SlideShare a Scribd company logo

Sice2011 cdam by aladdin dandis (final)

Aladdin Dandis
Aladdin Dandis

The document describes two versions of a Concurrent Distributed Authentication Model (CDAM) for authenticating online users. CDAM Version 1.0 involved checking username and password across multiple authentication database servers rather than one. Version 2.0 aimed to overcome the cons of Version 1.0 by using multiple strong encryption algorithms, an encrypted channel, and open standard hashing to address issues like denial of service and vulnerability to sniffing. Future work may include integrating CDAM with one-time passwords and smart card systems.

Presentations & Public Speaking
1 of 18
Download to read offline
Concurrent Distributed Authentication Model (CDAM) Aladdin T. Dandis Information Security Compliance Officer Jordan eGovernment Program / MoICT 1Aladdin T. Dandis / SICE2011 - Algeria
Agenda  Introduction  CDAM Ver. 1.0  Pros and Cons  CDAM Ver. 2.0  Pros and Cons  Conclusions 2Aladdin T. Dandis / SICE2011 - Algeria
Introduction  This project was originally concerned about applying security and privacy considerations in school systems.  The system is a web-database application.  The target client was a private school in Amman.  Problem  the old system lacks security and privacy considerations. 3Aladdin T. Dandis / SICE2011 - Algeria
Security  A number of processes and technologies applied to prevent unauthorized parties from accessing sensitive resources Privacy  The human right to control and manage data about himself, without being monitored by other parties 4 Security Vs Privacy Aladdin T. Dandis / SICE2011 - Algeria
CDAM Ver. 1.0 5Aladdin T. Dandis / SICE2011 - Algeria
Overview  What?  Concurrent Distributed Authentication Model  Why?  To authenticate online users.  How?  The username and password will be checked in many separate authentication database servers rather than one. 6Aladdin T. Dandis / SICE2011 - Algeria
Architecture 7Aladdin T. Dandis / SICE2011 - Algeria S1 Sender Unit Logging Unit Comparison Unit S2 S3 User Legitimate Login False Login to 'Honey Pot' Authentication Servers Farm The Object System False System
Characteristics  Authentication model  Built-in Authorization  Authentication token is used:  Token  Role + Real User Name = Role User Name  Example  Student + Ahmad.d = SAhmad.d 8Aladdin T. Dandis / SICE2011 - Algeria
Authentication & Authorization Algorithms 9Aladdin T. Dandis / SICE2011 - Algeria Enter UserName, Password and Role Check for the requested object Extract Role from the Token Check ACLs for the Role Authorize User Deny user and direct to HoneyPot Authorization Module Calculate the Hash Take the first 5 characters of the hash Take integer values for username and password and Role Check the 5 characters hash Server 1 Server 2 Server 3 Authentication Server Farm ASF Authentication Module Y Y Y N N
Pros  Compromising one authentication server will not affect authentication  Using Hashing  Light authentication Cons  Repeated Cipher patterns  No proof of origin  Denial of service  Vulnerable to sniffers  Homemade hashing algorithm 10 Pros and Cons Aladdin T. Dandis / SICE2011 - Algeria
CDAM Ver. 2.0 11Aladdin T. Dandis / SICE2011 - Algeria
Overview  Overcome Cons in CDAM Ver. 1.0  Still under coding and testing  Scalable for web applications  Multiple open standard and strong encryption algorithms  M:N authentication acceptance 12Aladdin T. Dandis / SICE2011 - Algeria
Architecture 13Aladdin T. Dandis / SICE2011 - Algeria S1 Sender Unit Logging Unit Comparison Unit S2 S3 User Legitimate Login False Login to 'Honey Pot' Authentication Servers Farm The Object System False System
Architecture 14Aladdin T. Dandis / SICE2011 - Algeria S1 Sender Unit Logging Unit Comparison Unit S2 S3 User Legitimate Login False Login to 'Honey Pot' Authentication Servers Farm The Object System False System
Architecture 15Aladdin T. Dandis / SICE2011 - Algeria S1 Sender Unit Logging Unit Comparison Unit S2 S3 User Legitimate Login False Login to 'Honey Pot' Authentication Servers Farm The Object System False System Hashing Algorithm 1 Hashing Algorithm 2 Hashing Algorithm 3
Pros  Compromising one authentication server will not affect authentication  Using Hashing  Light authentication Cons  Repeated Cipher patterns  No proof of origin  Denial of service  Vulnerable to sniffers  Homemade hashing algorithm 16 Evaluation Remedy  Full cipher is written  SSL Certificate  M:N  Encrypted channels  Open standard hashing algorithms Aladdin T. Dandis / SICE2011 - Algeria
Future Work  Integration with OTP  Integration with Smart Card Systems 17Aladdin T. Dandis / SICE2011 - Algeria
Thank You aladdin.d@moict.gov.jo 18Aladdin T. Dandis / SICE2011 - Algeria

Recommended

Iasi code camp 12 october 2013 ana tudosa - challenges in implementing and ...
Iasi code camp 12 october 2013 ana tudosa - challenges in implementing and ...Iasi code camp 12 october 2013 ana tudosa - challenges in implementing and ...
Iasi code camp 12 october 2013 ana tudosa - challenges in implementing and ...Codecamp Romania
 
