Scribd Logo
Carica

Benvenuto in Scribd!

  • Tuesday AfterNoon Section

    Caricato da

    Arun Anoop M
    40 visualizzazioni23 pagine
    This document discusses single sign-on (SSO) systems and authentication methods. It describes SSO as allowing a user to authenticate once to access multiple applications and websites. .NET Passport is presented as an early SSO system implemented using cookies. The registration process for Passport included CAPTCHAs to verify humans and email validation. Authentication involved Passport writing cookies to allow access to participating sites using those credentials without re-authenticating. Other authentication methods discussed include something you know (e.g. password), something you have (e.g. smart card), and something you are (e.g. biometrics).

    Descrizione originale:

    Class Notes

    Copyright

    © © All Rights Reserved

    Formati disponibili

    PPT, PDF, TXT o leggi online da Scribd

    Hai trovato utile questo documento?

    Questo contenuto è inappropriato?

    Segnala questo documento
    This document discusses single sign-on (SSO) systems and authentication methods. It describes SSO as allowing a user to authenticate once to access multiple applications and websites. .NET Passport is presented as an early SSO system implemented using cookies. The registration process for Passport included CAPTCHAs to verify humans and email validation. Authentication involved Passport writing cookies to allow access to participating sites using those credentials without re-authenticating. Other authentication methods discussed include something you know (e.g. password), something you have (e.g. smart card), and something you are (e.g. biometrics).

    Copyright:

    © All Rights Reserved
    Scarica in formato PPT, PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    40 visualizzazioni23 pagine

    Tuesday AfterNoon Section

    Caricato da

    Arun Anoop M
    This document discusses single sign-on (SSO) systems and authentication methods. It describes SSO as allowing a user to authenticate once to access multiple applications and websites. .NET Passport is presented as an early SSO system implemented using cookies. The registration process for Passport included CAPTCHAs to verify humans and email validation. Authentication involved Passport writing cookies to allow access to participating sites using those credentials without re-authenticating. Other authentication methods discussed include something you know (e.g. password), something you have (e.g. smart card), and something you are (e.g. biometrics).

    Copyright:

    © All Rights Reserved
    Scarica in formato PPT, PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    di 23

    10/02/2015-AfterNoonSection

    Arun Anoop M,
    Asst. Professor-CSE,
    MESCE,Kuttipuram

    Something You Have


    Something in your possession
    Examples include following
    Car key
    Laptop computer (or MAC address)
    Password generator (next)
    ATM card, smartcard, etc.

    Part 2

    Access Control

    Password Generator
    1. Im Alice

    3. PIN, R
    password
    generator

    4.h(K,R)
    5. h(K,R)

    Part 2

    2. R

    Alice

    Bob, K

    Alice receives random challenge R from Bob


    Alice enters PIN and R in password generator
    Password generator hashes symmetric key K with R
    Alice sends response h(K,R)back to Bob
    Bob verifies response
    Note: Alice haspwd generator and knowsPIN
    Access Control

    2-factor Authentication

    Requires any 2 out of 3 of


    o
    o
    o

    Examples

    Part 2

    Something you know


    Something you have
    Something you are
    ATM: Card and PIN
    Credit card: Card and signature
    Password generator: Device and PIN
    Smartcard with password/PIN

    Access Control

    Single Sign-on
    A hassle to enter password(s) repeatedly
    Alice wants to authenticate only once
    Credentials stay with Alice wherever she goes
    Subsequent authentications transparent to Alice

    Kerberos --- example single sign-on protocol


    Single sign-on for the Internet?
    Microsoft: Passport
    Everybody else: Liberty Alliance
    Security Assertion Markup Language (SAML)

    Part 2

    Access Control

    Single Sign-on
    Systems

    Scenario
    Going to travel
    Sign in for booking flight ticket
    Sign in for booking hotel room
    Sign in for renting a car

    Multi sign on is troublesome


    Is it possible to just sign-on once to perform
    all the actions?
    Single sign-on can be used to answer that
    question.

    Definitions of Single Sign-On (SSO) on the Web:


    Users sign onto a site only once and are given access to one or
    more applications in a single domain or across multiple
    domains.
    A mechanism to verify a user across multiple applications
    through a single authentication challenge. WebSphere
    Portal Server uses Java Authentication and Authorization
    Services to achieve single sign-on.

    One log-on provides access to all resources of the network,


    LAN, or WAN.

    Single Sign-On enables users to login quickly


    and securely to all their applications, websites
    and mainframe sessions with just one identity.

    .NET Passport
    Microsoft .NET Passport
    - Passport single sign in service
    - Kids Passport service
    Passport supplies registered users an electronic ticket.
    With this ticket users are authorized to access pages
    in participating sites.

    .NET Passport
    An implementation of Single Sign-On system,
    based on the cookie mechanism.
    Employing technique to prevent attacks
    - Captcha telling human from computers
    - Secure Sockets Layer (SSL)

    .NET Passport
    Registration process
    - Information stored in passport account
    - Captcha
    - E-mail Validation
    Authentication process
    - Cookies written by passport
    - Navigate to another Participating Site
    - Secure Sockets Layer (SSL)

    Registration process
    Captcha Human Interaction Protocol
    - telling human from computers by asking registers to type
    in alphanumeric characters from a picture
    - bots attackers submit thousands of fake registrations in
    short time

    Registration process

    CAPTCHA stands for Completely Automated

    Public Turing Test to Tell Computers and Humans Apart.

    CAPTCHA test is a program that can generate and grade tests


    that:
    - Most humans can pass.
    - Current computer programs can't pass.

    For example, humans can read distorted text as the one shown below
    but current computer programs can't:

    Web Cookies
    Cookie is provided by a Website and stored
    on users machine
    A cookie is a file created by a web browser,
    at the request of a web site, that is then
    stored on a computer.
    Cookies maintain state across sessions
    Web uses a stateless protocol: HTTP
    Cookies also maintain state within a session

    On a public machine, a user who forgets to log out


    could leave valid authentication for any users to misuse.
    Part 2

    Access Control

    Each time you access a file through your


    web browser, the browser caches (stores) it.
    You should periodically clear the cache to
    allow your browser to function more
    efficiently.
    A browser's history is a log of sites that you
    visit.
    When you use a browser's Back button, you
    are moving back one entry in the history log.
    Browsers will normally clear the history at
    regular intervals, but you may want to clear
    it manually for privacy.

    The Web server retrieves the users


    information from those cookies when the
    user later returns to the same website
    The cookies purpose is to acquire
    information for use in subsequent serverbrowser communications without asking
    for the same information.

    ARUN ANOOP M,AP,CSE


    dept.,MESCE Kuttipuram

    Potrebbero piacerti anche