authentication of Messages in Wireless Sensor Netw...
IRJET-Secured Approach for Authentication of Messages in Wireless Sensor Netw...
 
Nt2580 Final Project Essay Examples
Nt2580 Final Project Essay ExamplesNt2580 Final Project Essay Examples
Nt2580 Final Project Essay Examples
 
Slide Deck – Session 10 – FRSecure CISSP Mentor Program 2017
Slide Deck – Session 10 – FRSecure CISSP Mentor Program 2017Slide Deck – Session 10 – FRSecure CISSP Mentor Program 2017
Slide Deck – Session 10 – FRSecure CISSP Mentor Program 2017
 
ppt.ppt
ppt.pptppt.ppt
ppt.ppt
 
Identity-Based Key Management in MANETs Using Public Key Cryptography
Identity-Based Key Management in MANETs Using Public Key CryptographyIdentity-Based Key Management in MANETs Using Public Key Cryptography
Identity-Based Key Management in MANETs Using Public Key Cryptography
 
An Identity-Based Mutual Authentication with Key Agreement
An Identity-Based Mutual Authentication with Key AgreementAn Identity-Based Mutual Authentication with Key Agreement
An Identity-Based Mutual Authentication with Key Agreement
 
Secure Data Sharing in Cloud Computing Using Revocable-Storage Identity-Based...
Secure Data Sharing in Cloud Computing Using Revocable-Storage Identity-Based...Secure Data Sharing in Cloud Computing Using Revocable-Storage Identity-Based...
Secure Data Sharing in Cloud Computing Using Revocable-Storage Identity-Based...
 
Slide Deck Class Session 10 – FRSecure CISSP Mentor Program
Slide Deck Class Session 10 – FRSecure CISSP Mentor ProgramSlide Deck Class Session 10 – FRSecure CISSP Mentor Program
Slide Deck Class Session 10 – FRSecure CISSP Mentor Program
 
Jiit;project 2013-2014;cse;project presentation
Jiit;project 2013-2014;cse;project presentationJiit;project 2013-2014;cse;project presentation
Jiit;project 2013-2014;cse;project presentation
 
API Security In Cloud Native Era
API Security In Cloud Native EraAPI Security In Cloud Native Era
API Security In Cloud Native Era
 
otp crid cards
otp crid cardsotp crid cards
otp crid cards
 
Mutual Authentication For Wireless Communication
Mutual Authentication For Wireless CommunicationMutual Authentication For Wireless Communication
Mutual Authentication For Wireless Communication
 
Providing security to online banking Project Presentation-3.pptx
Providing security to online banking Project Presentation-3.pptxProviding security to online banking Project Presentation-3.pptx
Providing security to online banking Project Presentation-3.pptx
 
Safenet Authentication Service, SAS
Safenet Authentication Service, SASSafenet Authentication Service, SAS
Safenet Authentication Service, SAS
 
Empirical Study of a Key Authentication Scheme in Public Key Cryptography
Empirical Study of a Key Authentication Scheme in Public Key CryptographyEmpirical Study of a Key Authentication Scheme in Public Key Cryptography
Empirical Study of a Key Authentication Scheme in Public Key Cryptography
 
Implementing an improved security for collin’s database and telecommuters
Implementing an improved security for collin’s database and telecommutersImplementing an improved security for collin’s database and telecommuters
Implementing an improved security for collin’s database and telecommuters
 
Datasheet app vulnerability_assess
Datasheet app vulnerability_assessDatasheet app vulnerability_assess
Datasheet app vulnerability_assess
 
Whatscrypt Messenger for android project
Whatscrypt Messenger for android projectWhatscrypt Messenger for android project
Whatscrypt Messenger for android project
 
Enhanced Security Through Token
Enhanced Security Through TokenEnhanced Security Through Token
Enhanced Security Through Token
 

Recently uploaded

Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 

Recently uploaded (20)

Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
The transition to renewables in India.pdf
The transition to renewables in India.pdfThe transition to renewables in India.pdf
The transition to renewables in India.pdf
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
 