End-to-End Identity Management
End-to-End Identity ManagementEnd-to-End Identity Management
End-to-End Identity Management
WSO2
 
Clear Pci Vulnerability Scans Web2
Clear Pci Vulnerability Scans Web2Clear Pci Vulnerability Scans Web2
Clear Pci Vulnerability Scans Web2Cybera Inc
 
Sy0 401-q&a-demo-cert magic
Sy0 401-q&a-demo-cert magicSy0 401-q&a-demo-cert magic
Sy0 401-q&a-demo-cert magic
jenie Emmons
 
Secure Code Warrior - Trust no input
Secure Code Warrior - Trust no inputSecure Code Warrior - Trust no input
Secure Code Warrior - Trust no input
Secure Code Warrior
 
Adapting Levels of Assurance for NSTIC
Adapting Levels of Assurance for NSTICAdapting Levels of Assurance for NSTIC
Adapting Levels of Assurance for NSTIC
Jim Fenton
 
Web applications security conference slides
Web applications security conference slidesWeb applications security conference slides
Web applications security conference slides
Bassam Al-Khatib
 
[OPD 2019] Inter-application vulnerabilities
[OPD 2019] Inter-application vulnerabilities[OPD 2019] Inter-application vulnerabilities
[OPD 2019] Inter-application vulnerabilities
OWASP
 

Recommended

Iasi code camp 12 october 2013 ana tudosa - challenges in implementing and ...
Iasi code camp 12 october 2013 ana tudosa - challenges in implementing and ...Iasi code camp 12 october 2013 ana tudosa - challenges in implementing and ...
Iasi code camp 12 october 2013 ana tudosa - challenges in implementing and ...Codecamp Romania
 
End-to-End Identity Management
End-to-End Identity ManagementEnd-to-End Identity Management
End-to-End Identity Management
WSO2
 
Clear Pci Vulnerability Scans Web2
Clear Pci Vulnerability Scans Web2Clear Pci Vulnerability Scans Web2
Clear Pci Vulnerability Scans Web2Cybera Inc
 
Sy0 401-q&a-demo-cert magic
Sy0 401-q&a-demo-cert magicSy0 401-q&a-demo-cert magic
Sy0 401-q&a-demo-cert magic
jenie Emmons
 
Secure Code Warrior - Trust no input
Secure Code Warrior - Trust no inputSecure Code Warrior - Trust no input
Secure Code Warrior - Trust no input
Secure Code Warrior
 
Adapting Levels of Assurance for NSTIC
Adapting Levels of Assurance for NSTICAdapting Levels of Assurance for NSTIC
Adapting Levels of Assurance for NSTIC
Jim Fenton
 
Web applications security conference slides
Web applications security conference slidesWeb applications security conference slides
Web applications security conference slides
Bassam Al-Khatib
 
[OPD 2019] Inter-application vulnerabilities
[OPD 2019] Inter-application vulnerabilities[OPD 2019] Inter-application vulnerabilities
[OPD 2019] Inter-application vulnerabilities
OWASP
 
Security Testing: What Testers Can Do
Security Testing: What Testers Can DoSecurity Testing: What Testers Can Do
Security Testing: What Testers Can Do
TechWell
 
Pki (2nd e transactions forum) v 1.0
Pki (2nd e transactions forum) v 1.0Pki (2nd e transactions forum) v 1.0
Pki (2nd e transactions forum) v 1.0
Aladdin Dandis
 
Building trust attributes in e transactions (final) ver 3.0
Building trust attributes in e transactions (final) ver 3.0Building trust attributes in e transactions (final) ver 3.0
Building trust attributes in e transactions (final) ver 3.0
Aladdin Dandis
 
Webinar hiware
Webinar hiwareWebinar hiware
Webinar hiware
Seokminyoon4
 
Seguridad en información digital Carlos Galeano EMC2 Regional Storage Specialist
Seguridad en información digital Carlos Galeano EMC2 Regional Storage SpecialistSeguridad en información digital Carlos Galeano EMC2 Regional Storage Specialist
Seguridad en información digital Carlos Galeano EMC2 Regional Storage SpecialistMinisterio TIC Colombia
 
Protecting the Software-Defined Data Center from Data Breach
Protecting the Software-Defined Data Center from Data BreachProtecting the Software-Defined Data Center from Data Breach
Protecting the Software-Defined Data Center from Data Breach
CA Technologies
 
Con8817 api management - enable your infrastructure for secure mobile and c...
Con8817 api management - enable your infrastructure for secure mobile and c...Con8817 api management - enable your infrastructure for secure mobile and c...
Con8817 api management - enable your infrastructure for secure mobile and c...
OracleIDM
 
Con8823 access management for the internet of things-final
Con8823 access management for the internet of things-finalCon8823 access management for the internet of things-final
Con8823 access management for the internet of things-final
OracleIDM
 
Securing The Cloud
Securing The CloudSecuring The Cloud
Securing The Cloudgeorge.james
 
