A Strong Single Sign on User Authentication Scheme without Verifier Table for Cloud Based Services
|
|
- Thomasine Philippa Jackson
- 8 years ago
- Views:
Transcription
1 302 Int'l Conf. Security and Management SAM'15 A Strong Single Sign on User Authentication Scheme without Verifier Table for Cloud Based Services B. Sumitra 1, M. Mohammed 2, and R. Pethuru 3 1 Research Scholar, Computer Science, Christ University, Bangalore, Karnataka, India 2 Senior Technical Officer, C-DAC, Electronic City, Bangalore, Karnataka, India 3 Infrastructure Architect, IBM India Pvt. Ltd., Bangalore, Karnataka, India Abstract - Cloud computing is an emerging computing paradigm that offers computational facilities and storage as services dynamically on demand basis via the Internet. The ability to scale resources and the pay-as-you-go usage model has contributed to its growth. However, Cloud computing inevitably poses various security challenges and majority of prospective customers are worried about who has access to their data. Service providers need to ensure that only authorized users access the resources and for this they need to adopt strong user authentication mechanisms. The mechanism should provide users with the flexibility to access multiple services without repeated registration and authentication at each provider. Considering these requirements, this paper proposes a Single Sign on based two factor authentication protocol for Cloud based services. The proposed scheme uses Password and a crypto-token as authentication factors and does not require a verifier table. The formal verification of the protocol is done using Scyther.. Keywords: Cloud; Two-Factor Authentication; Single Sign-On; Cryptotoken; Scyther 1 Introduction Revolutionary advances in hardware, networking, middleware and virtual machines have led to the emergence of the utility based distributed computing model, viz. Cloud Computing that provides computation facilities and storage as services accessible via the Internet. Cloud computing offers individuals and companies affordable storage, professional maintenance and adjustable space without much investment in new infrastructure, training or software licensing. The elasticity and scalability of resources, combined with ``pay-as-you-go'' resource usage has heralded the rise of Cloud Computing. Infographic reports that 63% of financial services, 62% of manufacturing, 59% of health care and 51% of transportation industries are using Cloud computing services [1]. Rackspace reports that this pay-asyou-go service saves around 58% of cost [2]. By 2016 more than 50% of global 1000 companies are projected to store their sensitive data in Public Clouds [3]. Anticipating this switch over, many large technology companies such as Amazon and Google have built huge data centers to offer Cloud computing services with self-service interface so that Cloud users can use on-demand resources with location independence. Though the self-service interface provided by Cloud enables users to access the resources without human interaction with the service provider, the indirect control of the physical infrastructure introduces many vulnerabilities unknown in a non-cloud environment. The Cloud model for delivering computing and processing power has raised many security concerns such as data security, identity and access management, key management and Virtual machine security which could limit the use of Cloud computing. Furthermore, in [4,5] authors have pointed out that identity and access management issues in Cloud requires immediate attention of Cloud Service Provider s (CSP s) to accelerate the adoption of Cloud. A survey by Fujitsu Research Institute [6] reveals that 88% of prospective customers are worried about unauthorized access to their data in the Cloud. To provide secure access to sensitive data, CSP s need to ensure that only valid users are accessing the resources and services hosted in the Cloud and to make this possible they need to adopt strong user authentication mechanisms. Password authentication is the most commonly used authentication mechanism but irrespective of the strength of the passwords it is found to be susceptible to various attacks [7]. Furthermore, for traditional remote login mechanisms, a user needs to register with different SP s and remember various identities and passwords for ensuring higher security in a multi-server environment (MSE). This may cause user inconvenience, since users can remember only around seven passwords [8]. Therefore, in a MSE, single registration to a trusted registration center is a primary requirement and users can receive desired services from various service providers without repeating registration and by using a single login credential. Single Sign on (SSO) approach satisfies this requirement by allowing users to register once at the Identity provider and thereafter access multiple Track: Security Applications Cloud Computing security
2 Int'l Conf. Security and Management SAM' services hosted in different domains using the same password. Relying on a single password to access different accounts can result in account take over at many sites, in case the single password is compromised. Strong authentication mechanisms address this issue by authenticating users based on a combination of two or more factors. Taking into consideration the storage and computational capabilities of smart cards, a number of password based authentication scheme with smart cards have been proposed [9,10]. Most of the proposed schemes assume that the smart card is tamper resistant and recent research results have revealed that the secret information stored in the smart card could be extracted by some means such as monitoring the power consumption [11] and analyzing the leaked information [12]. Therefore such schemes based on the tamper resistance assumption of smart cards are prone to attacks such as impersonation attack, password guessing attack etc. once an adversary has obtained the secret information stored in a smart card. Biometric authentication mechanisms are also quite popular and biometric identifiers are difficult to forge. Biometrics is unique to the individual and non-transferable, but biometric authentication mechanisms have the drawback of being costly as they need additional hardware to read and process the stored data. Hence, there is an immediate requirement to design strong authentication mechanisms that maintains a good level of usability. This paper discusses a two-factor authentication mechanism for cloud based services. The proposed scheme uses cryptotoken and password as the authentication factors. The proposed protocol does not require a Password verifier table at the Server and provides SSO functionality using Security Assertion Mark-up Language (SAML) protocol [13]. The rest of the paper is organized as follows. Section 2 reviews the related work. Section 3 discusses the authentication architecture & protocol and section 4 analyzes the security of the proposed scheme. Section 5 includes the efficiency analysis of the proposed scheme, section 6 discusses the formal analysis of the protocol using Scyther tool and section 7 concludes the work done. 2 Related Work This section discusses a few user authentication