A Strong Single Sign on User Authentication Scheme without Verifier Table for Cloud Based Services

Size: px
Start display at page:

Download "A Strong Single Sign on User Authentication Scheme without Verifier Table for Cloud Based Services"

Transcription

1 302 Int'l Conf. Security and Management SAM'15 A Strong Single Sign on User Authentication Scheme without Verifier Table for Cloud Based Services B. Sumitra 1, M. Mohammed 2, and R. Pethuru 3 1 Research Scholar, Computer Science, Christ University, Bangalore, Karnataka, India 2 Senior Technical Officer, C-DAC, Electronic City, Bangalore, Karnataka, India 3 Infrastructure Architect, IBM India Pvt. Ltd., Bangalore, Karnataka, India Abstract - Cloud computing is an emerging computing paradigm that offers computational facilities and storage as services dynamically on demand basis via the Internet. The ability to scale resources and the pay-as-you-go usage model has contributed to its growth. However, Cloud computing inevitably poses various security challenges and majority of prospective customers are worried about who has access to their data. Service providers need to ensure that only authorized users access the resources and for this they need to adopt strong user authentication mechanisms. The mechanism should provide users with the flexibility to access multiple services without repeated registration and authentication at each provider. Considering these requirements, this paper proposes a Single Sign on based two factor authentication protocol for Cloud based services. The proposed scheme uses Password and a crypto-token as authentication factors and does not require a verifier table. The formal verification of the protocol is done using Scyther.. Keywords: Cloud; Two-Factor Authentication; Single Sign-On; Cryptotoken; Scyther 1 Introduction Revolutionary advances in hardware, networking, middleware and virtual machines have led to the emergence of the utility based distributed computing model, viz. Cloud Computing that provides computation facilities and storage as services accessible via the Internet. Cloud computing offers individuals and companies affordable storage, professional maintenance and adjustable space without much investment in new infrastructure, training or software licensing. The elasticity and scalability of resources, combined with ``pay-as-you-go'' resource usage has heralded the rise of Cloud Computing. Infographic reports that 63% of financial services, 62% of manufacturing, 59% of health care and 51% of transportation industries are using Cloud computing services [1]. Rackspace reports that this pay-asyou-go service saves around 58% of cost [2]. By 2016 more than 50% of global 1000 companies are projected to store their sensitive data in Public Clouds [3]. Anticipating this switch over, many large technology companies such as Amazon and Google have built huge data centers to offer Cloud computing services with self-service interface so that Cloud users can use on-demand resources with location independence. Though the self-service interface provided by Cloud enables users to access the resources without human interaction with the service provider, the indirect control of the physical infrastructure introduces many vulnerabilities unknown in a non-cloud environment. The Cloud model for delivering computing and processing power has raised many security concerns such as data security, identity and access management, key management and Virtual machine security which could limit the use of Cloud computing. Furthermore, in [4,5] authors have pointed out that identity and access management issues in Cloud requires immediate attention of Cloud Service Provider s (CSP s) to accelerate the adoption of Cloud. A survey by Fujitsu Research Institute [6] reveals that 88% of prospective customers are worried about unauthorized access to their data in the Cloud. To provide secure access to sensitive data, CSP s need to ensure that only valid users are accessing the resources and services hosted in the Cloud and to make this possible they need to adopt strong user authentication mechanisms. Password authentication is the most commonly used authentication mechanism but irrespective of the strength of the passwords it is found to be susceptible to various attacks [7]. Furthermore, for traditional remote login mechanisms, a user needs to register with different SP s and remember various identities and passwords for ensuring higher security in a multi-server environment (MSE). This may cause user inconvenience, since users can remember only around seven passwords [8]. Therefore, in a MSE, single registration to a trusted registration center is a primary requirement and users can receive desired services from various service providers without repeating registration and by using a single login credential. Single Sign on (SSO) approach satisfies this requirement by allowing users to register once at the Identity provider and thereafter access multiple Track: Security Applications Cloud Computing security

2 Int'l Conf. Security and Management SAM' services hosted in different domains using the same password. Relying on a single password to access different accounts can result in account take over at many sites, in case the single password is compromised. Strong authentication mechanisms address this issue by authenticating users based on a combination of two or more factors. Taking into consideration the storage and computational capabilities of smart cards, a number of password based authentication scheme with smart cards have been proposed [9,10]. Most of the proposed schemes assume that the smart card is tamper resistant and recent research results have revealed that the secret information stored in the smart card could be extracted by some means such as monitoring the power consumption [11] and analyzing the leaked information [12]. Therefore such schemes based on the tamper resistance assumption of smart cards are prone to attacks such as impersonation attack, password guessing attack etc. once an adversary has obtained the secret information stored in a smart card. Biometric authentication mechanisms are also quite popular and biometric identifiers are difficult to forge. Biometrics is unique to the individual and non-transferable, but biometric authentication mechanisms have the drawback of being costly as they need additional hardware to read and process the stored data. Hence, there is an immediate requirement to design strong authentication mechanisms that maintains a good level of usability. This paper discusses a two-factor authentication mechanism for cloud based services. The proposed scheme uses cryptotoken and password as the authentication factors. The proposed protocol does not require a Password verifier table at the Server and provides SSO functionality using Security Assertion Mark-up Language (SAML) protocol [13]. The rest of the paper is organized as follows. Section 2 reviews the related work. Section 3 discusses the authentication architecture & protocol and section 4 analyzes the security of the proposed scheme. Section 5 includes the efficiency analysis of the proposed scheme, section 6 discusses the formal analysis of the protocol using Scyther tool and section 7 concludes the work done. 2 Related Work This section discusses a few user authentication schemes proposed for Cloud environment. Hao et al. [14] in 2011 proposed a time-bound ticket based mutual authentication scheme for Cloud computing. In their scheme the authors follow an authentication model similar to that of Kerberos where in a user, to access the services from an Application server should first authenticate himself to and get tickets from a ticket granting server. Authors claimed that their scheme provides mutual authentication and is secure against lost smart card attack, offline password guessing attack, lost ticket attack, masquerade attack and replay attack. In 2013, Jaidhar et al. [15] proved that the scheme [14] is susceptible to Denial of service (DoS) attack and the password change phase requires the involvement of the Server. Authors proposed an improved mutual authentication scheme which inherited the security measures of Hao et al. s scheme and was resistant to DoS attack. Choudhary et al. proposed an user authentication framework for Cloud environment [16] that provides two-step verification using password, Smart Card and out of band (OOB) authentication token. The scheme uses an OTP sent to the user via his ID as the out of band authentication factor. Authors claimed that their scheme provides identity management, mutual authentication, session key agreement etc. and is resistant to various attacks. Rui Jiang [17] in 2013 proved that their scheme is prone to masquerade user attack, the OOB attack, and has a flaw in the password change phase. They proposed a modified scheme that addresses the security issues of [16], but uses time stamps which can lead to time synchronization problems in a distributed Cloud environment especially when client and server are from two different time zones. Also the protocol requires the server to store a variant of the user password, which can result in a stolen verifier attack. Sanjeet et al. [18] proposed a user authentication scheme which uses symmetric keys to exchange communication between user and server in which case key distribution may be a challenge. The protocol uses a one-time token which is sent to the registered users id. In this scenario, the authentication process will require logging into two accounts which may cause user inconvenience. The above discussed authentication schemes [14-18] do not provide the SSO functionality which is preferable in a multiserver environment as it enhances user convenience. Also the scheme [14-17] uses Smart Cards that require an additional device to read/write which has an additional cost implication. 3 Proposed Scheme 3.1 Architecture of Proposed Scheme The proposed architecture includes three participants viz. an Identity Provider (), Cloud SP s and users. The users and SP s, need to register with the. A user who attempts to access the services of a SP without registering at, will be redirected by the SP to the s registration page. After registration, the user should be authenticated by before accessing the services provided by SP. and SP work in a trust based environment. A user who tries to login to the SP after the registration process will be redirected by the SP to. will authenticate the user and send the