CIS 2015 Extreme OpenID Connect - John Bradley
CIS 2015 Extreme OpenID Connect - John BradleyCIS 2015 Extreme OpenID Connect - John Bradley
CIS 2015 Extreme OpenID Connect - John Bradley
CloudIDSummit
 
312 50-demo
312 50-demo312 50-demo
312 50-demo
Tomas Vileikis
 
4 Cyber Security KPIs
4 Cyber Security KPIs4 Cyber Security KPIs
4 Cyber Security KPIs
Steven Aiello
 
2017 Cyber Risk Grades by Industry: Normshield Executive Presentation
2017 Cyber Risk Grades by Industry: Normshield Executive Presentation2017 Cyber Risk Grades by Industry: Normshield Executive Presentation
2017 Cyber Risk Grades by Industry: Normshield Executive Presentation
NormShield, Inc.
 
Anil saldhana oasisid_cloud
Anil saldhana oasisid_cloudAnil saldhana oasisid_cloud
Anil saldhana oasisid_cloudAnil Saldanha
 
CIS13: Identity at Scale
CIS13: Identity at ScaleCIS13: Identity at Scale
CIS13: Identity at Scale
CloudIDSummit
 
Securing The Reality of Multiple Cloud Apps: Pandora's Story
Securing The Reality of Multiple Cloud Apps: Pandora's StorySecuring The Reality of Multiple Cloud Apps: Pandora's Story
Securing The Reality of Multiple Cloud Apps: Pandora's Story
CloudLock
 
Online Authentication
Online AuthenticationOnline Authentication
Online Authentication
Marc-Andre Heroux
 
Riskfactorypcitheessentials 151125164111-lva1-app6892
Riskfactorypcitheessentials 151125164111-lva1-app6892Riskfactorypcitheessentials 151125164111-lva1-app6892
Riskfactorypcitheessentials 151125164111-lva1-app6892
Risk Crew
 
Modern Architectures
Modern ArchitecturesModern Architectures
Modern Architectures
SecureAuth
 
CA Security - Deloitte IAM Summit - Vasu
CA Security - Deloitte IAM Summit - VasuCA Security - Deloitte IAM Summit - Vasu
CA Security - Deloitte IAM Summit - VasuVasu Surabhi
 
The role of big data, artificial intelligence and machine learning in cyber i...
The role of big data, artificial intelligence and machine learning in cyber i...The role of big data, artificial intelligence and machine learning in cyber i...
The role of big data, artificial intelligence and machine learning in cyber i...
Aladdin Dandis
 
Guardians of the future what should we do to secure future cyberspace
Guardians of the future what should we do to secure future cyberspace Guardians of the future what should we do to secure future cyberspace
Guardians of the future what should we do to secure future cyberspace
Aladdin Dandis
 

More Related Content

Similar to Sice2011 cdam by aladdin dandis (final)

Security Testing: What Testers Can Do
Security Testing: What Testers Can DoSecurity Testing: What Testers Can Do
Security Testing: What Testers Can Do
TechWell
 
Pki (2nd e transactions forum) v 1.0
Pki (2nd e transactions forum) v 1.0Pki (2nd e transactions forum) v 1.0
Pki (2nd e transactions forum) v 1.0
Aladdin Dandis
 
Building trust attributes in e transactions (final) ver 3.0
Building trust attributes in e transactions (final) ver 3.0Building trust attributes in e transactions (final) ver 3.0
Building trust attributes in e transactions (final) ver 3.0
Aladdin Dandis
 
Webinar hiware
Webinar hiwareWebinar hiware
Webinar hiware
Seokminyoon4
 
Seguridad en información digital Carlos Galeano EMC2 Regional Storage Specialist
Seguridad en información digital Carlos Galeano EMC2 Regional Storage SpecialistSeguridad en información digital Carlos Galeano EMC2 Regional Storage Specialist
Seguridad en información digital Carlos Galeano EMC2 Regional Storage SpecialistMinisterio TIC Colombia
 
Protecting the Software-Defined Data Center from Data Breach
Protecting the Software-Defined Data Center from Data BreachProtecting the Software-Defined Data Center from Data Breach
Protecting the Software-Defined Data Center from Data Breach
CA Technologies
 
Con8817 api management - enable your infrastructure for secure mobile and c...
Con8817 api management - enable your infrastructure for secure mobile and c...Con8817 api management - enable your infrastructure for secure mobile and c...
Con8817 api management - enable your infrastructure for secure mobile and c...
OracleIDM
 
Con8823 access management for the internet of things-final
Con8823 access management for the internet of things-finalCon8823 access management for the internet of things-final
Con8823 access management for the internet of things-final
OracleIDM
 
Securing The Cloud
Securing The CloudSecuring The Cloud
Securing The Cloudgeorge.james
 
CIS 2015 Extreme OpenID Connect - John Bradley
CIS 2015 Extreme OpenID Connect - John BradleyCIS 2015 Extreme OpenID Connect - John Bradley
CIS 2015 Extreme OpenID Connect - John Bradley
CloudIDSummit
 
312 50-demo
312 50-demo312 50-demo
312 50-demo
Tomas Vileikis
 
4 Cyber Security KPIs
4 Cyber Security KPIs4 Cyber Security KPIs
4 Cyber Security KPIs
Steven Aiello
 
2017 Cyber Risk Grades by Industry: Normshield Executive Presentation
2017 Cyber Risk Grades by Industry: Normshield Executive Presentation2017 Cyber Risk Grades by Industry: Normshield Executive Presentation
2017 Cyber Risk Grades by Industry: Normshield Executive Presentation
NormShield, Inc.
 