schemes proposed for Cloud environment. Hao et al. [14] in 2011 proposed a time-bound ticket based mutual authentication scheme for Cloud computing. In their scheme the authors follow an authentication model similar to that of Kerberos where in a user, to access the services from an Application server should first authenticate himself to and get tickets from a ticket granting server. Authors claimed that their scheme provides mutual authentication and is secure against lost smart card attack, offline password guessing attack, lost ticket attack, masquerade attack and replay attack. In 2013, Jaidhar et al. [15] proved that the scheme [14] is susceptible to Denial of service (DoS) attack and the password change phase requires the involvement of the Server. Authors proposed an improved mutual authentication scheme which inherited the security measures of Hao et al. s scheme and was resistant to DoS attack. Choudhary et al. proposed an user authentication framework for Cloud environment [16] that provides two-step verification using password, Smart Card and out of band (OOB) authentication token. The scheme uses an OTP sent to the user via his ID as the out of band authentication factor. Authors claimed that their scheme provides identity management, mutual authentication, session key agreement etc. and is resistant to various attacks. Rui Jiang [17] in 2013 proved that their scheme is prone to masquerade user attack, the OOB attack, and has a flaw in the password change phase. They proposed a modified scheme that addresses the security issues of [16], but uses time stamps which can lead to time synchronization problems in a distributed Cloud environment especially when client and server are from two different time zones. Also the protocol requires the server to store a variant of the user password, which can result in a stolen verifier attack. Sanjeet et al. [18] proposed a user authentication scheme which uses symmetric keys to exchange communication between user and server in which case key distribution may be a challenge. The protocol uses a one-time token which is sent to the registered users id. In this scenario, the authentication process will require logging into two accounts which may cause user inconvenience. The above discussed authentication schemes [14-18] do not provide the SSO functionality which is preferable in a multiserver environment as it enhances user convenience. Also the scheme [14-17] uses Smart Cards that require an additional device to read/write which has an additional cost implication. 3 Proposed Scheme 3.1 Architecture of Proposed Scheme The proposed architecture includes three participants viz. an Identity Provider (), Cloud SP s and users. The users and SP s, need to register with the. A user who attempts to access the services of a SP without registering at, will be redirected by the SP to the s registration page. After registration, the user should be authenticated by before accessing the services provided by SP. and SP work in a trust based environment. A user who tries to login to the SP after the registration process will be redirected by the SP to. will authenticate the user and send the
3 304 Int'l Conf. Security and Management SAM'15 authentication response to SP. The process flows of the registration and authentication stages are depicted in Figure User Authentication User PC 2. Registration Confirmation Identity Provider AS ` 1. Registration Request 3. Authentication Request 6. Authentication Response SP 4. Redirects Authentication Request 1a. Redirects Registrati on Request U a to submit the Identity and Password of the user. U a chooses her identity ID a and Password P a and the phase proceeds as illustrated in figure 2, which can be explained as follows. UR1: U a Computes b = h(p a) b, k = g 0 and submits h(id a), k to through a secure channel. checks whether the submitted h(id a) already exists in its user table and if so prompts U a to submit a new ID, otherwise proceeds as follows: computes B i = h(h(id a) h(sid)) ; J i= h(sid h(y)) h(id a) h(sid h(y)) k) ; E i = B i h(sid h(y)) where y is a secret key of and h(.) is a one way hash function. UR2: personalizes the crypto-token with the parameters E i, J i, h(.) and sends the crypto-token to U a via a secure channel. On receiving the device, U a stores g 0 into the crypto-token which now contains { E i, J i, h(.), g 0}. Fig.1 Registration & Authentication Process SP IDP 3.2 Phases of Proposed Scheme The proposed scheme consists of Initialization, registration, Login & Authentication and Password change phase. The notations used are listed in Table I. TABLE 1. NOTATIONS U a,, SP User a, Identity Provider, Service provider ID a, P a Identity, Password of user U a. SID, y Server ID of, Secret key of G Additive cyclic group of prime order g 0 Generator of additive cyclic group r Random number generated by Audi Pass unique to each session h(. ),, hash function, XOR operation, Concatenation Operation Secure Communication Channel Initialization Phase During this phase, U a generates a finite additive cyclic group G of prime order n with g 0 as the generator. Registration request Redirect Registration request to U a Selects ID a, P a,g 0 and computes b= h( P a U a submits (h(id a ), k) ), k = g b 0 U a keys in g 0 into AP selects master secret y computes B i = h(h(id a ) h(sid)) ; J i = h(sid h(y)) h(id a ) h(sid h(y)) k) ; E i = B i h(sid h(y)) stores {C i, E i,j i, sends AP to U a h(.)} into AP Fig.2 Registration Phase Login and Authentication Phase Whenever a registered user wants to login to access the services of the Service Provider SP, she attaches the crypto- token to the system and proceeds as follows: UL1: U a requests for login to the SP. SP checks for an existing session with U a and if there is no valid session, SP redirects U a to with a SAML authentication request. UL2: U a keys in her ID a and P a. crypto-token computes, b = h(p a), b k* = g Registration Phase If user wants to register for the services of a SP, the user U a clicks the Create Account link at SPs web site. SP redirects U a to the registration page of the. prompts
4 Int'l Conf. Security and Management SAM' BROWSER SP U a tries to access a protected resource by clicking the URL SAML Request to for authenticating U a Generate SAML request for authentication Display Login form SAML Request to for authenticating U a Check for valid session. If not ask for login. Prompt U a to insert AP N AP inserted? Y Not a registered user N Enter ID, PW C i = C i* Y Redirect to Registration page of Terminate Session Generate r. Compute CID i, M 1, P ij, t, Z i (CID i, M 1, P ij, t, Z i ) Compute M 1 * N M 1 * = M 1 Terminate Session Login Rejected Login Accepted Authentication Failed U a Successfully authenticated Fig3. Login &Authentication Phase UL5: crypto- token computes h(sid h(y))* = J i h(id a) h(sid h(y))* k*) and compares with crypto- token. If invalid, AP terminates the session. Otherwise generates the login message as follows: UL6: crypto- token generates a random number r and computes nonce n 1= g r 0. crypto- token computes P ij = E i h(sid h(y)) n 1) ; B i = E i h(sid h(y)) ; CID i = C i B i n 1 SID) ; M 1 = Pij C i B i n 1) ; t = g 0 h(sid h(y)) ; Z i= (r - CID i) h(sid h(y)) and sends (CID i, M 1, P ij, t, Z i) to UL7: Upon receipt of the login message the performs the authentication process using her own SID and h(y) values UL8: computes, r = (Z i + CID i) h(sid h(y)) ; g 0= t h(sid h(y)) ; n 1*= r g 0, E i = P ij h(sid h(y)) n 1) ; B i* = E i h(sid h(y)) ; C i* = CID i B i* n 1* SID) ; UL9: computes M 1 *= Pij C i* B i* n 1*) and compares with the M 1 in the login message received from U a. If valid, considers the authentication as successful. creates a response message containing the result of the authentication process and redirects it to the SP. The SP permits or denies access to the services after verifying the response from the Password Change Phase U a attaches his crypto-token into the system and keys in his ID a and P a. crypto-token computes ID a, P a and compares with crypto-token. If invalid, crypto-token terminates the session. Otherwise prompts U a to enter the new password P anew. U a enters P anew. AP computes b new, k new; J inew, C inew and replaces C i and J i in the cryptotoken with C inew and J inew respectively. 