3 304 Int'l Conf. Security and Management SAM'15 authentication response to SP. The process flows of the registration and authentication stages are depicted in Figure User Authentication User PC 2. Registration Confirmation Identity Provider AS ` 1. Registration Request 3. Authentication Request 6. Authentication Response SP 4. Redirects Authentication Request 1a. Redirects Registrati on Request U a to submit the Identity and Password of the user. U a chooses her identity ID a and Password P a and the phase proceeds as illustrated in figure 2, which can be explained as follows. UR1: U a Computes b = h(p a) b, k = g 0 and submits h(id a), k to through a secure channel. checks whether the submitted h(id a) already exists in its user table and if so prompts U a to submit a new ID, otherwise proceeds as follows: computes B i = h(h(id a) h(sid)) ; J i= h(sid h(y)) h(id a) h(sid h(y)) k) ; E i = B i h(sid h(y)) where y is a secret key of and h(.) is a one way hash function. UR2: personalizes the crypto-token with the parameters E i, J i, h(.) and sends the crypto-token to U a via a secure channel. On receiving the device, U a stores g 0 into the crypto-token which now contains { E i, J i, h(.), g 0}. Fig.1 Registration & Authentication Process SP IDP 3.2 Phases of Proposed Scheme The proposed scheme consists of Initialization, registration, Login & Authentication and Password change phase. The notations used are listed in Table I. TABLE 1. NOTATIONS U a,, SP User a, Identity Provider, Service provider ID a, P a Identity, Password of user U a. SID, y Server ID of, Secret key of G Additive cyclic group of prime order g 0 Generator of additive cyclic group r Random number generated by Audi Pass unique to each session h(. ),, hash function, XOR operation, Concatenation Operation Secure Communication Channel Initialization Phase During this phase, U a generates a finite additive cyclic group G of prime order n with g 0 as the generator. Registration request Redirect Registration request to U a Selects ID a, P a,g 0 and computes b= h( P a U a submits (h(id a ), k) ), k = g b 0 U a keys in g 0 into AP selects master secret y computes B i = h(h(id a ) h(sid)) ; J i = h(sid h(y)) h(id a ) h(sid h(y)) k) ; E i = B i h(sid h(y)) stores {C i, E i,j i, sends AP to U a h(.)} into AP Fig.2 Registration Phase Login and Authentication Phase Whenever a registered user wants to login to access the services of the Service Provider SP, she attaches the crypto- token to the system and proceeds as follows: UL1: U a requests for login to the SP. SP checks for an existing session with U a and if there is no valid session, SP redirects U a to with a SAML authentication request. UL2: U a keys in her ID a and P a. crypto-token computes, b = h(p a), b k* = g Registration Phase If user wants to register for the services of a SP, the user U a clicks the Create Account link at SPs web site. SP redirects U a to the registration page of the. prompts

4 Int'l Conf. Security and Management SAM' BROWSER SP U a tries to access a protected resource by clicking the URL SAML Request to for authenticating U a Generate SAML request for authentication Display Login form SAML Request to for authenticating U a Check for valid session. If not ask for login. Prompt U a to insert AP N AP inserted? Y Not a registered user N Enter ID, PW C i = C i* Y Redirect to Registration page of Terminate Session Generate r. Compute CID i, M 1, P ij, t, Z i (CID i, M 1, P ij, t, Z i ) Compute M 1 * N M 1 * = M 1 Terminate Session Login Rejected Login Accepted Authentication Failed U a Successfully authenticated Fig3. Login &Authentication Phase UL5: crypto- token computes h(sid h(y))* = J i h(id a) h(sid h(y))* k*) and compares with crypto- token. If invalid, AP terminates the session. Otherwise generates the login message as follows: UL6: crypto- token generates a random number r and computes nonce n 1= g r 0. crypto- token computes P ij = E i h(sid h(y)) n 1) ; B i = E i h(sid h(y)) ; CID i = C i B i n 1 SID) ; M 1 = Pij C i B i n 1) ; t = g 0 h(sid h(y)) ; Z i= (r - CID i) h(sid h(y)) and sends (CID i, M 1, P ij, t, Z i) to UL7: Upon receipt of the login message the performs the authentication process using her own SID and h(y) values UL8: computes, r = (Z i + CID i) h(sid h(y)) ; g 0= t h(sid h(y)) ; n 1*= r g 0, E i = P ij h(sid h(y)) n 1) ; B i* = E i h(sid h(y)) ; C i* = CID i B i* n 1* SID) ; UL9: computes M 1 *= Pij C i* B i* n 1*) and compares with the M 1 in the login message received from U a. If valid, considers the authentication as successful. creates a response message containing the result of the authentication process and redirects it to the SP. The SP permits or denies access to the services after verifying the response from the Password Change Phase U a attaches his crypto-token into the system and keys in his ID a and P a. crypto-token computes ID a, P a and compares with crypto-token. If invalid, crypto-token terminates the session. Otherwise prompts U a to enter the new password P anew. U a enters P anew. AP computes b new, k new; J inew, C inew and replaces C i and J i in the cryptotoken with C inew and J inew respectively. 4 Security Analysis of Proposed Protocol 4.1 Security against Guessing Attack The proposed protocol is secure against guessing attack as it is impossible within polynomial time, for an adversary to retrieve user s password P a or s secret key from the intercepted parameters (CID i, M 1, P ij, t, Z i). 4.2 Security against Malicious Insider Attack In the proposed scheme, user submits k = g 0 h(pa) to rather than the plain text form of the password. This guards the password from being revealed to and hence even if the user uses the same password to login to other servers, her credentials will not be susceptible to insider attack