Anil saldhana oasisid_cloud
Anil saldhana oasisid_cloudAnil saldhana oasisid_cloud
Anil saldhana oasisid_cloudAnil Saldanha
 
CIS13: Identity at Scale
CIS13: Identity at ScaleCIS13: Identity at Scale
CIS13: Identity at Scale
CloudIDSummit
 
Securing The Reality of Multiple Cloud Apps: Pandora's Story
Securing The Reality of Multiple Cloud Apps: Pandora's StorySecuring The Reality of Multiple Cloud Apps: Pandora's Story
Securing The Reality of Multiple Cloud Apps: Pandora's Story
CloudLock
 
Online Authentication
Online AuthenticationOnline Authentication
Online Authentication
Marc-Andre Heroux
 
Riskfactorypcitheessentials 151125164111-lva1-app6892
Riskfactorypcitheessentials 151125164111-lva1-app6892Riskfactorypcitheessentials 151125164111-lva1-app6892
Riskfactorypcitheessentials 151125164111-lva1-app6892
Risk Crew
 
Modern Architectures
Modern ArchitecturesModern Architectures
Modern Architectures
SecureAuth
 
CA Security - Deloitte IAM Summit - Vasu
CA Security - Deloitte IAM Summit - VasuCA Security - Deloitte IAM Summit - Vasu
CA Security - Deloitte IAM Summit - VasuVasu Surabhi
 

Similar to Sice2011 cdam by aladdin dandis (final) (20)

Security Testing: What Testers Can Do
Security Testing: What Testers Can DoSecurity Testing: What Testers Can Do
Security Testing: What Testers Can Do
 
Pki (2nd e transactions forum) v 1.0
Pki (2nd e transactions forum) v 1.0Pki (2nd e transactions forum) v 1.0
Pki (2nd e transactions forum) v 1.0
 
Building trust attributes in e transactions (final) ver 3.0
Building trust attributes in e transactions (final) ver 3.0Building trust attributes in e transactions (final) ver 3.0
Building trust attributes in e transactions (final) ver 3.0
 
Webinar hiware
Webinar hiwareWebinar hiware
Webinar hiware
 
Seguridad en información digital Carlos Galeano EMC2 Regional Storage Specialist
Seguridad en información digital Carlos Galeano EMC2 Regional Storage SpecialistSeguridad en información digital Carlos Galeano EMC2 Regional Storage Specialist
Seguridad en información digital Carlos Galeano EMC2 Regional Storage Specialist
 
Protecting the Software-Defined Data Center from Data Breach
Protecting the Software-Defined Data Center from Data BreachProtecting the Software-Defined Data Center from Data Breach
Protecting the Software-Defined Data Center from Data Breach
 
Con8817 api management - enable your infrastructure for secure mobile and c...
Con8817 api management - enable your infrastructure for secure mobile and c...Con8817 api management - enable your infrastructure for secure mobile and c...
Con8817 api management - enable your infrastructure for secure mobile and c...
 
Con8823 access management for the internet of things-final
Con8823 access management for the internet of things-finalCon8823 access management for the internet of things-final
Con8823 access management for the internet of things-final
 
Securing The Cloud
Securing The CloudSecuring The Cloud
Securing The Cloud
 
CIS 2015 Extreme OpenID Connect - John Bradley
CIS 2015 Extreme OpenID Connect - John BradleyCIS 2015 Extreme OpenID Connect - John Bradley
CIS 2015 Extreme OpenID Connect - John Bradley
 
312 50-demo
312 50-demo312 50-demo
312 50-demo
 
4 Cyber Security KPIs
4 Cyber Security KPIs4 Cyber Security KPIs
4 Cyber Security KPIs
 
2017 Cyber Risk Grades by Industry: Normshield Executive Presentation
2017 Cyber Risk Grades by Industry: Normshield Executive Presentation2017 Cyber Risk Grades by Industry: Normshield Executive Presentation
2017 Cyber Risk Grades by Industry: Normshield Executive Presentation
 
Anil saldhana oasisid_cloud
Anil saldhana oasisid_cloudAnil saldhana oasisid_cloud
Anil saldhana oasisid_cloud
 
CIS13: Identity at Scale
CIS13: Identity at ScaleCIS13: Identity at Scale
CIS13: Identity at Scale
 
Securing The Reality of Multiple Cloud Apps: Pandora's Story
Securing The Reality of Multiple Cloud Apps: Pandora's StorySecuring The Reality of Multiple Cloud Apps: Pandora's Story
Securing The Reality of Multiple Cloud Apps: Pandora's Story
 