4 Security Analysis of Proposed Protocol 4.1 Security against Guessing Attack The proposed protocol is secure against guessing attack as it is impossible within polynomial time, for an adversary to retrieve user s password P a or s secret key from the intercepted parameters (CID i, M 1, P ij, t, Z i). 4.2 Security against Malicious Insider Attack In the proposed scheme, user submits k = g 0 h(pa) to rather than the plain text form of the password. This guards the password from being revealed to and hence even if the user uses the same password to login to other servers, her credentials will not be susceptible to insider attack
5 306 Int'l Conf. Security and Management SAM' Security against Replay Attack The scheme is resistant to replay attack since nonce values used to in each authentication message is unique and varies for each session. Hence the will be able to identify a replayed login message (CID i, M 1, P ij, t, Z i) by checking the freshness of nonce, n 1 which is unique to a session. 4.4 Security against Stolen Verifier Attack The proposed scheme does not require a verifier/password table and hence is resistant to Stolen Verifier attack. 4.5 Security against User Impersonation If an adversary attempts to impersonate a valid user, he should be able to forge a valid login request on behalf of the user. In the proposed scheme if an adversary intercepts the login message (CID i, M 1, P ij, t, Z i) and attempts to generate a similar message, he will fail since the value of nonce n 1 as well as the server s secret key y is unknown to him. 4.6 Security against DoS Attack A DoS attack can be launched by an adversary by creating invalid login request messages and bombarding the server with the same. This attack can also be launched by an adversary who has got control over the server and is able to modify the user information stored in the server s database which in turn prevents the valid user from accessing the resources. The first scenario will not work in the case of the proposed scheme, since it is impossible for the adversary to create valid login request messages without knowing the password. The validity of the password is checked at the client side before creating a login request. The second scenario is also not applicable in the proposed scheme, since the server does not maintain a verifier/password table. 4.7 Security against crypto-token Lost Attack If the adversary steals the crypto-token containing the parameters ( E i, J i, h(.), g 0), he can neither retrieve the user s password nor the s master secret y from the stored value. To extract the password from k = g 0 h(pa), the adversary needs to solve the discrete logarithm problem. Again the password is used in the hashed form which is irreversible. 5 Efficiency Analysis of Protocol This section analyzes the efficiency of the proposed protocol scheme in terms of the computational and the communication cost. It is assumed that ID a, PW a, nonce values are 128 bits long and the output of hash function(sha-2 ) is 256 bits long. Let T h, T x and T E denote the time complexity for hashing and XOR and exponentiation operation respectively. In the protocol, the parameters stored in the crypto-token are E i, J i and g 0 and the memory (E1) needed in the cryptotoken is 896 (3* ) bits. Communication cost of authentication (E2) includes the capacity of transmitting message involved in the authentication. The capacity of transmitting message (CID i, M 1, P ij, t, Z i) is 1280 (3*256) bits. The computation cost of user registration (E3) is the total time of all operations executed in this phase by the user and and is equal to 7T h+ 2T x+ 1T E.The computation cost of the user (E4) and the (E5) is the total time of all operations executed by the crypto-token and during login and authentication. During authentication, the crypto-token performs 6 hash functions, 6 XOR and 2 exponentiation making E4 equal to 6T h+ 6T x+ 2T E. Similarly E5 is 3T h+ 5T x+ 1T E. 6 Formal Analysis Using Scyther 6.1 Scyther Tool Automatic tools are preferred in protocol analysis and among the various available tools, Scyther [19] is used for the verification of the proposed protocol. Scyther provides a graphical user interface which incorporates the Scyther command line and python scripting interface. The description of a protocol and the claims in Scyther are written in Security Protocol Description Language (SPDL). The proposed protocol can be written in SPDL as follows. //Login and Authentication Phase const exp: Function; hashfunction h; const XOR: Function; const h1:function; const diff: Function; protocol ssauth (I,R){ role I { const ID, x, y,r,g, SID,n1,p,t; send_1(i,r, (XOR(( h( h(id), h(sid,h(y)), h1(g,h(p)))),(h(( h(h(id),h(sid))),h1(g,r ), (SID), //CIDi (h((xor((xor((h(h(id),h(sid))),(h(sid,h(y)))) ),(h(h(sid,h(y)),h1(g,r) )))),(h( h(id), h(sid,h(y)), h1(g,h(p)))), (h(h(id),h(sid))), h1(g,r)), //Mi (XOR((XOR((h(h(ID),h(SID))),(h(SID,h(y)))) ),(h(h(sid,h(y)),h1(g,r) )))), //Pij (XOR((g),h(SID,h(y)))), //t (XOR((diff((r),(XOR((h( h(id), h(sid,h(y)), h1(g,h(p)))),(h(( h(h(id),h(sid))), h1(g,r ), (SID) )))))),h(sid,h(y))))) ))))); //Zi claim_i1(i,secret, (XOR((XOR((h(h(ID),h(SID))),(h(SID,h(y)))) ),(h(h(sid,h(y)),h1(g,r) ))))); //claim for pij claim_i2(i,secret,xor(( h( h(id), h(sid,h(y)), h1(g,h(p)))),(h(( h(h(id),h(sid))),h1(g,r ), (SID) )))); //claim for CID claim_i3(i,secret, XOR((diff((r),(XOR((h( h(id), h(sid,h(y)), h1(g,h(p)))),(h(( h(h(id),h(sid))), h1(g,r ), (SID) )))))),h(sid,h(y)))); //claim for Zi