Single Sign-On & Strong Authentication

  • 1. Double SSO & Strong Authentication For Secure Network Establishment Project By:- Internal Guide:- External Guide:- Akshaya Kumar Y H M 1BM10CS004 Mrs Nagarathna N Dr Mohammad Misbahuddin Aruna S M 1BM10CS010 Associate Professor Senior Technical Officer, CNIE Sarthak Gupta 1BM10CS065 CSE,BMSCE CDAC, Bangalore 1
  • 2. 1. INTRODUCTION 2. LITERATURE REVIEW 3. REQUIREMENTS 4. DESIGN & IMPLIMENTATION 5. SOCIETAL IMPACTS 6. CONCLUSION 7. REFERENCE 2
  • 3. Requirements Hardware Requirements • Application uses Server as one of the major component, we need the Client machines to connect to the Server and Network setup. • Processor • RAM : Intel i3 or above or equivalent : 4GB or more Software Requirements • Web Server , Service Provider and Client machines with web support. • Proposed implementation language is C / C++, however we may occasionally work with certain scripting languages to configure and work with the Server. 3
  • 4. INTRODUCTION SINGLE SIGN-ON SYSTEM (SSO) Property of access control that enables a user to perform a single authentication to a service, and then get access to other protected services without the need to re-authenticate. DOUBLE SSO Double SSO is a secure server-side caching-based SSO architecture and a proxy-based pseudo-SSO system. 4
  • 5. ADVANTAGES • With SSO, users' and administrators' lives become much easier as they will • • • • have to deal with a single digital identity for each user. Reduces IT help desk costs, by reducing the number of calls to the help desk about lost password. A user will have to provide this digital identity only once per day. This will increase user's productivity. The maintenance of authentication data and enforcement of authentication policies become much easier with SSO, since authentications data will be centralized. Reduces the chance that users will forget or lose their digital identities, therefore it reduces the risk of compromising a security system. 5
  • 6. Double SSO Features • User Authorization is separated from Identification Process. • Asynchronous authorization is achieved. • Executes a minimum number of computations on the user side and requires parties to maintain the bare minimum number of keys. • Provably precludes the Replay Attack, the Man-in-the-Middle Attack and the Weakest Link Attack. Additionally, it is safe from repudiated parties. 6
  • 7. Security Analysis • • • • • • The Weakest Link Attack Attacks on Security Parameters Attacks on Identity Proof The Replay Attack The Man-in-the-Middle Attack Repudiation of Parties 7
  • 8. LITERATURE REVIEW SSO Categories • Web SSO : These solutions are for users who access applications using a web interface. • Enterprise SSO: These solutions are much broader than web SSO in that they provide SSO to almost all kinds of applications, not only to webenabled applications. • Network SSO : These solutions are for users who access applications in a corporate network domain either through a LAN, or wirelessly, or through a VPN connection. 8
  • 9. Available SSO Solutions • • • • • Google SSO Solution Windows Live ID Microsoft Office SharePoint Server Active Directory Federation Service Liberty SSO Solution 9
  • 10. Double SSO Components • Shamir's Identity-Based Signature Scheme • Zero-Knowledge Identification Protocol • Simmons' Impersonation-Proof Identity Verification Scheme 10
  • 11. Shamir's Identity-Based Signature Scheme • The user uses her/his identity as a public key and asks a trusted Key Generation Center (KGC) to generate the corresponding private key. • • • • KGC generates RSA Public & Private Keys. KGC issues a Private key to the Sender. Sender signs on the message using the Private key issued by KGC. Receiver Verifies the message using Senders’ RSA Public key and Identity. 11
  • 12. 12
  • 13. Zero-Knowledge Identification Protocol • • • • P sends witness ( calculated using random number ) to V V challenges P with a time-variant challenge P uses the challenge and secret to compute the response that she sends to V V uses the response and her challenge to decide whether the response is correct • A zero-knowledge protocol must satisfy three properties: Completeness: Prover is Honest Soundness: False Prover are not entertained Zero-knowledge: No Interaction can be Repudiated 13
  • 14. 14
  • 15. Simmons' Impersonation-Proof Identity Verification Scheme • Simmons' scheme relies on an issuer's public authentication channel to validate a private authentication channel belonging to a user who wants to prove identity. • These two channels can be independent and based on two different authentication algorithms. • The scheme assumes a trusted issuer whose responsibility is to validate identification credentials of each user. 15
  • 16. 16
  • 18. Identity Provider Setup 1. Identity provider generates RSA public & private key (e,n) & (d,n) where n=p × q, p & q being two large prime numbers generated according to RSA algorithm 2. e & n are made public. 3. Identity Provider constructs a secret redundant data block seed. 18
  • 19. 19
  • 20. User Registering to Identity Provider 20
  • 21. 21
  • 22. User proving Identity to Identity Provider 22
  • 23. 23
  • 24. Identity Provider verifies user to Service Provider 24
  • 25. 25
  • 26. Societal Impact • Introduction of light weight and secure SSO will help in reducing cost of IT management. • Double SSO does not require time synchronization between involved parties, thus helping novices. • One Stage in Double SSO can be extracted and used independently as an Identification Protocol, thus reducing cost of additional identification algorithm. 26
  • 27. Conclusion Lot of theories have been put in to explain and Implement SSO solution for different platform. It is always seldom confusing to choose which SSO solution is better. Double SSO considers all such aspect thus resolving the conflict. Many currently available SSO solutions involve high operational overhead as they contain Cryptographic value calculations. Double SSO enhances efficiency so that additional overhead is removed making it safe and suitable. 27
  • 29. Resources & References 1. Double SSO – A Prudent and Lightweight SSO Scheme Master of Science Thesis in the Programme Secure and Dependable Computer Systems SARI HAJ HUSSEIN. Chalmers University of Technology Department of Computer Science and Engineering , Göteborg, Sweden, November 2010 2. M. Linden and I. Vilpola. An Empirical Study on the Usability of Logout in a Single Sign-on System. Proceedings of the 1st International Conference on Information Security Practice and Experience, Singapore, 2005. 3. A. Shamir. Identity-Based Cryptosystem and Signature Scheme. Proceedings ofCRYPTO 84, Santa Barbara, California, USA, 1984. 4. U. Fiege, A. Fiat and A. Shamir. Zero knowledge proofs of identity. Proceedings of the nineteenth annual ACM symposium on Theory of computing, New York, USA, 1987. 5. G. J. Simmons. An Impersonation-Proof Identity Verification Scheme. Proceedings of CRYPTO 87, Santa Barbara, California, USA, 1987. 29