Online Authentication
Online AuthenticationOnline Authentication
Online Authentication
 
Riskfactorypcitheessentials 151125164111-lva1-app6892
Riskfactorypcitheessentials 151125164111-lva1-app6892Riskfactorypcitheessentials 151125164111-lva1-app6892
Riskfactorypcitheessentials 151125164111-lva1-app6892
 
Modern Architectures
Modern ArchitecturesModern Architectures
Modern Architectures
 
CA Security - Deloitte IAM Summit - Vasu
CA Security - Deloitte IAM Summit - VasuCA Security - Deloitte IAM Summit - Vasu
CA Security - Deloitte IAM Summit - Vasu
 

More from Aladdin Dandis

The role of big data, artificial intelligence and machine learning in cyber i...
The role of big data, artificial intelligence and machine learning in cyber i...The role of big data, artificial intelligence and machine learning in cyber i...
The role of big data, artificial intelligence and machine learning in cyber i...
Aladdin Dandis
 
Guardians of the future what should we do to secure future cyberspace
Guardians of the future what should we do to secure future cyberspace Guardians of the future what should we do to secure future cyberspace
Guardians of the future what should we do to secure future cyberspace
Aladdin Dandis
 
How to secure your business on the cloud? practical approach from strategy to...
How to secure your business on the cloud? practical approach from strategy to...How to secure your business on the cloud? practical approach from strategy to...
How to secure your business on the cloud? practical approach from strategy to...
Aladdin Dandis
 
What is still missed for security real life facts
What is still missed for security real life factsWhat is still missed for security real life facts
What is still missed for security real life facts
Aladdin Dandis
 
A practical approach to secure your business on the cloud using aws from str...
A practical approach to secure your business on the cloud using aws from str...A practical approach to secure your business on the cloud using aws from str...
A practical approach to secure your business on the cloud using aws from str...
Aladdin Dandis
 
Fraudulent Methods for Attacking Bank Networks and Prevention 2014
Fraudulent Methods for Attacking Bank Networks and Prevention 2014Fraudulent Methods for Attacking Bank Networks and Prevention 2014
Fraudulent Methods for Attacking Bank Networks and Prevention 2014
Aladdin Dandis
 
The importance of information systems security amid risks posed by accelerate...
The importance of information systems security amid risks posed by accelerate...The importance of information systems security amid risks posed by accelerate...
The importance of information systems security amid risks posed by accelerate...
Aladdin Dandis
 
Ch4 cism 2014
Ch4 cism 2014Ch4 cism 2014
Ch4 cism 2014
Aladdin Dandis
 
Ch3 cism 2014
Ch3 cism 2014Ch3 cism 2014
Ch3 cism 2014
Aladdin Dandis
 
Ch2 cism 2014
Ch2 cism 2014Ch2 cism 2014
Ch2 cism 2014
Aladdin Dandis
 
Module 2 information security risk management student slides ver 1.0
Module 2 information security risk management student slides ver 1.0Module 2 information security risk management student slides ver 1.0
Module 2 information security risk management student slides ver 1.0
Aladdin Dandis
 
Module 3 business continuity student slides ver 1.0
Module 3 business continuity student slides ver 1.0Module 3 business continuity student slides ver 1.0
Module 3 business continuity student slides ver 1.0
Aladdin Dandis
 
Module 1 bc and dr fundamentals student slides ver 1.0
Module 1 bc and dr fundamentals student slides ver 1.0Module 1 bc and dr fundamentals student slides ver 1.0
Module 1 bc and dr fundamentals student slides ver 1.0
Aladdin Dandis
 
Module 4 disaster recovery student slides ver 1.0
Module 4 disaster recovery student slides ver 1.0Module 4 disaster recovery student slides ver 1.0
Module 4 disaster recovery student slides ver 1.0
Aladdin Dandis
 
Assessing a cloud based approach to cyber security
Assessing a cloud based approach to cyber securityAssessing a cloud based approach to cyber security
Assessing a cloud based approach to cyber security
Aladdin Dandis
 
Cisa 2013 ch3
Cisa 2013 ch3Cisa 2013 ch3
Cisa 2013 ch3
Aladdin Dandis
 
Cisa 2013 ch2
Cisa 2013 ch2Cisa 2013 ch2
Cisa 2013 ch2
Aladdin Dandis
 
Cisa 2013 ch4
Cisa 2013 ch4Cisa 2013 ch4
Cisa 2013 ch4
Aladdin Dandis
 
Cisa 2013 ch5
Cisa 2013 ch5Cisa 2013 ch5
Cisa 2013 ch5
Aladdin Dandis
 
Cisa 2013 ch0
Cisa 2013 ch0Cisa 2013 ch0
Cisa 2013 ch0
Aladdin Dandis
 

More from Aladdin Dandis (20)

The role of big data, artificial intelligence and machine learning in cyber i...
The role of big data, artificial intelligence and machine learning in cyber i...The role of big data, artificial intelligence and machine learning in cyber i...
The role of big data, artificial intelligence and machine learning in cyber i...
 