5 306 Int'l Conf. Security and Management SAM' Security against Replay Attack The scheme is resistant to replay attack since nonce values used to in each authentication message is unique and varies for each session. Hence the will be able to identify a replayed login message (CID i, M 1, P ij, t, Z i) by checking the freshness of nonce, n 1 which is unique to a session. 4.4 Security against Stolen Verifier Attack The proposed scheme does not require a verifier/password table and hence is resistant to Stolen Verifier attack. 4.5 Security against User Impersonation If an adversary attempts to impersonate a valid user, he should be able to forge a valid login request on behalf of the user. In the proposed scheme if an adversary intercepts the login message (CID i, M 1, P ij, t, Z i) and attempts to generate a similar message, he will fail since the value of nonce n 1 as well as the server s secret key y is unknown to him. 4.6 Security against DoS Attack A DoS attack can be launched by an adversary by creating invalid login request messages and bombarding the server with the same. This attack can also be launched by an adversary who has got control over the server and is able to modify the user information stored in the server s database which in turn prevents the valid user from accessing the resources. The first scenario will not work in the case of the proposed scheme, since it is impossible for the adversary to create valid login request messages without knowing the password. The validity of the password is checked at the client side before creating a login request. The second scenario is also not applicable in the proposed scheme, since the server does not maintain a verifier/password table. 4.7 Security against crypto-token Lost Attack If the adversary steals the crypto-token containing the parameters ( E i, J i, h(.), g 0), he can neither retrieve the user s password nor the s master secret y from the stored value. To extract the password from k = g 0 h(pa), the adversary needs to solve the discrete logarithm problem. Again the password is used in the hashed form which is irreversible. 5 Efficiency Analysis of Protocol This section analyzes the efficiency of the proposed protocol scheme in terms of the computational and the communication cost. It is assumed that ID a, PW a, nonce values are 128 bits long and the output of hash function(sha-2 ) is 256 bits long. Let T h, T x and T E denote the time complexity for hashing and XOR and exponentiation operation respectively. In the protocol, the parameters stored in the crypto-token are E i, J i and g 0 and the memory (E1) needed in the cryptotoken is 896 (3* ) bits. Communication cost of authentication (E2) includes the capacity of transmitting message involved in the authentication. The capacity of transmitting message (CID i, M 1, P ij, t, Z i) is 1280 (3*256) bits. The computation cost of user registration (E3) is the total time of all operations executed in this phase by the user and and is equal to 7T h+ 2T x+ 1T E.The computation cost of the user (E4) and the (E5) is the total time of all operations executed by the crypto-token and during login and authentication. During authentication, the crypto-token performs 6 hash functions, 6 XOR and 2 exponentiation making E4 equal to 6T h+ 6T x+ 2T E. Similarly E5 is 3T h+ 5T x+ 1T E. 6 Formal Analysis Using Scyther 6.1 Scyther Tool Automatic tools are preferred in protocol analysis and among the various available tools, Scyther [19] is used for the verification of the proposed protocol. Scyther provides a graphical user interface which incorporates the Scyther command line and python scripting interface. The description of a protocol and the claims in Scyther are written in Security Protocol Description Language (SPDL). The proposed protocol can be written in SPDL as follows. //Login and Authentication Phase const exp: Function; hashfunction h; const XOR: Function; const h1:function; const diff: Function; protocol ssauth (I,R){ role I { const ID, x, y,r,g, SID,n1,p,t; send_1(i,r, (XOR(( h( h(id), h(sid,h(y)), h1(g,h(p)))),(h(( h(h(id),h(sid))),h1(g,r ), (SID), //CIDi (h((xor((xor((h(h(id),h(sid))),(h(sid,h(y)))) ),(h(h(sid,h(y)),h1(g,r) )))),(h( h(id), h(sid,h(y)), h1(g,h(p)))), (h(h(id),h(sid))), h1(g,r)), //Mi (XOR((XOR((h(h(ID),h(SID))),(h(SID,h(y)))) ),(h(h(sid,h(y)),h1(g,r) )))), //Pij (XOR((g),h(SID,h(y)))), //t (XOR((diff((r),(XOR((h( h(id), h(sid,h(y)), h1(g,h(p)))),(h(( h(h(id),h(sid))), h1(g,r ), (SID) )))))),h(sid,h(y))))) ))))); //Zi claim_i1(i,secret, (XOR((XOR((h(h(ID),h(SID))),(h(SID,h(y)))) ),(h(h(sid,h(y)),h1(g,r) ))))); //claim for pij claim_i2(i,secret,xor(( h( h(id), h(sid,h(y)), h1(g,h(p)))),(h(( h(h(id),h(sid))),h1(g,r ), (SID) )))); //claim for CID claim_i3(i,secret, XOR((diff((r),(XOR((h( h(id), h(sid,h(y)), h1(g,h(p)))),(h(( h(h(id),h(sid))), h1(g,r ), (SID) )))))),h(sid,h(y)))); //claim for Zi

6 Int'l Conf. Security and Management SAM' claim_i4(i,secret,h((xor((xor((h(h(id),h(sid))),(h(sid,h( y)))) ),(h(h(sid,h(y)),h1(g,r) )))),(h( h(id), h(y), h1(g,h(p)))), (h(h(id),h(sid))), h1(g,r))); //claim for Mi claim_i5(i,secret, XOR((g),h(SID,h(y)))); //claim for t claim_i6(i,secret, h1(g,r)); claim_i7(i,niagree); claim_i8(i,nisynch); } role R{ const ID,x,y,r,g,SID,n1,p,t; recv_6(i,r, (XOR(( h( h(id), h(sid,h(y)), h1(g,h(p)))), (h((h(h(id),h(sid))),h1(g,r), (SID), (h((xor((xor((h(h(id),h(sid))),(h(sid,h(y))))), (h(h(sid,h(y)),h1(g,r) )))),(h( h(id), h(sid,h(y)), h1(g,h(p)))), (h(h(id),h(sid))), h1(g,r)), (XOR((XOR((h(h(ID),h(SID))),(h(SID,h(y))))),(h(h(SID,h(y) ), h1(g,r) )))), (XOR((g),h(SID,h(y)))), (XOR((diff((r),(XOR((h( h(id), h(sid,h(y)), h1(g,h(p)))), (h(( h(h(id),h(sid))), h1(g,r ), (SID) )))))),h(sid,h(y))))) ))))); claim_r1(r,secret,(xor((xor((h(h(id),h(sid))),(h(sid,h(y )))) ),(h(h(sid,h(y)),h1(g,r) ))))); claim_r2(r,secret,xor(( h( h(id), h(y), h1(g,h(p)))),(h(( h(h(id),h(sid))),h1(g,r ), (SID) )))); claim_r3(r,secret, XOR((diff((r),(XOR((h( h(id), h(sid,h(y)), h1(g,h(p)))),(h(( h(h(id),h(sid))), h1(g,r ), (SID) )))))),h(sid,h(y)))); claim_r4(r,secret,h((xor((xor((h(h(id),h(sid))),(h(sid,h (y)))) ),(h(h(sid,h(y)),h1(g,r)) ))),(h( h(id), h(y), h1(g,h(p)))), (h(h(id),h(sid))), h1(g,r))); claim_r5(r,secret, XOR((g),h(SID,h(y)))); claim_r6(r,niagree); claim_r7(r,nisynch); } } 6.2 Scyther Analysis Results and Interpretation The protocol analysis model defined in Scyther is role based security model where in roles represent different behaviors. In order to analyze the protocol we assume the existence of an adversary in the communication network. The adversary s capabilities are as defined by Dolev-Yao Network threat model [20] and it is assumed that the network is completely or partially under the control of the adversary. The complete results of the analysis of the proposed protocol are shown in Fig. 4. The output of the verification process is described according to the following Scyther attributes. Fig.4 Protocol Verification Results generated by Scyther

