Introduction to Computer Security
|
|
- Shauna Tucker
- 8 years ago
- Views:
Transcription
1 Introduction to Computer Security Authentication and Access Control Pavel Laskov Wilhelm Schickard Institute for Computer Science
2 Resource access: a big picture 1. Identification Which object O requests access to resource R? 2. Authentication Is O indeed what it claims to be? 3. Authorization Is O authorized to access R? 4. Accountability Log the transaction access(o, R)
3 Simple identification/authentication Ask for an identity (e.g. user name) Check if an identity is known Ask for a shared secret (e.g. a password) Check if the secret matches the identity Password is stored in an encrypted form using a one-way hash function: root:!:14118:0: laskov:$1$/et/grjh$xssvnwpda35twsst7yjvb/:14118:0:
4 Password encryption on UNIX DES prepend password with 2-bit salt take 7 lowest bits from first 8 characters encrypt a fixed 64-bit string with DES using 56 bits as a key convert the resulting 64 bits into 11 ASCII characters using 6 bits for character (2 bits padded with zeros) MD5 originally written for FreeBSD to avoid export restrictions no limit on password size is indicated by the starting $1$ in the shadow file
5 Identity management A digital identity is a set of properties assigned to a given object (e.g. access rights) Identity management: Creation and deletion of identities Management of properties assigned to identities Secure storage of identities Secure handling of queries regarding identities and their properties.
6 Lightweight directory access protocol (LDAP) A directory is a specialized database optimized for searching and browsing. LDAP entries are collections of attributes identified by a unique distinguished name (dn). Entries are characterized by types that determine their format and syntax (e.g. ou = Organisational Unit ). Entries are stored in a hierarchy. A relative distinguished name defines a search path to an entry.
7 LDAP directory example
8 Authentication modes User authentication Entity authentication Object human being non-human being Applications login remote access remote access communication security program security key distribution Speed low high Secret only no yes
9 User authentication Something you know: passwords, passphrases, shared secrets (e.g. mother s maiden name), puzzles Something you have: smart cards, security tokens Something you are: biometrics, signature dynamics, keyboard dynamics, voice print
10 What is a good password? Long passwords are harder to break but tedious to type. Random passwords are hard to break but next to impossible to memorize. Writing down a password on a sticky note doesn t help. Password expiration reduces the damage but increases the risk of forgetting. Automatic password generation easily memorizable words passphrases: sentences hashed into passwords Passwords are only usable for services that are often used.
11 Password generation examples
12 Password generation examples
13 Smart cards Physical tamper-proof credentials Memory cards: simple storage of information (e.g. medical insurance) Microprocessor cards: advanced functionality (e.g. transactions) cryptographic operations (e.g. key validation and key-pair generation) Java cards: a mini-jvm on a chip (e.g. for code update). Main problem: theft and loss risk
14 Biometric identification Unforgeable features of a person: fingerprints hand geometry hand topography iris scan retina scan...or behavioral characteristics: signature dynamics keyboard dynamics voice print
15 Disadvantages of biometric authentication Non-zero probability of erroneous classification High cost and time consumption Impossibility to revoke Privacy issues and social acceptance Can be potentially falcified
16 Two-factor authentication A combination of any two authentication modes Example: SecurID PIN assigned to user token automatically generated in hardware every 30 seconds Clock synchronization between a token generator and an authentication server required
17 Single sign-on Motivation: Reduce the need to memorize passwords Reduce the time spent on typing passwords Reducing password maintenance effort Solutions: Local password containers (e.g. KDE Wallet) Physical authentication devices Client-server architectures (Kerberos, Active Directory)
18 Kerberos: a brief history Development at MIT in the project Athena in the 1980s, versions 1 3 for internal use, version 4 released in Version 5 released in 1993 fixed some security flaws of the previous version; version 4 withdrawn in Banned for export by US government until 2000 (due to the use of DES); re-implemented in Sweden at KTH. Currently, both implementations MIT (Athena) and KTH (Heimdal) support AES as the main encryption instrument. Supported by all major OS (Windows 2000 up, Mac OS X, Solaris, Red Hat Enterprize)
19 Kerberos authentication protocol Key Distribution Center (KDC) Client AS_REQ AS_REP Authentication Server (AS) Database TGS_REQ Ticket Granting Server (TGS) TGS_REP AP_REQ Application Server AP_REP
20 Kerberos details: user login User enters his user name U and password P at a client workstation. The hash value of his password K u = h(p) becomes a secret key of the client/user.