Guardians of the future what should we do to secure future cyberspace
Guardians of the future what should we do to secure future cyberspace Guardians of the future what should we do to secure future cyberspace
Guardians of the future what should we do to secure future cyberspace
 
How to secure your business on the cloud? practical approach from strategy to...
How to secure your business on the cloud? practical approach from strategy to...How to secure your business on the cloud? practical approach from strategy to...
How to secure your business on the cloud? practical approach from strategy to...
 
What is still missed for security real life facts
What is still missed for security real life factsWhat is still missed for security real life facts
What is still missed for security real life facts
 
A practical approach to secure your business on the cloud using aws from str...
A practical approach to secure your business on the cloud using aws from str...A practical approach to secure your business on the cloud using aws from str...
A practical approach to secure your business on the cloud using aws from str...
 
Fraudulent Methods for Attacking Bank Networks and Prevention 2014
Fraudulent Methods for Attacking Bank Networks and Prevention 2014Fraudulent Methods for Attacking Bank Networks and Prevention 2014
Fraudulent Methods for Attacking Bank Networks and Prevention 2014
 
The importance of information systems security amid risks posed by accelerate...
The importance of information systems security amid risks posed by accelerate...The importance of information systems security amid risks posed by accelerate...
The importance of information systems security amid risks posed by accelerate...
 
Ch4 cism 2014
Ch4 cism 2014Ch4 cism 2014
Ch4 cism 2014
 
Ch3 cism 2014
Ch3 cism 2014Ch3 cism 2014
Ch3 cism 2014
 
Ch2 cism 2014
Ch2 cism 2014Ch2 cism 2014
Ch2 cism 2014
 
Module 2 information security risk management student slides ver 1.0
Module 2 information security risk management student slides ver 1.0Module 2 information security risk management student slides ver 1.0
Module 2 information security risk management student slides ver 1.0
 
Module 3 business continuity student slides ver 1.0
Module 3 business continuity student slides ver 1.0Module 3 business continuity student slides ver 1.0
Module 3 business continuity student slides ver 1.0
 
Module 1 bc and dr fundamentals student slides ver 1.0
Module 1 bc and dr fundamentals student slides ver 1.0Module 1 bc and dr fundamentals student slides ver 1.0
Module 1 bc and dr fundamentals student slides ver 1.0
 
Module 4 disaster recovery student slides ver 1.0
Module 4 disaster recovery student slides ver 1.0Module 4 disaster recovery student slides ver 1.0
Module 4 disaster recovery student slides ver 1.0
 
Assessing a cloud based approach to cyber security
Assessing a cloud based approach to cyber securityAssessing a cloud based approach to cyber security
Assessing a cloud based approach to cyber security
 
Cisa 2013 ch3
Cisa 2013 ch3Cisa 2013 ch3
Cisa 2013 ch3
 
Cisa 2013 ch2
Cisa 2013 ch2Cisa 2013 ch2
Cisa 2013 ch2
 
Cisa 2013 ch4
Cisa 2013 ch4Cisa 2013 ch4
Cisa 2013 ch4
 
Cisa 2013 ch5
Cisa 2013 ch5Cisa 2013 ch5
Cisa 2013 ch5
 
Cisa 2013 ch0
Cisa 2013 ch0Cisa 2013 ch0
Cisa 2013 ch0
 

Recently uploaded

Announcement of 18th IEEE International Conference on Software Testing, Verif...
Announcement of 18th IEEE International Conference on Software Testing, Verif...Announcement of 18th IEEE International Conference on Software Testing, Verif...
Announcement of 18th IEEE International Conference on Software Testing, Verif...
Sebastiano Panichella
 
Bitcoin Lightning wallet and tic-tac-toe game XOXO
Bitcoin Lightning wallet and tic-tac-toe game XOXOBitcoin Lightning wallet and tic-tac-toe game XOXO
Bitcoin Lightning wallet and tic-tac-toe game XOXO
Matjaž Lipuš
 
Sharpen existing tools or get a new toolbox? Contemporary cluster initiatives...
Sharpen existing tools or get a new toolbox? Contemporary cluster initiatives...Sharpen existing tools or get a new toolbox? Contemporary cluster initiatives...
Sharpen existing tools or get a new toolbox? Contemporary cluster initiatives...
Orkestra
 
Obesity causes and management and associated medical conditions
Obesity causes and management and associated medical conditionsObesity causes and management and associated medical conditions
Obesity causes and management and associated medical conditions
Faculty of Medicine And Health Sciences
 
Acorn Recovery: Restore IT infra within minutes
Acorn Recovery: Restore IT infra within minutesAcorn Recovery: Restore IT infra within minutes
Acorn Recovery: Restore IT infra within minutes
IP ServerOne
 
somanykidsbutsofewfathers-140705000023-phpapp02.pptx
somanykidsbutsofewfathers-140705000023-phpapp02.pptxsomanykidsbutsofewfathers-140705000023-phpapp02.pptx
somanykidsbutsofewfathers-140705000023-phpapp02.pptx
Howard Spence
 