7 308 Int'l Conf. Security and Management SAM'15 Secrecy: The first claim is that the protocol ensures the confidentiality of the user s credentials. After analyzing, it is obvious from the results that the user s credentials are not revealed to the adversary when communicated over an untrusted network. As shown in Fig 4. The authentication parameters {y, g, P ij, t, M i, CID i, Z i} retain the confidentiality during the course of 10 protocol runs. Non-Injective Agreement (NiAgree): Niagree claim made claims that sender and the receiver agree upon the values of variables exchanged and the analysis results justify the correctness of this claim. Synchronisation:Ni-Synch or Non-Injective Synchronisation property requires that the corresponding send and receive Events (1) are executed by the runs indicated by the cast function, (2) happened in the correct order, and (3) have the Same contents. The proposed protocol satisfies this claim as indicated by the result of Scyther analysis. 7 Conclusions The proposed authentication scheme provides the user with the flexibility to do single registration at the and Sign on once during a session to access multiple services. The proposed protocol uses a password and a crypto-token as the authentication factors. The scheme uses SAML to provide SSO functionality and the scheme do not require a verifier table at the server. The paper discusses the security analysis of the proposed scheme against common attacks and the automated attacks using theoretical and formal analysis respectively 8 References [1] G. Meijer, 5 Cloud Computing Statistics, Technical Report, Infographics, 2012 [2] B. Nicholson, A. Owrak, and L.Daly, Cloud Computing Research. Technical Report, Manchester Business School, Commissioned by RackSpace, 2013 [3] D.M. Smith, Y.V Natis, G.Petri, T.J Bittman, E.Knipp, P.Malinverno, and J.Feiman, Predicts 2012: Cloud Computing is becoming a Reality, Technical Report G , Gartner, 2011 [4] L.Ponemon, Security of Cloud Computing Users, Ponemon Institute, research report, May [5] F.Gens, New IDC IT Cloud Services Survey: Top Benefits and Challenges, IDC Exchange, 2009, [6] Fujitsu, Personal Data in the Cloud: A Global Survey of Consumer Attitudes, Technical Report, Fujitsu research Institute, 2010 [7] D. Florencio and C. Herley, A Large-Scale Study of Web Based Password Habits, In Proceedings of the 16 th International Conference on World Wide Web (New York, NY, USA, 2007), WWW 07, ACM. Pp [8] J.Yan, A. Blackwell, R. Anderson, A. Grant, Password Memorability and Security: Empirical Results, Security& Privacy, IEEE vol.2, 2004, pp [9] W.C Ku, S.M Chen, Weaknesses and Improvements of an Efficient Password Based Remote User Authentication Scheme Using Smart Cards, IEEE Transactions Consumer Electronics 50(1), , 2004 [10] Y.C Chen, L.Y Yeh, An Efficient Nonce-Based Authentication Scheme with Key Agreement, Applied Mathematics and Computation, 169(2), , 2005 [11] P. Kocher, J.Jaffe, B.Jun, Differential Power Analysis, In: M. Wiener (ed.) CRYPTO LNCS, vol. 1666, pp Springer, Heidelberg, 2010 [12] T.S Messerges, E.A dabbish, R.H Sloan, Examining Smart Card Security Under the Threat of Power Analysis Attacks, IEEE Transactions on Computers 51(5), , 2002 [13] OASIS, Security Assertion Mark Up Language, V2.0, Technical Overview, Online; accessed 29-APRIL-2015 [14] Z. Hao, S.Zhong, N.Yu, A time-bound Ticket Based Mutual Authentication Scheme for Cloud Computing, Inernational Journal of Computers, Communications & Control, vol. 6, 2011 [15] C.D Jaidhar, Enhance Mutual Authentication Scheme for Cloud Architecture, in Proc. 3 rd IEEE International Advanced Computing Conference (IACC), 2013 [16] J.C.Amlan, K.Pradeep, S.Mangal, E.L.Hyota, Hoon- Jue-Lee, A Strong User Authentication Framework for Cloud Computing, IEEE Asia-Pacific services Computing Conference, 2011 [17] Rui Jiang, Advanced Secure User Authentication framework for Cloud Computing, International Journal of Smart Sensing and Intelligent Systems, Vol. 6, No.4, September 2013 [18] Sanjeet Kumar Nayak, Subasish Mohapatra, Bansidhar Majhi, An improved Mutual Authentication Framework for Cloud Computing, IJCA, vol.52-no.5, Aug.2012 [19] C.Cremers, Scyther Semantics and Verification of Security Protocols, PhD dissertation: Eindhoven University of Technology, 2006 [20] D.Dolev and A.C Yao, On the Security of Public-key Protocols, IEEE Transactions on Information Theory, 2(29): pp , 1983

CRYPTANALYSIS OF A MORE EFFICIENT AND SECURE DYNAMIC ID-BASED REMOTE USER AUTHENTICATION SCHEME

CRYPTANALYSIS OF A MORE EFFICIENT AND SECURE DYNAMIC ID-BASED REMOTE USER AUTHENTICATION SCHEME CRYPTANALYSIS OF A MORE EFFICIENT AND SECURE DYNAMIC ID-BASED REMOTE USER AUTHENTICATION SCHEME Mohammed Aijaz Ahmed 1, D. Rajya Lakshmi 2 and Sayed Abdul Sattar 3 1 Department of Computer Science and

More information

Security Enhanced Anonymous Multi-Server Authenticated Key Agreement Scheme using Smart Card and Biometrics

Security Enhanced Anonymous Multi-Server Authenticated Key Agreement Scheme using Smart Card and Biometrics Security Enhanced Anonymous Multi-Server Authenticated Key Agreement Scheme using Smart Card and Biometrics Younsung Choi College of Information and Communication Engineering, Sungkyunkwan University,

More information

A Unique-ID based Usable Multi-Factor Authentication Scheme for e-services

A Unique-ID based Usable Multi-Factor Authentication Scheme for e-services Int'l Conf. Security and Management SAM'15 295 A Unique-ID based Usable Multi-Factor Authentication Scheme for e-services Mohammed Misbahuddin, Roshni VS, Anna Thomas, Uttam Kumar Centre for Development

More information

Client Server Registration Protocol

Client Server Registration Protocol Client Server Registration Protocol The Client-Server protocol involves these following steps: 1. Login 2. Discovery phase User (Alice or Bob) has K s Server (S) has hash[pw A ].The passwords hashes are

More information

A More Robust Authentication Scheme for Roaming Service in Global Mobility Networks Using ECC

A More Robust Authentication Scheme for Roaming Service in Global Mobility Networks Using ECC International Journal of Network Security, Vol.18, No.2, PP.217-223, Mar. 2016 217 A More Robust Authentication Scheme for Roaming Service in Global Mobility Networks Using ECC Dianli Guo and Fengtong

More information

Evaluation of different Open Source Identity management Systems

Evaluation of different Open Source Identity management Systems Evaluation of different Open Source Identity management Systems Ghasan Bhatti, Syed Yasir Imtiaz Linkoping s universitetet, Sweden [ghabh683, syeim642]@student.liu.se 1. Abstract Identity management systems

More information

Efficient nonce-based authentication scheme for Session Initiation Protocol

Efficient nonce-based authentication scheme for Session Initiation Protocol Efficient nonce-based authentication scheme for Session Initiation Protocol Jia Lun Tsai National Chiao Tung University, Taiwan, R.O.C. crousekimo@yahoo.com.tw Abstract: In recent years, Session Initiation

More information

A Stubborn Security Model Based on Three-factor Authentication and Modified Public Key

A Stubborn Security Model Based on Three-factor Authentication and Modified Public Key International Journal of Network Security, Vol.18, No.6, PP.1060-1070, Nov. 2016 1060 A Stubborn Security Model Based on Three-factor Authentication and Modified Public Key Trung Thanh Ngo and Tae-Young

More information

Authentication and Authorization Applications in 4G Networks

Authentication and Authorization Applications in 4G Networks Authentication and Authorization Applications in 4G Networks Abstract Libor Dostálek dostalek@prf.jcu.cz Faculty of Science University of South Bohemia Ceske Budejovice, Czech Republic The principle of

More information

A Secure Authenticate Framework for Cloud Computing Environment

A Secure Authenticate Framework for Cloud Computing Environment A Secure Authenticate Framework for Cloud Computing Environment Nitin Nagar 1, Pradeep k. Jatav 2 Abstract Cloud computing has an important aspect for the companies to build and deploy their infrastructure

More information

WHITE PAPER Usher Mobile Identity Platform

WHITE PAPER Usher Mobile Identity Platform WHITE PAPER Usher Mobile Identity Platform Security Architecture For more information, visit Usher.com info@usher.com Toll Free (US ONLY): 1 888.656.4464 Direct Dial: 703.848.8710 Table of contents Introduction

More information

Efficient Nonce-based Authentication Scheme for. session initiation protocol

Efficient Nonce-based Authentication Scheme for. session initiation protocol International Journal of Network Security, Vol.9, No.1, PP.12 16, July 2009 12 Efficient Nonce-based Authentication for Session Initiation Protocol Jia Lun Tsai Degree Program for E-learning, Department

More information

On the Security Vulnerabilities of a Hash Based Strong Password Authentication Scheme

On the Security Vulnerabilities of a Hash Based Strong Password Authentication Scheme On the Security Vulnerabilities of a Hash Based Strong Password Authentication Scheme Manoj Kumar Department of Mathematics R. K. College Shamli-Muzaffarnagar,.P.-India - 247776 E-mail: yamu balyan@yahoo.co.in