6 Int'l Conf. Security and Management SAM' claim_i4(i,secret,h((xor((xor((h(h(id),h(sid))),(h(sid,h( y)))) ),(h(h(sid,h(y)),h1(g,r) )))),(h( h(id), h(y), h1(g,h(p)))), (h(h(id),h(sid))), h1(g,r))); //claim for Mi claim_i5(i,secret, XOR((g),h(SID,h(y)))); //claim for t claim_i6(i,secret, h1(g,r)); claim_i7(i,niagree); claim_i8(i,nisynch); } role R{ const ID,x,y,r,g,SID,n1,p,t; recv_6(i,r, (XOR(( h( h(id), h(sid,h(y)), h1(g,h(p)))), (h((h(h(id),h(sid))),h1(g,r), (SID), (h((xor((xor((h(h(id),h(sid))),(h(sid,h(y))))), (h(h(sid,h(y)),h1(g,r) )))),(h( h(id), h(sid,h(y)), h1(g,h(p)))), (h(h(id),h(sid))), h1(g,r)), (XOR((XOR((h(h(ID),h(SID))),(h(SID,h(y))))),(h(h(SID,h(y) ), h1(g,r) )))), (XOR((g),h(SID,h(y)))), (XOR((diff((r),(XOR((h( h(id), h(sid,h(y)), h1(g,h(p)))), (h(( h(h(id),h(sid))), h1(g,r ), (SID) )))))),h(sid,h(y))))) ))))); claim_r1(r,secret,(xor((xor((h(h(id),h(sid))),(h(sid,h(y )))) ),(h(h(sid,h(y)),h1(g,r) ))))); claim_r2(r,secret,xor(( h( h(id), h(y), h1(g,h(p)))),(h(( h(h(id),h(sid))),h1(g,r ), (SID) )))); claim_r3(r,secret, XOR((diff((r),(XOR((h( h(id), h(sid,h(y)), h1(g,h(p)))),(h(( h(h(id),h(sid))), h1(g,r ), (SID) )))))),h(sid,h(y)))); claim_r4(r,secret,h((xor((xor((h(h(id),h(sid))),(h(sid,h (y)))) ),(h(h(sid,h(y)),h1(g,r)) ))),(h( h(id), h(y), h1(g,h(p)))), (h(h(id),h(sid))), h1(g,r))); claim_r5(r,secret, XOR((g),h(SID,h(y)))); claim_r6(r,niagree); claim_r7(r,nisynch); } } 6.2 Scyther Analysis Results and Interpretation The protocol analysis model defined in Scyther is role based security model where in roles represent different behaviors. In order to analyze the protocol we assume the existence of an adversary in the communication network. The adversary s capabilities are as defined by Dolev-Yao Network threat model [20] and it is assumed that the network is completely or partially under the control of the adversary. The complete results of the analysis of the proposed protocol are shown in Fig. 4. The output of the verification process is described according to the following Scyther attributes. Fig.4 Protocol Verification Results generated by Scyther
7 308 Int'l Conf. Security and Management SAM'15 Secrecy: The first claim is that the protocol ensures the confidentiality of the user s credentials. After analyzing, it is obvious from the results that the user s credentials are not revealed to the adversary when communicated over an untrusted network. As shown in Fig 4. The authentication parameters {y, g, P ij, t, M i, CID i, Z i} retain the confidentiality during the course of 10 protocol runs. Non-Injective Agreement (NiAgree): Niagree claim made claims that sender and the receiver agree upon the values of variables exchanged and the analysis results justify the correctness of this claim. Synchronisation:Ni-Synch or Non-Injective Synchronisation property requires that the corresponding send and receive Events (1) are executed by the runs indicated by the cast function, (2) happened in the correct order, and (3) have the Same contents. The proposed protocol satisfies this claim as indicated by the result of Scyther analysis. 7 Conclusions The proposed authentication scheme provides the user with the flexibility to do single registration at the and Sign on once during a session to access multiple services. The proposed protocol uses a password and a crypto-token as the authentication factors. The scheme uses SAML to provide SSO functionality and the scheme do not require a verifier table at the server. The paper discusses the security analysis of the proposed scheme against common attacks and the automated attacks using theoretical and formal analysis respectively 8 References [1] G. Meijer, 5 Cloud Computing Statistics, Technical Report, Infographics, 2012 [2] B. Nicholson, A. Owrak, and L.Daly, Cloud Computing Research. Technical Report, Manchester Business School, Commissioned by RackSpace, 2013 [3] D.M. Smith, Y.V Natis, G.Petri, T.J Bittman, E.Knipp, P.Malinverno, and J.Feiman, Predicts 2012: Cloud Computing is becoming a Reality, Technical Report G , Gartner, 2011 [4] L.Ponemon, Security of Cloud Computing Users, Ponemon Institute, research report, May [5] F.Gens, New IDC IT Cloud Services Survey: Top Benefits and Challenges, IDC Exchange, 2009, [6] Fujitsu, Personal Data in the Cloud: A Global Survey of Consumer Attitudes, Technical Report, Fujitsu research Institute, 2010 [7] D. Florencio and C. Herley, A Large-Scale Study of Web Based Password Habits, In Proceedings of the 16 th International Conference on World Wide Web (New York, NY, USA, 2007), WWW 07, ACM. Pp [8] J.Yan, A. Blackwell, R. Anderson, A. Grant, Password Memorability and Security: Empirical Results, Security& Privacy, IEEE vol.2, 2004, pp [9] W.C Ku, S.M Chen, Weaknesses and Improvements of an Efficient Password Based Remote User Authentication Scheme Using Smart Cards, IEEE Transactions Consumer Electronics 50(1), , 2004 [10] Y.C Chen, L.Y Yeh, An Efficient Nonce-Based Authentication Scheme with Key Agreement, Applied Mathematics and Computation, 169(2), , 2005 [11] P. Kocher, J.Jaffe, B.Jun, Differential Power Analysis, In: M. Wiener (ed.) CRYPTO LNCS, vol. 1666, pp Springer, Heidelberg, 2010 [12] T.S Messerges, E.A dabbish, R.H Sloan, Examining Smart Card Security Under the Threat of Power Analysis Attacks, IEEE Transactions on Computers 51(5), , 2002 [13] OASIS, Security Assertion Mark Up Language, V2.0, Technical Overview, Online; accessed 29-APRIL-2015 [14] Z. Hao, S.Zhong, N.Yu, A time-bound Ticket Based Mutual Authentication Scheme for Cloud Computing, Inernational Journal of Computers, Communications & Control, vol. 6, 2011 [15] C.D Jaidhar, Enhance Mutual Authentication Scheme for Cloud Architecture, in Proc. 3 rd IEEE International Advanced Computing Conference (IACC), 2013 [16] J.C.Amlan, K.Pradeep, S.Mangal, E.L.Hyota, Hoon- Jue-Lee, A Strong User Authentication Framework for Cloud Computing, IEEE Asia-Pacific services Computing Conference, 2011 [17] Rui Jiang, Advanced Secure User Authentication framework for Cloud Computing, International Journal of Smart Sensing and Intelligent Systems, Vol. 6, No.4, September 2013 [18] Sanjeet Kumar Nayak, Subasish Mohapatra, Bansidhar Majhi, An improved Mutual Authentication Framework for Cloud Computing, IJCA, vol.52-no.5, Aug.2012 [19] C.Cremers, Scyther Semantics and Verification of Security Protocols, PhD dissertation: Eindhoven University of Technology, 2006 [20] D.Dolev and A.C Yao, On the Security of Public-key Protocols, IEEE Transactions on Information Theory, 2(29): pp , 1983
CRYPTANALYSIS OF A MORE EFFICIENT AND SECURE DYNAMIC ID-BASED REMOTE USER AUTHENTICATION SCHEME
CRYPTANALYSIS OF A MORE EFFICIENT AND SECURE DYNAMIC ID-BASED REMOTE USER AUTHENTICATION SCHEME Mohammed Aijaz Ahmed 1, D. Rajya Lakshmi 2 and Sayed Abdul Sattar 3 1 Department of Computer Science and
More informationSecurity Enhanced Anonymous Multi-Server Authenticated Key Agreement Scheme using Smart Card and Biometrics
Security Enhanced Anonymous Multi-Server Authenticated Key Agreement Scheme using Smart Card and Biometrics Younsung Choi College of Information and Communication Engineering, Sungkyunkwan University,
More informationA Unique-ID based Usable Multi-Factor Authentication Scheme for e-services
Int'l Conf. Security and Management SAM'15 295 A Unique-ID based Usable Multi-Factor Authentication Scheme for e-services Mohammed Misbahuddin, Roshni VS, Anna Thomas, Uttam Kumar Centre for Development
More informationClient Server Registration Protocol
Client Server Registration Protocol The Client-Server protocol involves these following steps: 1. Login 2. Discovery phase User (Alice or Bob) has K s Server (S) has hash[pw A ].The passwords hashes are
More informationA More Robust Authentication Scheme for Roaming Service in Global Mobility Networks Using ECC
International Journal of Network Security, Vol.18, No.2, PP.217-223, Mar. 2016 217 A More Robust Authentication Scheme for Roaming Service in Global Mobility Networks Using ECC Dianli Guo and Fengtong