Bonzo subscription_hjjjjjjjj5hhhhhhh_2024.pdf
Bonzo subscription_hjjjjjjjj5hhhhhhh_2024.pdfBonzo subscription_hjjjjjjjj5hhhhhhh_2024.pdf
Bonzo subscription_hjjjjjjjj5hhhhhhh_2024.pdf
khadija278284
 
0x01 - Newton's Third Law: Static vs. Dynamic Abusers
0x01 - Newton's Third Law: Static vs. Dynamic Abusers0x01 - Newton's Third Law: Static vs. Dynamic Abusers
0x01 - Newton's Third Law: Static vs. Dynamic Abusers
OWASP Beja
 
International Workshop on Artificial Intelligence in Software Testing
International Workshop on Artificial Intelligence in Software TestingInternational Workshop on Artificial Intelligence in Software Testing
International Workshop on Artificial Intelligence in Software Testing
Sebastiano Panichella
 
Eureka, I found it! - Special Libraries Association 2021 Presentation
Eureka, I found it! - Special Libraries Association 2021 PresentationEureka, I found it! - Special Libraries Association 2021 Presentation
Eureka, I found it! - Special Libraries Association 2021 Presentation
Access Innovations, Inc.
 
Doctoral Symposium at the 17th IEEE International Conference on Software Test...
Doctoral Symposium at the 17th IEEE International Conference on Software Test...Doctoral Symposium at the 17th IEEE International Conference on Software Test...
Doctoral Symposium at the 17th IEEE International Conference on Software Test...
Sebastiano Panichella
 
Competition and Regulation in Professional Services – KLEINER – June 2024 OEC...
Competition and Regulation in Professional Services – KLEINER – June 2024 OEC...Competition and Regulation in Professional Services – KLEINER – June 2024 OEC...
Competition and Regulation in Professional Services – KLEINER – June 2024 OEC...
OECD Directorate for Financial and Enterprise Affairs
 
Getting started with Amazon Bedrock Studio and Control Tower
Getting started with Amazon Bedrock Studio and Control TowerGetting started with Amazon Bedrock Studio and Control Tower
Getting started with Amazon Bedrock Studio and Control Tower
Vladimir Samoylov
 

Recently uploaded (13)

Announcement of 18th IEEE International Conference on Software Testing, Verif...
Announcement of 18th IEEE International Conference on Software Testing, Verif...Announcement of 18th IEEE International Conference on Software Testing, Verif...
Announcement of 18th IEEE International Conference on Software Testing, Verif...
 
Bitcoin Lightning wallet and tic-tac-toe game XOXO
Bitcoin Lightning wallet and tic-tac-toe game XOXOBitcoin Lightning wallet and tic-tac-toe game XOXO
Bitcoin Lightning wallet and tic-tac-toe game XOXO
 
Sharpen existing tools or get a new toolbox? Contemporary cluster initiatives...
Sharpen existing tools or get a new toolbox? Contemporary cluster initiatives...Sharpen existing tools or get a new toolbox? Contemporary cluster initiatives...
Sharpen existing tools or get a new toolbox? Contemporary cluster initiatives...
 
Obesity causes and management and associated medical conditions
Obesity causes and management and associated medical conditionsObesity causes and management and associated medical conditions
Obesity causes and management and associated medical conditions
 
Acorn Recovery: Restore IT infra within minutes
Acorn Recovery: Restore IT infra within minutesAcorn Recovery: Restore IT infra within minutes
Acorn Recovery: Restore IT infra within minutes
 
somanykidsbutsofewfathers-140705000023-phpapp02.pptx
somanykidsbutsofewfathers-140705000023-phpapp02.pptxsomanykidsbutsofewfathers-140705000023-phpapp02.pptx
somanykidsbutsofewfathers-140705000023-phpapp02.pptx
 
Bonzo subscription_hjjjjjjjj5hhhhhhh_2024.pdf
Bonzo subscription_hjjjjjjjj5hhhhhhh_2024.pdfBonzo subscription_hjjjjjjjj5hhhhhhh_2024.pdf
Bonzo subscription_hjjjjjjjj5hhhhhhh_2024.pdf
 
0x01 - Newton's Third Law: Static vs. Dynamic Abusers
0x01 - Newton's Third Law: Static vs. Dynamic Abusers0x01 - Newton's Third Law: Static vs. Dynamic Abusers
0x01 - Newton's Third Law: Static vs. Dynamic Abusers
 
International Workshop on Artificial Intelligence in Software Testing
International Workshop on Artificial Intelligence in Software TestingInternational Workshop on Artificial Intelligence in Software Testing
International Workshop on Artificial Intelligence in Software Testing
 
Eureka, I found it! - Special Libraries Association 2021 Presentation
Eureka, I found it! - Special Libraries Association 2021 PresentationEureka, I found it! - Special Libraries Association 2021 Presentation
Eureka, I found it! - Special Libraries Association 2021 Presentation
 
Doctoral Symposium at the 17th IEEE International Conference on Software Test...
Doctoral Symposium at the 17th IEEE International Conference on Software Test...Doctoral Symposium at the 17th IEEE International Conference on Software Test...
Doctoral Symposium at the 17th IEEE International Conference on Software Test...
 