More information

An Anti-Phishing mechanism for Single Sign-On based on QR-Code

An Anti-Phishing mechanism for Single Sign-On based on QR-Code An Anti-Phishing mechanism for Single Sign-On based on QR-Code Syamantak Mukhopadhyay School of Electronics and Computer Science University of Southampton Southampton, UK sm19g10@ecs.soton.ac.uk David

More information

Application of Automatic Variable Password Technique in Das s Remote System Authentication Scheme Using Smart Card

Application of Automatic Variable Password Technique in Das s Remote System Authentication Scheme Using Smart Card Application of Automatic Variable Password Technique in Das s Remote System Authentication Scheme Using Smart Card C. Koner, Member, IACSIT, C. T. Bhunia, Sr. Member, IEEE and U. Maulik, Sr. Member, IEEE

More information

Capture Resilient ElGamal Signature Protocols

Capture Resilient ElGamal Signature Protocols Capture Resilient ElGamal Signature Protocols Hüseyin Acan 1, Kamer Kaya 2,, and Ali Aydın Selçuk 2 1 Bilkent University, Department of Mathematics acan@fen.bilkent.edu.tr 2 Bilkent University, Department

More information

An Improved Authentication Protocol for Session Initiation Protocol Using Smart Card and Elliptic Curve Cryptography

An Improved Authentication Protocol for Session Initiation Protocol Using Smart Card and Elliptic Curve Cryptography ROMANIAN JOURNAL OF INFORMATION SCIENCE AND TECHNOLOGY Volume 16, Number 4, 2013, 324 335 An Improved Authentication Protocol for Session Initiation Protocol Using Smart Card and Elliptic Curve Cryptography

More information

Dynamic Query Updation for User Authentication in cloud Environment

Dynamic Query Updation for User Authentication in cloud Environment Dynamic Query Updation for User Authentication in cloud Environment Gaurav Shrivastava 1, Dr. S. Prabakaran 2 1 Research Scholar, Department of Computer Science, SRM University, Kattankulathur, Tamilnadu,

More information

Public Auditing & Automatic Protocol Blocking with 3-D Password Authentication for Secure Cloud Storage

Public Auditing & Automatic Protocol Blocking with 3-D Password Authentication for Secure Cloud Storage Public Auditing & Automatic Protocol Blocking with 3-D Password Authentication for Secure Cloud Storage P. Selvigrija, Assistant Professor, Department of Computer Science & Engineering, Christ College

More information

2-FACTOR AUTHENTICATION FOR MOBILE APPLICATIONS: INTRODUCING DoubleSec

2-FACTOR AUTHENTICATION FOR MOBILE APPLICATIONS: INTRODUCING DoubleSec 2-FACTOR AUTHENTICATION FOR MOBILE APPLICATIONS: INTRODUCING DoubleSec TECHNOLOGY WHITEPAPER DSWISS LTD INIT INSTITUTE OF APPLIED INFORMATION TECHNOLOGY JUNE 2010 V1.0 1 Motivation With the increasing

More information

SINGLE SIGN-ON MECHANISM FOR DISTRIBUTED COMPUTING SECURITY ENVIRONMENT

SINGLE SIGN-ON MECHANISM FOR DISTRIBUTED COMPUTING SECURITY ENVIRONMENT SINGLE SIGN-ON MECHANISM FOR DISTRIBUTED COMPUTING SECURITY ENVIRONMENT K.karthika 1, M. Daya kanimozhi Rani 2 1 K.karthika, Assistant professor, Department of IT, Adhiyamaan College of Engineering, Hosur

More information

The Feasibility and Application of using a Zero-knowledge Protocol Authentication Systems

The Feasibility and Application of using a Zero-knowledge Protocol Authentication Systems The Feasibility and Application of using a Zero-knowledge Protocol Authentication Systems Becky Cutler Rebecca.cutler@tufts.edu Mentor: Professor Chris Gregg Abstract Modern day authentication systems

More information

IDENTITY MANAGEMENT. February 2008. The Government of the Hong Kong Special Administrative Region

IDENTITY MANAGEMENT. February 2008. The Government of the Hong Kong Special Administrative Region IDENTITY MANAGEMENT February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part without

More information

Authentication Protocols Using Hoover-Kausik s Software Token *

Authentication Protocols Using Hoover-Kausik s Software Token * JOURNAL OF INFORMATION SCIENCE AND ENGINEERING 22, 691-699 (2006) Short Paper Authentication Protocols Using Hoover-Kausik s Software Token * WEI-CHI KU AND HUI-LUNG LEE + Department of Computer Science

More information

Two Factor Zero Knowledge Proof Authentication System

Two Factor Zero Knowledge Proof Authentication System Two Factor Zero Knowledge Proof Authentication System Quan Nguyen Mikhail Rudoy Arjun Srinivasan 6.857 Spring 2014 Project Abstract It is often necessary to log onto a website or other system from an untrusted

More information

CS 356 Lecture 28 Internet Authentication. Spring 2013

CS 356 Lecture 28 Internet Authentication. Spring 2013 CS 356 Lecture 28 Internet Authentication Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists

More information

OpenHRE Security Architecture. (DRAFT v0.5)

OpenHRE Security Architecture. (DRAFT v0.5) OpenHRE Security Architecture (DRAFT v0.5) Table of Contents Introduction -----------------------------------------------------------------------------------------------------------------------2 Assumptions----------------------------------------------------------------------------------------------------------------------2

More information

QR-SSO : Towards a QR-Code based Single Sign-On system

QR-SSO : Towards a QR-Code based Single Sign-On system QR-SSO : Towards a QR-Code based Single Sign-On system Syamantak Mukhopadhyay School of Electronics and Computer Science University of Southampton Southampton, UK sm19g10@ecs.soton.ac.uk David Argles School

More information

Chapter 16: Authentication in Distributed System

Chapter 16: Authentication in Distributed System Chapter 16: Authentication in Distributed System Ajay Kshemkalyani and Mukesh Singhal Distributed Computing: Principles, Algorithms, and Systems Cambridge University Press A. Kshemkalyani and M. Singhal

More information

Leveraging SAML for Federated Single Sign-on:

Leveraging SAML for Federated Single Sign-on: Leveraging SAML for Federated Single Sign-on: Seamless Integration with Web-based Applications whether cloudbased, private, on-premise, or behind a firewall Single Sign-on Layer v.3.2-006 PistolStar, Inc.

More information

Flexible Identity Federation

Flexible Identity Federation Flexible Identity Federation Quick start guide version 1.0.1 Publication history Date Description Revision 2015.09.23 initial release 1.0.0 2015.12.11 minor updates 1.0.1 Copyright Orange Business Services

More information

Economic and Social Council

Economic and Social Council UNITED NATIONS E Economic and Social Council Distr. GENERAL ECE/TRANS/WP.30/AC.2/2008/2 21 November 2007 Original: ENGLISH ECONOMIC COMMISSION FOR EUROPE Administrative Committee for the TIR Convention,

More information

Contents. Identity Assurance (Scott Rea Dartmouth College) IdM Workshop, Brisbane Australia, August 19, 2008

Contents. Identity Assurance (Scott Rea Dartmouth College) IdM Workshop, Brisbane Australia, August 19, 2008 Identity Assurance (Scott Rea Dartmouth College) IdM Workshop, Brisbane Australia, August 19, 2008 Contents Authentication and Identity Assurance The Identity Assurance continuum Plain Password Authentication

More information

Device-based Secure Data Management Scheme in a Smart Home

Device-based Secure Data Management Scheme in a Smart Home Int'l Conf. Security and Management SAM'15 231 Device-based Secure Data Management Scheme in a Smart Home Ho-Seok Ryu 1, and Jin Kwak 2 1 ISAA Lab., Department of Computer Engineering, Ajou University,