More informationEvaluation of different Open Source Identity management Systems
Evaluation of different Open Source Identity management Systems Ghasan Bhatti, Syed Yasir Imtiaz Linkoping s universitetet, Sweden [ghabh683, syeim642]@student.liu.se 1. Abstract Identity management systems
More informationEfficient nonce-based authentication scheme for Session Initiation Protocol
Efficient nonce-based authentication scheme for Session Initiation Protocol Jia Lun Tsai National Chiao Tung University, Taiwan, R.O.C. crousekimo@yahoo.com.tw Abstract: In recent years, Session Initiation
More informationA Stubborn Security Model Based on Three-factor Authentication and Modified Public Key
International Journal of Network Security, Vol.18, No.6, PP.1060-1070, Nov. 2016 1060 A Stubborn Security Model Based on Three-factor Authentication and Modified Public Key Trung Thanh Ngo and Tae-Young
More informationAuthentication and Authorization Applications in 4G Networks
Authentication and Authorization Applications in 4G Networks Abstract Libor Dostálek dostalek@prf.jcu.cz Faculty of Science University of South Bohemia Ceske Budejovice, Czech Republic The principle of
More informationA Secure Authenticate Framework for Cloud Computing Environment
A Secure Authenticate Framework for Cloud Computing Environment Nitin Nagar 1, Pradeep k. Jatav 2 Abstract Cloud computing has an important aspect for the companies to build and deploy their infrastructure
More informationWHITE PAPER Usher Mobile Identity Platform
WHITE PAPER Usher Mobile Identity Platform Security Architecture For more information, visit Usher.com info@usher.com Toll Free (US ONLY): 1 888.656.4464 Direct Dial: 703.848.8710 Table of contents Introduction
More informationEfficient Nonce-based Authentication Scheme for. session initiation protocol
International Journal of Network Security, Vol.9, No.1, PP.12 16, July 2009 12 Efficient Nonce-based Authentication for Session Initiation Protocol Jia Lun Tsai Degree Program for E-learning, Department
More informationOn the Security Vulnerabilities of a Hash Based Strong Password Authentication Scheme
On the Security Vulnerabilities of a Hash Based Strong Password Authentication Scheme Manoj Kumar Department of Mathematics R. K. College Shamli-Muzaffarnagar,.P.-India - 247776 E-mail: yamu balyan@yahoo.co.in
More informationAn Anti-Phishing mechanism for Single Sign-On based on QR-Code
An Anti-Phishing mechanism for Single Sign-On based on QR-Code Syamantak Mukhopadhyay School of Electronics and Computer Science University of Southampton Southampton, UK sm19g10@ecs.soton.ac.uk David
More informationApplication of Automatic Variable Password Technique in Das s Remote System Authentication Scheme Using Smart Card
Application of Automatic Variable Password Technique in Das s Remote System Authentication Scheme Using Smart Card C. Koner, Member, IACSIT, C. T. Bhunia, Sr. Member, IEEE and U. Maulik, Sr. Member, IEEE
More informationCapture Resilient ElGamal Signature Protocols
Capture Resilient ElGamal Signature Protocols Hüseyin Acan 1, Kamer Kaya 2,, and Ali Aydın Selçuk 2 1 Bilkent University, Department of Mathematics acan@fen.bilkent.edu.tr 2 Bilkent University, Department
More informationAn Improved Authentication Protocol for Session Initiation Protocol Using Smart Card and Elliptic Curve Cryptography
ROMANIAN JOURNAL OF INFORMATION SCIENCE AND TECHNOLOGY Volume 16, Number 4, 2013, 324 335 An Improved Authentication Protocol for Session Initiation Protocol Using Smart Card and Elliptic Curve Cryptography
More informationDynamic Query Updation for User Authentication in cloud Environment
Dynamic Query Updation for User Authentication in cloud Environment Gaurav Shrivastava 1, Dr. S. Prabakaran 2 1 Research Scholar, Department of Computer Science, SRM University, Kattankulathur, Tamilnadu,
More informationPublic Auditing & Automatic Protocol Blocking with 3-D Password Authentication for Secure Cloud Storage
Public Auditing & Automatic Protocol Blocking with 3-D Password Authentication for Secure Cloud Storage P. Selvigrija, Assistant Professor, Department of Computer Science & Engineering, Christ College
More information2-FACTOR AUTHENTICATION FOR MOBILE APPLICATIONS: INTRODUCING DoubleSec
2-FACTOR AUTHENTICATION FOR MOBILE APPLICATIONS: INTRODUCING DoubleSec TECHNOLOGY WHITEPAPER DSWISS LTD INIT INSTITUTE OF APPLIED INFORMATION TECHNOLOGY JUNE 2010 V1.0 1 Motivation With the increasing
More informationSINGLE SIGN-ON MECHANISM FOR DISTRIBUTED COMPUTING SECURITY ENVIRONMENT
SINGLE SIGN-ON MECHANISM FOR DISTRIBUTED COMPUTING SECURITY ENVIRONMENT K.karthika 1, M. Daya kanimozhi Rani 2 1 K.karthika, Assistant professor, Department of IT, Adhiyamaan College of Engineering, Hosur
More informationThe Feasibility and Application of using a Zero-knowledge Protocol Authentication Systems
The Feasibility and Application of using a Zero-knowledge Protocol Authentication Systems Becky Cutler Rebecca.cutler@tufts.edu Mentor: Professor Chris Gregg Abstract Modern day authentication systems
More informationIDENTITY MANAGEMENT. February 2008. The Government of the Hong Kong Special Administrative Region
IDENTITY MANAGEMENT February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part without
More informationAuthentication Protocols Using Hoover-Kausik s Software Token *
JOURNAL OF INFORMATION SCIENCE AND ENGINEERING 22, 691-699 (2006) Short Paper Authentication Protocols Using Hoover-Kausik s Software Token * WEI-CHI KU AND HUI-LUNG LEE + Department of Computer Science
More informationTwo Factor Zero Knowledge Proof Authentication System
Two Factor Zero Knowledge Proof Authentication System Quan Nguyen Mikhail Rudoy Arjun Srinivasan 6.857 Spring 2014 Project Abstract It is often necessary to log onto a website or other system from an untrusted
More informationCS 356 Lecture 28 Internet Authentication. Spring 2013
CS 356 Lecture 28 Internet Authentication Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists
More informationOpenHRE Security Architecture. (DRAFT v0.5)
OpenHRE Security Architecture (DRAFT v0.5) Table of Contents Introduction -----------------------------------------------------------------------------------------------------------------------2 Assumptions----------------------------------------------------------------------------------------------------------------------2
More informationQR-SSO : Towards a QR-Code based Single Sign-On system
QR-SSO : Towards a QR-Code based Single Sign-On system Syamantak Mukhopadhyay School of Electronics and Computer Science University of Southampton Southampton, UK sm19g10@ecs.soton.ac.uk David Argles School
More informationChapter 16: Authentication in Distributed System
Chapter 16: Authentication in Distributed System Ajay Kshemkalyani and Mukesh Singhal Distributed Computing: Principles, Algorithms, and Systems Cambridge University Press A. Kshemkalyani and M. Singhal
More informationLeveraging SAML for Federated Single Sign-on:
Leveraging SAML for Federated Single Sign-on: Seamless Integration with Web-based Applications whether cloudbased, private, on-premise, or behind a firewall Single Sign-on Layer v.3.2-006 PistolStar, Inc.