Competition and Regulation in Professional Services – KLEINER – June 2024 OEC...
Competition and Regulation in Professional Services – KLEINER – June 2024 OEC...Competition and Regulation in Professional Services – KLEINER – June 2024 OEC...
Competition and Regulation in Professional Services – KLEINER – June 2024 OEC...
 
Getting started with Amazon Bedrock Studio and Control Tower
Getting started with Amazon Bedrock Studio and Control TowerGetting started with Amazon Bedrock Studio and Control Tower
Getting started with Amazon Bedrock Studio and Control Tower
 

Sice2011 cdam by aladdin dandis (final)

  • 1. Concurrent Distributed Authentication Model (CDAM) Aladdin T. Dandis Information Security Compliance Officer Jordan eGovernment Program / MoICT 1Aladdin T. Dandis / SICE2011 - Algeria
  • 2. Agenda  Introduction  CDAM Ver. 1.0  Pros and Cons  CDAM Ver. 2.0  Pros and Cons  Conclusions 2Aladdin T. Dandis / SICE2011 - Algeria
  • 3. Introduction  This project was originally concerned about applying security and privacy considerations in school systems.  The system is a web-database application.  The target client was a private school in Amman.  Problem  the old system lacks security and privacy considerations. 3Aladdin T. Dandis / SICE2011 - Algeria
  • 4. Security  A number of processes and technologies applied to prevent unauthorized parties from accessing sensitive resources Privacy  The human right to control and manage data about himself, without being monitored by other parties 4 Security Vs Privacy Aladdin T. Dandis / SICE2011 - Algeria
  • 5. CDAM Ver. 1.0 5Aladdin T. Dandis / SICE2011 - Algeria
  • 6. Overview  What?  Concurrent Distributed Authentication Model  Why?  To authenticate online users.  How?  The username and password will be checked in many separate authentication database servers rather than one. 6Aladdin T. Dandis / SICE2011 - Algeria
  • 7. Architecture 7Aladdin T. Dandis / SICE2011 - Algeria S1 Sender Unit Logging Unit Comparison Unit S2 S3 User Legitimate Login False Login to 'Honey Pot' Authentication Servers Farm The Object System False System
  • 8. Characteristics  Authentication model  Built-in Authorization  Authentication token is used:  Token  Role + Real User Name = Role User Name  Example  Student + Ahmad.d = SAhmad.d 8Aladdin T. Dandis / SICE2011 - Algeria
  • 9. Authentication & Authorization Algorithms 9Aladdin T. Dandis / SICE2011 - Algeria Enter UserName, Password and Role Check for the requested object Extract Role from the Token Check ACLs for the Role Authorize User Deny user and direct to HoneyPot Authorization Module Calculate the Hash Take the first 5 characters of the hash Take integer values for username and password and Role Check the 5 characters hash Server 1 Server 2 Server 3 Authentication Server Farm ASF Authentication Module Y Y Y N N
  • 10. Pros  Compromising one authentication server will not affect authentication  Using Hashing  Light authentication Cons  Repeated Cipher patterns  No proof of origin  Denial of service  Vulnerable to sniffers  Homemade hashing algorithm 10 Pros and Cons Aladdin T. Dandis / SICE2011 - Algeria
  • 11. CDAM Ver. 2.0 11Aladdin T. Dandis / SICE2011 - Algeria
  • 12. Overview  Overcome Cons in CDAM Ver. 1.0  Still under coding and testing  Scalable for web applications  Multiple open standard and strong encryption algorithms  M:N authentication acceptance 12Aladdin T. Dandis / SICE2011 - Algeria
  • 13. Architecture 13Aladdin T. Dandis / SICE2011 - Algeria S1 Sender Unit Logging Unit Comparison Unit S2 S3 User Legitimate Login False Login to 'Honey Pot' Authentication Servers Farm The Object System False System
  • 14. Architecture 14Aladdin T. Dandis / SICE2011 - Algeria S1 Sender Unit Logging Unit Comparison Unit S2 S3 User Legitimate Login False Login to 'Honey Pot' Authentication Servers Farm The Object System False System
  • 15. Architecture 15Aladdin T. Dandis / SICE2011 - Algeria S1 Sender Unit Logging Unit Comparison Unit S2 S3 User Legitimate Login False Login to 'Honey Pot' Authentication Servers Farm The Object System False System Hashing Algorithm 1 Hashing Algorithm 2 Hashing Algorithm 3
  • 16. Pros  Compromising one authentication server will not affect authentication  Using Hashing  Light authentication Cons  Repeated Cipher patterns  No proof of origin  Denial of service  Vulnerable to sniffers  Homemade hashing algorithm 16 Evaluation Remedy  Full cipher is written  SSL Certificate  M:N  Encrypted channels  Open standard hashing algorithms Aladdin T. Dandis / SICE2011 - Algeria
  • 17. Future Work  Integration with OTP  Integration with Smart Card Systems 17Aladdin T. Dandis / SICE2011 - Algeria
  • 18. Thank You aladdin.d@moict.gov.jo 18Aladdin T. Dandis / SICE2011 - Algeria