More information

Single Sign-On Secure Authentication Password Mechanism

Single Sign-On Secure Authentication Password Mechanism Single Sign-On Secure Authentication Password Mechanism Deepali M. Devkate, N.D.Kale ME Student, Department of CE, PVPIT, Bavdhan, SavitribaiPhule University Pune, Maharashtra,India. Assistant Professor,

More information

Kerberos: An Authentication Service for Computer Networks by Clifford Neuman and Theodore Ts o. Presented by: Smitha Sundareswaran Chi Tsong Su

Kerberos: An Authentication Service for Computer Networks by Clifford Neuman and Theodore Ts o. Presented by: Smitha Sundareswaran Chi Tsong Su Kerberos: An Authentication Service for Computer Networks by Clifford Neuman and Theodore Ts o Presented by: Smitha Sundareswaran Chi Tsong Su Introduction Kerberos: An authentication protocol based on

More information

Providing Data Protection as a Service in Cloud Computing

Providing Data Protection as a Service in Cloud Computing International Journal of Scientific and Research Publications, Volume 3, Issue 6, June 2013 1 Providing Data Protection as a Service in Cloud Computing Sunumol Cherian *, Kavitha Murukezhan ** * Department

More information

A Vulnerability in the Song Authentication Protocol for Low-Cost RFID Tags

A Vulnerability in the Song Authentication Protocol for Low-Cost RFID Tags A Vulnerability in the Song Authentication Protocol for Low-Cost RFID Tags Sarah Abughazalah, Konstantinos Markantonakis, and Keith Mayes Smart Card Centre-Information Security Group (SCC-ISG) Royal Holloway,

More information

Security Model for VM in Cloud

Security Model for VM in Cloud Security Model for VM in Cloud 1 Venkataramana.Kanaparti, 2 Naveen Kumar R, 3 Rajani.S, 4 Padmavathamma M, 5 Anitha.C 1,2,3,5 Research Scholars, 4Research Supervisor 1,2,3,4,5 Dept. of Computer Science,

More information

Security Analysis of PLAID

Security Analysis of PLAID Security Analysis of PLAID Dai Watanabe 1 Yokoyama Laboratory, Hitachi, Ltd., 292 Yoshida-cho, Totsuka-ku, Yokohama, 244-0817, Japan dai.watanabe.td@hitachi.com Abstract. PLAID is a mutual authentication

More information

OpenID and identity management in consumer services on the Internet

OpenID and identity management in consumer services on the Internet OpenID and identity management in consumer services on the Internet Kari Helenius Helsinki University of Technology kheleniu@cc.hut.fi Abstract With new services emerging on the Internet daily, users need

More information

International Journal of Software and Web Sciences (IJSWS) www.iasir.net

International Journal of Software and Web Sciences (IJSWS) www.iasir.net International Association of Scientific Innovation and Research (IASIR) (An Association Unifying the Sciences, Engineering, and Applied Research) ISSN (Print): 2279-0063 ISSN (Online): 2279-0071 International

More information

New Single Sign-on Options for IBM Lotus Notes & Domino. 2012 IBM Corporation

New Single Sign-on Options for IBM Lotus Notes & Domino. 2012 IBM Corporation New Single Sign-on Options for IBM Lotus Notes & Domino 2012 IBM Corporation IBM s statements regarding its plans, directions, and intent are subject to change or withdrawal without notice at IBM s sole

More information

SECURITY ANALYSIS OF PASSWORD BASED MUTUAL AUTHENTICATION METHOD FOR REMOTE USER

SECURITY ANALYSIS OF PASSWORD BASED MUTUAL AUTHENTICATION METHOD FOR REMOTE USER SECURITY ANALYSIS OF PASSWORD BASED MUTUAL AUTHENTICATION METHOD FOR REMOTE USER Mrs. P.Venkateswari Assistant Professor / CSE Erode Sengunthar Engineering College, Thudupathi ABSTRACT Nowadays Communication

More information

CryptoNET: Security Management Protocols

CryptoNET: Security Management Protocols CryptoNET: Security Management Protocols ABDUL GHAFOOR ABBASI, SEAD MUFTIC CoS, School of Information and Communication Technology Royal Institute of Technology Borgarfjordsgatan 15, SE-164 40, Kista,

More information

Rfid Authentication Protocol for security and privacy Maintenance in Cloud Based Employee Management System

Rfid Authentication Protocol for security and privacy Maintenance in Cloud Based Employee Management System Rfid Authentication Protocol for security and privacy Maintenance in Cloud Based Employee Management System ArchanaThange Post Graduate Student, DKGOI s COE, Swami Chincholi, Maharashtra, India archanathange7575@gmail.com,

More information

Architecture of Enterprise Applications III Single Sign-On

Architecture of Enterprise Applications III Single Sign-On Architecture of Enterprise Applications III Single Sign-On Haopeng Chen REliable, INtelligent and Scalable Systems Group (REINS) Shanghai Jiao Tong University Shanghai, China e-mail: chen-hp@sjtu.edu.cn

More information

Tenrox. Single Sign-On (SSO) Setup Guide. January, 2012. 2012 Tenrox. All rights reserved.

Tenrox. Single Sign-On (SSO) Setup Guide. January, 2012. 2012 Tenrox. All rights reserved. Tenrox Single Sign-On (SSO) Setup Guide January, 2012 2012 Tenrox. All rights reserved. About this Guide This guide provides a high-level technical overview of the Tenrox Single Sign-On (SSO) architecture,

More information

On the Security Enhancement of Integrated Electronic Patient Records Information Systems

On the Security Enhancement of Integrated Electronic Patient Records Information Systems Computer Science and Information Systems 12(2):857 872 DOI: 10.2298/CSIS141029030K On the Security Enhancement of Integrated Electronic Patient Records Information Systems Muhammad Khurram Khan 1, Ankita

More information

Computer Systems Security 2013/2014. Single Sign-On. Bruno Maia ei09095@fe.up.pt. Pedro Borges ei09063@fe.up.pt

Computer Systems Security 2013/2014. Single Sign-On. Bruno Maia ei09095@fe.up.pt. Pedro Borges ei09063@fe.up.pt Computer Systems Security 2013/2014 Single Sign-On Bruno Maia ei09095@fe.up.pt Pedro Borges ei09063@fe.up.pt December 13, 2013 Contents 1 Introduction 2 2 Explanation of SSO systems 2 2.1 OpenID.................................

More information

M-Pass: Web Authentication Protocol Resistant to Malware and Phishing

M-Pass: Web Authentication Protocol Resistant to Malware and Phishing M-Pass: Web Authentication Protocol Resistant to Malware and Phishing Ajinkya S. Yadav M.E.student, Department of Computer Engineering. Pune University, Pune A. K.Gupta Professor, Department of Computer

More information

Session Initiation Protocol Attacks and Challenges

Session Initiation Protocol Attacks and Challenges 2012 IACSIT Hong Kong Conferences IPCSIT vol. 29 (2012) (2012) IACSIT Press, Singapore Session Initiation Protocol Attacks and Challenges Hassan Keshavarz +, Mohammad Reza Jabbarpour Sattari and Rafidah

More information

Information Security Basic Concepts

Information Security Basic Concepts Information Security Basic Concepts 1 What is security in general Security is about protecting assets from damage or harm Focuses on all types of assets Example: your body, possessions, the environment,

More information

A Generic Framework to Enhance Two- Factor Authentication in Cryptographic Smart-card Applications

A Generic Framework to Enhance Two- Factor Authentication in Cryptographic Smart-card Applications A Generic Framework to Enhance Two- Factor Authentication in Cryptographic Smart-card Applications G.Prakash #1, M.Kannan *2 # Research Scholar, Information and Communication Engineering, Anna University

More information

How To Use Kerberos

How To Use Kerberos KERBEROS 1 Kerberos Authentication Service Developed at MIT under Project Athena in mid 1980s Versions 1-3 were for internal use; versions 4 and 5 are being used externally Version 4 has a larger installed