More informationFlexible Identity Federation
Flexible Identity Federation Quick start guide version 1.0.1 Publication history Date Description Revision 2015.09.23 initial release 1.0.0 2015.12.11 minor updates 1.0.1 Copyright Orange Business Services
More informationEconomic and Social Council
UNITED NATIONS E Economic and Social Council Distr. GENERAL ECE/TRANS/WP.30/AC.2/2008/2 21 November 2007 Original: ENGLISH ECONOMIC COMMISSION FOR EUROPE Administrative Committee for the TIR Convention,
More informationContents. Identity Assurance (Scott Rea Dartmouth College) IdM Workshop, Brisbane Australia, August 19, 2008
Identity Assurance (Scott Rea Dartmouth College) IdM Workshop, Brisbane Australia, August 19, 2008 Contents Authentication and Identity Assurance The Identity Assurance continuum Plain Password Authentication
More informationDevice-based Secure Data Management Scheme in a Smart Home
Int'l Conf. Security and Management SAM'15 231 Device-based Secure Data Management Scheme in a Smart Home Ho-Seok Ryu 1, and Jin Kwak 2 1 ISAA Lab., Department of Computer Engineering, Ajou University,
More informationSingle Sign-On Secure Authentication Password Mechanism
Single Sign-On Secure Authentication Password Mechanism Deepali M. Devkate, N.D.Kale ME Student, Department of CE, PVPIT, Bavdhan, SavitribaiPhule University Pune, Maharashtra,India. Assistant Professor,
More informationKerberos: An Authentication Service for Computer Networks by Clifford Neuman and Theodore Ts o. Presented by: Smitha Sundareswaran Chi Tsong Su
Kerberos: An Authentication Service for Computer Networks by Clifford Neuman and Theodore Ts o Presented by: Smitha Sundareswaran Chi Tsong Su Introduction Kerberos: An authentication protocol based on
More informationProviding Data Protection as a Service in Cloud Computing
International Journal of Scientific and Research Publications, Volume 3, Issue 6, June 2013 1 Providing Data Protection as a Service in Cloud Computing Sunumol Cherian *, Kavitha Murukezhan ** * Department
More informationA Vulnerability in the Song Authentication Protocol for Low-Cost RFID Tags
A Vulnerability in the Song Authentication Protocol for Low-Cost RFID Tags Sarah Abughazalah, Konstantinos Markantonakis, and Keith Mayes Smart Card Centre-Information Security Group (SCC-ISG) Royal Holloway,
More informationSecurity Model for VM in Cloud
Security Model for VM in Cloud 1 Venkataramana.Kanaparti, 2 Naveen Kumar R, 3 Rajani.S, 4 Padmavathamma M, 5 Anitha.C 1,2,3,5 Research Scholars, 4Research Supervisor 1,2,3,4,5 Dept. of Computer Science,
More informationSecurity Analysis of PLAID
Security Analysis of PLAID Dai Watanabe 1 Yokoyama Laboratory, Hitachi, Ltd., 292 Yoshida-cho, Totsuka-ku, Yokohama, 244-0817, Japan dai.watanabe.td@hitachi.com Abstract. PLAID is a mutual authentication
More informationOpenID and identity management in consumer services on the Internet
OpenID and identity management in consumer services on the Internet Kari Helenius Helsinki University of Technology kheleniu@cc.hut.fi Abstract With new services emerging on the Internet daily, users need
More informationInternational Journal of Software and Web Sciences (IJSWS) www.iasir.net
International Association of Scientific Innovation and Research (IASIR) (An Association Unifying the Sciences, Engineering, and Applied Research) ISSN (Print): 2279-0063 ISSN (Online): 2279-0071 International
More informationNew Single Sign-on Options for IBM Lotus Notes & Domino. 2012 IBM Corporation
New Single Sign-on Options for IBM Lotus Notes & Domino 2012 IBM Corporation IBM s statements regarding its plans, directions, and intent are subject to change or withdrawal without notice at IBM s sole
More informationSECURITY ANALYSIS OF PASSWORD BASED MUTUAL AUTHENTICATION METHOD FOR REMOTE USER
SECURITY ANALYSIS OF PASSWORD BASED MUTUAL AUTHENTICATION METHOD FOR REMOTE USER Mrs. P.Venkateswari Assistant Professor / CSE Erode Sengunthar Engineering College, Thudupathi ABSTRACT Nowadays Communication
More informationCryptoNET: Security Management Protocols
CryptoNET: Security Management Protocols ABDUL GHAFOOR ABBASI, SEAD MUFTIC CoS, School of Information and Communication Technology Royal Institute of Technology Borgarfjordsgatan 15, SE-164 40, Kista,
More informationRfid Authentication Protocol for security and privacy Maintenance in Cloud Based Employee Management System
Rfid Authentication Protocol for security and privacy Maintenance in Cloud Based Employee Management System ArchanaThange Post Graduate Student, DKGOI s COE, Swami Chincholi, Maharashtra, India archanathange7575@gmail.com,
More informationArchitecture of Enterprise Applications III Single Sign-On
Architecture of Enterprise Applications III Single Sign-On Haopeng Chen REliable, INtelligent and Scalable Systems Group (REINS) Shanghai Jiao Tong University Shanghai, China e-mail: chen-hp@sjtu.edu.cn
More informationTenrox. Single Sign-On (SSO) Setup Guide. January, 2012. 2012 Tenrox. All rights reserved.
Tenrox Single Sign-On (SSO) Setup Guide January, 2012 2012 Tenrox. All rights reserved. About this Guide This guide provides a high-level technical overview of the Tenrox Single Sign-On (SSO) architecture,
More informationOn the Security Enhancement of Integrated Electronic Patient Records Information Systems
Computer Science and Information Systems 12(2):857 872 DOI: 10.2298/CSIS141029030K On the Security Enhancement of Integrated Electronic Patient Records Information Systems Muhammad Khurram Khan 1, Ankita
More informationComputer Systems Security 2013/2014. Single Sign-On. Bruno Maia ei09095@fe.up.pt. Pedro Borges ei09063@fe.up.pt
Computer Systems Security 2013/2014 Single Sign-On Bruno Maia ei09095@fe.up.pt Pedro Borges ei09063@fe.up.pt December 13, 2013 Contents 1 Introduction 2 2 Explanation of SSO systems 2 2.1 OpenID.................................