More information

Attestation and Authentication Protocols Using the TPM

Attestation and Authentication Protocols Using the TPM Attestation and Authentication Protocols Using the TPM Ariel Segall June 21, 2011 Approved for Public Release: 11-2876. Distribution Unlimited. c 2011. All Rights Reserved. (1/28) Motivation Almost all

More information

Secure Password Management With Smart Cards

Secure Password Management With Smart Cards Secure Password Management With Smart Cards Nuno Pinheiro Instituto Superior Técnico nunopinheiro@ist.utl.pt Abstract. Currently, most user authentication services are based on passwords. To avoid memorization

More information

Single Password, Multiple Accounts

Single Password, Multiple Accounts Single Password, Multiple Accounts Mohamed G. Gouda Alex X. Liu 1 Lok M. Leung 2 Mohamed A. Alam 2 Department of Computer Sciences, The University of Texas at Austin, Austin, Texas 78712-0233, U.S.A. {gouda,

More information

Monitoring Data Integrity while using TPA in Cloud Environment

Monitoring Data Integrity while using TPA in Cloud Environment Monitoring Data Integrity while using TPA in Cloud Environment Jaspreet Kaur, Jasmeet Singh Abstract Cloud Computing is the arising technology that delivers software, platform and infrastructure as a service

More information

The increasing popularity of mobile devices is rapidly changing how and where we

The increasing popularity of mobile devices is rapidly changing how and where we Mobile Security BACKGROUND The increasing popularity of mobile devices is rapidly changing how and where we consume business related content. Mobile workforce expectations are forcing organizations to

More information

managing SSO with shared credentials

managing SSO with shared credentials managing SSO with shared credentials Introduction to Single Sign On (SSO) All organizations, small and big alike, today have a bunch of applications that must be accessed by different employees throughout

More information

Authentication Types. Password-based Authentication. Off-Line Password Guessing

Authentication Types. Password-based Authentication. Off-Line Password Guessing Authentication Types Chapter 2: Security Techniques Background Secret Key Cryptography Public Key Cryptography Hash Functions Authentication Chapter 3: Security on Network and Transport Layer Chapter 4:

More information

Copyright: WhosOnLocation Limited

Copyright: WhosOnLocation Limited How SSO Works in WhosOnLocation About Single Sign-on By default, your administrators and users are authenticated and logged in using WhosOnLocation s user authentication. You can however bypass this and

More information

Authentication Application

Authentication Application Authentication Application KERBEROS In an open distributed environment servers to be able to restrict access to authorized users to be able to authenticate requests for service a workstation cannot be

More information

API-Security Gateway Dirk Krafzig

API-Security Gateway Dirk Krafzig API-Security Gateway Dirk Krafzig Intro Digital transformation accelerates application integration needs Dramatically increasing number of integration points Speed Security Industrial robustness Increasing

More information

Preventing Abuse of Cookies Stolen by XSS

Preventing Abuse of Cookies Stolen by XSS Preventing Abuse of Cookies Stolen by XSS Hiroya Takahashi Kenji Yasunaga Masahiro Mambo Kwangjo Kim KAIST Korea Heung Youl Youm Soonchunhyang University Korea Abstract Cross Site Scripting (XSS) makes

More information

Enhancing Web Application Security

Enhancing Web Application Security Enhancing Web Application Security Using Another Authentication Factor Karen Lu and Asad Ali Gemalto, Inc. Technology & Innovations Austin, TX, USA Overview Introduction Current Statet Smart Cards Two-Factor

More information

Secure Authentication of Distributed Networks by Single Sign-On Mechanism

Secure Authentication of Distributed Networks by Single Sign-On Mechanism Secure Authentication of Distributed Networks by Single Sign-On Mechanism Swati Sinha 1, Prof. Sheerin Zadoo 2 P.G.Student, Department of Computer Application, TOCE, Bangalore, Karnataka, India 1 Asst.Professor,

More information

Kerberos. Guilin Wang. School of Computer Science, University of Birmingham G.Wang@cs.bham.ac.uk

Kerberos. Guilin Wang. School of Computer Science, University of Birmingham G.Wang@cs.bham.ac.uk Kerberos Guilin Wang School of Computer Science, University of Birmingham G.Wang@cs.bham.ac.uk 1 Entity Authentication and Key Exchange In the last talk, we discussed key exchange and reviewed some concrete

More information

Chapter 1: Introduction

Chapter 1: Introduction Chapter 1 Introduction 1 Chapter 1: Introduction 1.1 Inspiration Cloud Computing Inspired by the cloud computing characteristics like pay per use, rapid elasticity, scalable, on demand self service, secure

More information

Secure File Transfer Using USB

Secure File Transfer Using USB International Journal of Scientific and Research Publications, Volume 2, Issue 4, April 2012 1 Secure File Transfer Using USB Prof. R. M. Goudar, Tushar Jagdale, Ketan Kakade, Amol Kargal, Darshan Marode

More information

Dashlane Security Whitepaper

Dashlane Security Whitepaper Dashlane Security Whitepaper November 2014 Protection of User Data in Dashlane Protection of User Data in Dashlane relies on 3 separate secrets: The User Master Password Never stored locally nor remotely.

More information

SECURITY ANALYSIS OF A SINGLE SIGN-ON MECHANISM FOR DISTRIBUTED COMPUTER NETWORKS

SECURITY ANALYSIS OF A SINGLE SIGN-ON MECHANISM FOR DISTRIBUTED COMPUTER NETWORKS SECURITY ANALYSIS OF A SINGLE SIGN-ON MECHANISM FOR DISTRIBUTED COMPUTER NETWORKS Abstract: The Single sign-on (SSO) is a new authentication mechanism that enables a legal user with a single credential

More information

Secure Authentication and Session. State Management for Web Services

Secure Authentication and Session. State Management for Web Services Lehman 0 Secure Authentication and Session State Management for Web Services Clay Lehman CSC 499: Honors Thesis Supervised by: Dr. R. Michael Young Lehman 1 1. Introduction Web services are a relatively

More information

Internet Banking Two-Factor Authentication using Smartphones

Internet Banking Two-Factor Authentication using Smartphones Internet Banking Two-Factor Authentication using Smartphones Costin Andrei SOARE IT&C Security Master Department of Economic Informatics and Cybernetics Bucharest University of Economic Studies, Romania

More information

2.4: Authentication Authentication types Authentication schemes: RSA, Lamport s Hash Mutual Authentication Session Keys Trusted Intermediaries

2.4: Authentication Authentication types Authentication schemes: RSA, Lamport s Hash Mutual Authentication Session Keys Trusted Intermediaries Chapter 2: Security Techniques Background Secret Key Cryptography Public Key Cryptography Hash Functions Authentication Chapter 3: Security on Network and Transport Layer Chapter 4: Security on the Application

More information

Smart Card- An Alternative to Password Authentication By Ahmad Ismadi Yazid B. Sukaimi

Smart Card- An Alternative to Password Authentication By Ahmad Ismadi Yazid B. Sukaimi Smart Card- An Alternative to Password Authentication By Ahmad Ismadi Yazid B. Sukaimi Purpose This paper is intended to describe the benefits of smart card implementation and it combination with Public

More information

Voucher Web Metering Using Identity Management Systems

Voucher Web Metering Using Identity Management Systems Voucher Web Metering Using Identity Management Systems Fahad Alarifi Abstract Web Metering is a method to find out content and services exposure to visitors. This paper proposes a visitor centric voucher

More information

A Secure & Efficient Data Integrity Model to establish trust in cloud computing using TPA

A Secure & Efficient Data Integrity Model to establish trust in cloud computing using TPA A Secure & Efficient Data Integrity Model to establish trust in cloud computing using TPA Mr.Mahesh S.Giri Department of Computer Science & Engineering Technocrats Institute of Technology Bhopal, India

More information

International Journal of Computer Engineering and Technology (IJCET), ISSN 0976-6367(Print), INTERNATIONAL JOURNAL OF COMPUTER ENGINEERING &

International Journal of Computer Engineering and Technology (IJCET), ISSN 0976-6367(Print), INTERNATIONAL JOURNAL OF COMPUTER ENGINEERING & INTERNATIONAL JOURNAL OF COMPUTER ENGINEERING & TECHNOLOGY (IJCET) ISSN 0976 6367(Print) ISSN 0976 6375(Online) Volume 4, Issue 6, November - December (2013), pp. 62-69 IAEME: www.iaeme.com/ijcet.asp Journal

More information

MULTI-DIMENSIONAL PASSWORD GENERATION TECHNIQUE FOR ACCESSING CLOUD SERVICES

MULTI-DIMENSIONAL PASSWORD GENERATION TECHNIQUE FOR ACCESSING CLOUD SERVICES MULTI-DIMENSIONAL PASSWORD GENERATION TECHNIQUE FOR ACCESSING CLOUD SERVICES Dinesha H A 1 and Dr.V.K Agrawal 2 1 Assistant Professor, Department of ISE & CORI, PES Institute of Technology, Bangalore,

More information

The Top 5 Federated Single Sign-On Scenarios

The Top 5 Federated Single Sign-On Scenarios The Top 5 Federated Single Sign-On Scenarios Table of Contents Executive Summary... 1 The Solution: Standards-Based Federation... 2 Service Provider Initiated SSO...3 Identity Provider Initiated SSO...3

More information

GENERAL OVERVIEW OF VARIOUS SSO SYSTEMS: ACTIVE DIRECTORY, GOOGLE & FACEBOOK

GENERAL OVERVIEW OF VARIOUS SSO SYSTEMS: ACTIVE DIRECTORY, GOOGLE & FACEBOOK Antti Pyykkö, Mikko Malinen, Oskari Miettinen GENERAL OVERVIEW OF VARIOUS SSO SYSTEMS: ACTIVE DIRECTORY, GOOGLE & FACEBOOK TJTSE54 Assignment 29.4.2008 Jyväskylä University Department of Computer Science

More information

Identity Federation Broker for Service Cloud

Identity Federation Broker for Service Cloud 2010 International Conference on Sciences Identity Federation Broker for Cloud He Yuan Huang 1, Bin Wang 1, Xiao Xi Liu 1, Jing Min Xu 1 1 IBM Research China {huanghey, wangbcrl, liuxx, xujingm}@cn.ibm.com

More information

Improving data integrity on cloud storage services

Improving data integrity on cloud storage services International Journal of Engineering Science Invention ISSN (Online): 2319 6734, ISSN (Print): 2319 6726 Volume 2 Issue 2 ǁ February. 2013 ǁ PP.49-55 Improving data integrity on cloud storage services

More information

Lecture Notes for Advanced Web Security 2015

Lecture Notes for Advanced Web Security 2015 Lecture Notes for Advanced Web Security 2015 Part 6 Web Based Single Sign-On and Access Control Martin Hell 1 Introduction Letting users use information from one website on another website can in many

More information

SAM Context-Based Authentication Using Juniper SA Integration Guide

SAM Context-Based Authentication Using Juniper SA Integration Guide SAM Context-Based Authentication Using Juniper SA Integration Guide Revision A Copyright 2012 SafeNet, Inc. All rights reserved. All attempts have been made to make the information in this document complete

More information

Using Foundstone CookieDigger to Analyze Web Session Management

Using Foundstone CookieDigger to Analyze Web Session Management Using Foundstone CookieDigger to Analyze Web Session Management Foundstone Professional Services May 2005 Web Session Management Managing web sessions has become a critical component of secure coding techniques.

More information

Monalisa P. Kini, Kavita V. Sonawane, Shamsuddin S. Khan

Monalisa P. Kini, Kavita V. Sonawane, Shamsuddin S. Khan International Journal of Scientific & Engineering Research, Volume 5, Issue 7, July-2014 1410 Secured Authentication Using Mobile Phone as Security Token Monalisa P. Kini, Kavita V. Sonawane, Shamsuddin

More information

Authentication Tokens

Authentication Tokens State Capitol P.O. Box 2062 Albany, NY 12220-0062 www.its.ny.gov New York State Information Technology Standard IT Standard: Authentication Tokens No: NYS-S14-006 Updated: 05/15/2015 Issued By: NYS ITS

More information

Cryptography. Debiao He. School of Mathematics and Statistics, Wuhan University, Wuhan, People s Republic of China. hedebiao@163.

Cryptography. Debiao He. School of Mathematics and Statistics, Wuhan University, Wuhan, People s Republic of China. hedebiao@163. Weakness in a Mutual Authentication cheme for ession Initiation Protocol using Elliptic Curve Cryptography Debiao He chool of Mathematics and tatistics, Wuhan University, Wuhan, People s Republic of China

More information

HP Software as a Service. Federated SSO Guide

HP Software as a Service. Federated SSO Guide HP Software as a Service Federated SSO Guide Document Release Date: July 2014 Legal Notices Warranty The only warranties for HP products and services are set forth in the express warranty statements accompanying

More information

Keywords Cloud Computing, CRC, RC4, RSA, Windows Microsoft Azure

Keywords Cloud Computing, CRC, RC4, RSA, Windows Microsoft Azure Volume 3, Issue 11, November 2013 ISSN: 2277 128X International Journal of Advanced Research in Computer Science and Software Engineering Research Paper Available online at: www.ijarcsse.com Cloud Computing

More information

Module 8. Network Security. Version 2 CSE IIT, Kharagpur

Module 8. Network Security. Version 2 CSE IIT, Kharagpur Module 8 Network Security Lesson 2 Secured Communication Specific Instructional Objectives On completion of this lesson, the student will be able to: State various services needed for secured communication

More information

Authenticated Key Agreement Based on NFC for Mobile Payment

Authenticated Key Agreement Based on NFC for Mobile Payment Authenticated Key Agreement Based on NFC for Mobile Payment Bomi Seo 1, Sung Woon Lee 2 *, Hyunsung Kim 1 1 The Department of Cyber Security, Kyungil University, Korea. 2 The Department of Information

More information

Security: Focus of Control. Authentication

Security: Focus of Control. Authentication Security: Focus of Control Three approaches for protection against security threats a) Protection against invalid operations b) Protection against unauthorized invocations c) Protection against unauthorized

More information

VICTORIA UNIVERSITY OF WELLINGTON Te Whare Wānanga o te Ūpoko o te Ika a Māui

VICTORIA UNIVERSITY OF WELLINGTON Te Whare Wānanga o te Ūpoko o te Ika a Māui VICTORIA UNIVERSITY OF WELLINGTON Te Whare Wānanga o te Ūpoko o te Ika a Māui School of Engineering and Computer Science Te Kura Mātai Pūkaha, Pūrorohiko PO Box 600 Wellington New Zealand Tel: +64 4 463

More information

How To Ensure Correctness Of Data In The Cloud

How To Ensure Correctness Of Data In The Cloud A MECHANICS FOR ASSURING DATA STORAGE SECURITY IN CLOUD COMPUTING 1, 2 Pratibha Gangwar, 3 Mamta Gadoria 1 M. Tech. Scholar, Jayoti Vidyapeeth Women s University, Jaipur, priya25mehta@gmail.com 2 M. Tech.

More information

Knowledge Based Authentication (KBA) Metrics

Knowledge Based Authentication (KBA) Metrics Knowledge Based Authentication (KBA) Metrics Santosh Chokhani, Ph.D. February, 2004 Background Model for KBA Issues and Considerations Practical Usage of KBA Metrics for KBA Applicability to U.S. Government

More information