More informationM-Pass: Web Authentication Protocol Resistant to Malware and Phishing
M-Pass: Web Authentication Protocol Resistant to Malware and Phishing Ajinkya S. Yadav M.E.student, Department of Computer Engineering. Pune University, Pune A. K.Gupta Professor, Department of Computer
More informationSession Initiation Protocol Attacks and Challenges
2012 IACSIT Hong Kong Conferences IPCSIT vol. 29 (2012) (2012) IACSIT Press, Singapore Session Initiation Protocol Attacks and Challenges Hassan Keshavarz +, Mohammad Reza Jabbarpour Sattari and Rafidah
More informationInformation Security Basic Concepts
Information Security Basic Concepts 1 What is security in general Security is about protecting assets from damage or harm Focuses on all types of assets Example: your body, possessions, the environment,
More informationA Generic Framework to Enhance Two- Factor Authentication in Cryptographic Smart-card Applications
A Generic Framework to Enhance Two- Factor Authentication in Cryptographic Smart-card Applications G.Prakash #1, M.Kannan *2 # Research Scholar, Information and Communication Engineering, Anna University
More informationHow To Use Kerberos
KERBEROS 1 Kerberos Authentication Service Developed at MIT under Project Athena in mid 1980s Versions 1-3 were for internal use; versions 4 and 5 are being used externally Version 4 has a larger installed
More informationAttestation and Authentication Protocols Using the TPM
Attestation and Authentication Protocols Using the TPM Ariel Segall June 21, 2011 Approved for Public Release: 11-2876. Distribution Unlimited. c 2011. All Rights Reserved. (1/28) Motivation Almost all
More informationSecure Password Management With Smart Cards
Secure Password Management With Smart Cards Nuno Pinheiro Instituto Superior Técnico nunopinheiro@ist.utl.pt Abstract. Currently, most user authentication services are based on passwords. To avoid memorization
More informationSingle Password, Multiple Accounts
Single Password, Multiple Accounts Mohamed G. Gouda Alex X. Liu 1 Lok M. Leung 2 Mohamed A. Alam 2 Department of Computer Sciences, The University of Texas at Austin, Austin, Texas 78712-0233, U.S.A. {gouda,
More informationMonitoring Data Integrity while using TPA in Cloud Environment
Monitoring Data Integrity while using TPA in Cloud Environment Jaspreet Kaur, Jasmeet Singh Abstract Cloud Computing is the arising technology that delivers software, platform and infrastructure as a service
More informationThe increasing popularity of mobile devices is rapidly changing how and where we
Mobile Security BACKGROUND The increasing popularity of mobile devices is rapidly changing how and where we consume business related content. Mobile workforce expectations are forcing organizations to
More informationmanaging SSO with shared credentials
managing SSO with shared credentials Introduction to Single Sign On (SSO) All organizations, small and big alike, today have a bunch of applications that must be accessed by different employees throughout
More informationAuthentication Types. Password-based Authentication. Off-Line Password Guessing
Authentication Types Chapter 2: Security Techniques Background Secret Key Cryptography Public Key Cryptography Hash Functions Authentication Chapter 3: Security on Network and Transport Layer Chapter 4:
More informationCopyright: WhosOnLocation Limited
How SSO Works in WhosOnLocation About Single Sign-on By default, your administrators and users are authenticated and logged in using WhosOnLocation s user authentication. You can however bypass this and
More informationAuthentication Application
Authentication Application KERBEROS In an open distributed environment servers to be able to restrict access to authorized users to be able to authenticate requests for service a workstation cannot be
More informationAPI-Security Gateway Dirk Krafzig
API-Security Gateway Dirk Krafzig Intro Digital transformation accelerates application integration needs Dramatically increasing number of integration points Speed Security Industrial robustness Increasing
More informationPreventing Abuse of Cookies Stolen by XSS
Preventing Abuse of Cookies Stolen by XSS Hiroya Takahashi Kenji Yasunaga Masahiro Mambo Kwangjo Kim KAIST Korea Heung Youl Youm Soonchunhyang University Korea Abstract Cross Site Scripting (XSS) makes
More informationEnhancing Web Application Security
Enhancing Web Application Security Using Another Authentication Factor Karen Lu and Asad Ali Gemalto, Inc. Technology & Innovations Austin, TX, USA Overview Introduction Current Statet Smart Cards Two-Factor
More informationSecure Authentication of Distributed Networks by Single Sign-On Mechanism
Secure Authentication of Distributed Networks by Single Sign-On Mechanism Swati Sinha 1, Prof. Sheerin Zadoo 2 P.G.Student, Department of Computer Application, TOCE, Bangalore, Karnataka, India 1 Asst.Professor,
More informationKerberos. Guilin Wang. School of Computer Science, University of Birmingham G.Wang@cs.bham.ac.uk
Kerberos Guilin Wang School of Computer Science, University of Birmingham G.Wang@cs.bham.ac.uk 1 Entity Authentication and Key Exchange In the last talk, we discussed key exchange and reviewed some concrete
More informationChapter 1: Introduction
Chapter 1 Introduction 1 Chapter 1: Introduction 1.1 Inspiration Cloud Computing Inspired by the cloud computing characteristics like pay per use, rapid elasticity, scalable, on demand self service, secure
More informationSecure File Transfer Using USB
International Journal of Scientific and Research Publications, Volume 2, Issue 4, April 2012 1 Secure File Transfer Using USB Prof. R. M. Goudar, Tushar Jagdale, Ketan Kakade, Amol Kargal, Darshan Marode
More informationDashlane Security Whitepaper
Dashlane Security Whitepaper November 2014 Protection of User Data in Dashlane Protection of User Data in Dashlane relies on 3 separate secrets: The User Master Password Never stored locally nor remotely.
More informationSECURITY ANALYSIS OF A SINGLE SIGN-ON MECHANISM FOR DISTRIBUTED COMPUTER NETWORKS
SECURITY ANALYSIS OF A SINGLE SIGN-ON MECHANISM FOR DISTRIBUTED COMPUTER NETWORKS Abstract: The Single sign-on (SSO) is a new authentication mechanism that enables a legal user with a single credential
More informationSecure Authentication and Session. State Management for Web Services
Lehman 0 Secure Authentication and Session State Management for Web Services Clay Lehman CSC 499: Honors Thesis Supervised by: Dr. R. Michael Young Lehman 1 1. Introduction Web services are a relatively
More informationInternet Banking Two-Factor Authentication using Smartphones
Internet Banking Two-Factor Authentication using Smartphones Costin Andrei SOARE IT&C Security Master Department of Economic Informatics and Cybernetics Bucharest University of Economic Studies, Romania
More information2.4: Authentication Authentication types Authentication schemes: RSA, Lamport s Hash Mutual Authentication Session Keys Trusted Intermediaries
Chapter 2: Security Techniques Background Secret Key Cryptography Public Key Cryptography Hash Functions Authentication Chapter 3: Security on Network and Transport Layer Chapter 4: Security on the Application
More informationSmart Card- An Alternative to Password Authentication By Ahmad Ismadi Yazid B. Sukaimi
Smart Card- An Alternative to Password Authentication By Ahmad Ismadi Yazid B. Sukaimi Purpose This paper is intended to describe the benefits of smart card implementation and it combination with Public
More informationVoucher Web Metering Using Identity Management Systems
Voucher Web Metering Using Identity Management Systems Fahad Alarifi Abstract Web Metering is a method to find out content and services exposure to visitors. This paper proposes a visitor centric voucher
More informationA Secure & Efficient Data Integrity Model to establish trust in cloud computing using TPA
A Secure & Efficient Data Integrity Model to establish trust in cloud computing using TPA Mr.Mahesh S.Giri Department of Computer Science & Engineering Technocrats Institute of Technology Bhopal, India
More informationInternational Journal of Computer Engineering and Technology (IJCET), ISSN 0976-6367(Print), INTERNATIONAL JOURNAL OF COMPUTER ENGINEERING &
INTERNATIONAL JOURNAL OF COMPUTER ENGINEERING & TECHNOLOGY (IJCET) ISSN 0976 6367(Print) ISSN 0976 6375(Online) Volume 4, Issue 6, November - December (2013), pp. 62-69 IAEME: www.iaeme.com/ijcet.asp Journal
More informationMULTI-DIMENSIONAL PASSWORD GENERATION TECHNIQUE FOR ACCESSING CLOUD SERVICES
MULTI-DIMENSIONAL PASSWORD GENERATION TECHNIQUE FOR ACCESSING CLOUD SERVICES Dinesha H A 1 and Dr.V.K Agrawal 2 1 Assistant Professor, Department of ISE & CORI, PES Institute of Technology, Bangalore,
More informationThe Top 5 Federated Single Sign-On Scenarios
The Top 5 Federated Single Sign-On Scenarios Table of Contents Executive Summary... 1 The Solution: Standards-Based Federation... 2 Service Provider Initiated SSO...3 Identity Provider Initiated SSO...3
More informationGENERAL OVERVIEW OF VARIOUS SSO SYSTEMS: ACTIVE DIRECTORY, GOOGLE & FACEBOOK
Antti Pyykkö, Mikko Malinen, Oskari Miettinen GENERAL OVERVIEW OF VARIOUS SSO SYSTEMS: ACTIVE DIRECTORY, GOOGLE & FACEBOOK TJTSE54 Assignment 29.4.2008 Jyväskylä University Department of Computer Science
More informationIdentity Federation Broker for Service Cloud
2010 International Conference on Sciences Identity Federation Broker for Cloud He Yuan Huang 1, Bin Wang 1, Xiao Xi Liu 1, Jing Min Xu 1 1 IBM Research China {huanghey, wangbcrl, liuxx, xujingm}@cn.ibm.com
More informationImproving data integrity on cloud storage services
International Journal of Engineering Science Invention ISSN (Online): 2319 6734, ISSN (Print): 2319 6726 Volume 2 Issue 2 ǁ February. 2013 ǁ PP.49-55 Improving data integrity on cloud storage services
More informationLecture Notes for Advanced Web Security 2015
Lecture Notes for Advanced Web Security 2015 Part 6 Web Based Single Sign-On and Access Control Martin Hell 1 Introduction Letting users use information from one website on another website can in many
More informationSAM Context-Based Authentication Using Juniper SA Integration Guide
SAM Context-Based Authentication Using Juniper SA Integration Guide Revision A Copyright 2012 SafeNet, Inc. All rights reserved. All attempts have been made to make the information in this document complete
More informationUsing Foundstone CookieDigger to Analyze Web Session Management
Using Foundstone CookieDigger to Analyze Web Session Management Foundstone Professional Services May 2005 Web Session Management Managing web sessions has become a critical component of secure coding techniques.
More informationMonalisa P. Kini, Kavita V. Sonawane, Shamsuddin S. Khan
International Journal of Scientific & Engineering Research, Volume 5, Issue 7, July-2014 1410 Secured Authentication Using Mobile Phone as Security Token Monalisa P. Kini, Kavita V. Sonawane, Shamsuddin
More informationAuthentication Tokens
State Capitol P.O. Box 2062 Albany, NY 12220-0062 www.its.ny.gov New York State Information Technology Standard IT Standard: Authentication Tokens No: NYS-S14-006 Updated: 05/15/2015 Issued By: NYS ITS
More informationCryptography. Debiao He. School of Mathematics and Statistics, Wuhan University, Wuhan, People s Republic of China. hedebiao@163.
Weakness in a Mutual Authentication cheme for ession Initiation Protocol using Elliptic Curve Cryptography Debiao He chool of Mathematics and tatistics, Wuhan University, Wuhan, People s Republic of China
More informationHP Software as a Service. Federated SSO Guide
HP Software as a Service Federated SSO Guide Document Release Date: July 2014 Legal Notices Warranty The only warranties for HP products and services are set forth in the express warranty statements accompanying
More informationKeywords Cloud Computing, CRC, RC4, RSA, Windows Microsoft Azure
Volume 3, Issue 11, November 2013 ISSN: 2277 128X International Journal of Advanced Research in Computer Science and Software Engineering Research Paper Available online at: www.ijarcsse.com Cloud Computing
More informationModule 8. Network Security. Version 2 CSE IIT, Kharagpur
Module 8 Network Security Lesson 2 Secured Communication Specific Instructional Objectives On completion of this lesson, the student will be able to: State various services needed for secured communication
More informationAuthenticated Key Agreement Based on NFC for Mobile Payment
Authenticated Key Agreement Based on NFC for Mobile Payment Bomi Seo 1, Sung Woon Lee 2 *, Hyunsung Kim 1 1 The Department of Cyber Security, Kyungil University, Korea. 2 The Department of Information
More informationSecurity: Focus of Control. Authentication
Security: Focus of Control Three approaches for protection against security threats a) Protection against invalid operations b) Protection against unauthorized invocations c) Protection against unauthorized
More informationVICTORIA UNIVERSITY OF WELLINGTON Te Whare Wānanga o te Ūpoko o te Ika a Māui
VICTORIA UNIVERSITY OF WELLINGTON Te Whare Wānanga o te Ūpoko o te Ika a Māui School of Engineering and Computer Science Te Kura Mātai Pūkaha, Pūrorohiko PO Box 600 Wellington New Zealand Tel: +64 4 463
More informationHow To Ensure Correctness Of Data In The Cloud
A MECHANICS FOR ASSURING DATA STORAGE SECURITY IN CLOUD COMPUTING 1, 2 Pratibha Gangwar, 3 Mamta Gadoria 1 M. Tech. Scholar, Jayoti Vidyapeeth Women s University, Jaipur, priya25mehta@gmail.com 2 M. Tech.
More informationKnowledge Based Authentication (KBA) Metrics
Knowledge Based Authentication (KBA) Metrics Santosh Chokhani, Ph.D. February, 2004 Background Model for KBA Issues and Considerations Practical Usage of KBA Metrics for KBA Applicability to U.S. Government
More information