21 Kerberos details: user authentication The client sends his user ID U and the requested service S to the authentication server AS: C AS : (U, S) If the user ID is found in a database, AS generates a TGS session key k TGS and a ticket-generating ticket TGT: TGT : (U, S, k TGS ) AS sends TGT encrypted to C: C AS : {S, k TGS } Ku {TGT} KTGS
22 Kerberos details: ticket request The client generates an authenticator: A : {U} ktgs The client sends a ticket granting request to a ticket granting server: C TGS : (S, A){TGT} KTGS TGS verifies that U in A matches U in TGT, generates a service session key k S and puts it into a service ticket: T S : (U, S, k S ) TGS sends T S encrypted with the service key K S to C: C TGS : {S, k S } ktgs {T S } KS
23 Kerberos details: service authentication The client generates an authenticator: A : {U} ks The client sends a request to a service: C S : (A){T S } KS The service checks if U in A matches U in T S and if so accepts the request.
24 Kerberos resumé Provides secure authentication in an insecure network. A de-facto standard (at least open-source) in distributed authentication services. Relatively complex in installation. Single point of failure.
25 Access control overview Given a subject, which objects can it access and how? Given an object, which subjects can access it and how? Subject Reference monitor Object User process? Resource Access request Policy
26 Main concepts of access control Subject is an entity that initiates an access request. active entries, usually processes Object is an entity an access to which is requested. passive entries, processes or resources Principal is an identifiable entity, e.g., a user. each subject mapped to one principal multiple subjects per principal Rights represent different types of access. Reference monitor makes authorization decisions.
27 Access control structures Access control structures are mechanisms for implementing access policies: access control matrix capabilities access control lists intermediate controls (groups, negative permissions, roles, protection rings etc.) Requirements for access control structures: an ability to express control policies verifiability of correctness. scalability and manageability
28 Access control matrix Access control matrix is a basic control structure. bill.doc edit.exe fun.com Alice {execute} {execute,read} Bob {read} {execute} {execute,read,write} Advantages: clarity of definition easy to verify Disadvantages: poor scalability poor handling of changes
29 Capabilities Capability is a subject-centered description of access rights: Alice: {edit.exe: execute}, {fun.com: execute, read} Bob: {bill.doc: read, write}, {edit.exe: execute}, {fun.com: execute, read, write} Advantages: easy ownership transfer easy inheritance of access rights Disadvantages: poor overview of access rights per object difficulty of revocation need for extra integrity protection
30 Access control lists (ACL) ACL is an object-centered description of access rights: bill.doc: {Bob: read, write} exit.exe: {Alice: execute}, {Bob: execute} fun.com: {Alice: execute, read}, {Bob: execute, read, write} Advantages: easy access to object access rights relative easiness of management using abstractions Disadvantages: poor overview of access rights per subject difficulty of revocation difficulty of sharing
31 Access control abstractions Group: an collection of related subjects easy sharing easy addition and removal of users Negative permission: explicit revocation of access rights Privilege: a mapping of users to access rights concise definition of access rights {admin: read, write, execute}, /etc/passwd: {Alice, admin} Protection ring: a hierarchy of access right levels 0 operating system kernel 1 operating system 2 services 3 user processes
32 Mandatory access control (MAC) Centralized access control by means of system-wide policy. Access control rights are fixed by an administrators. A limited number of implementations, e.g. SELinux, Systrace. Advantages: strict control over information flow strong exploit containment Disadvantages: major usability problems cumbersome administration
33 Discretionary access control (DAC) Access control is carried out by a resource owner. By associating ownership with principals, access rights are easily transferred to other subjects. Deployed in a majority of common systems. Advantages: simple and efficient access rights management scalability Disadvantages: intentional abuse of access rights unintentional abuse of access rights no control over information flow
34 Role based access control (RBAC) RBAC attempt to handle the complexity of access control by extensive used of abstractions: Data types are defined for all objects. Procedures are high level access control methods with a more complex semantics than elementary access control rights. Procedures can be only applied to certain data types. Procedures are grouped into roles assigned to users. A user can have more than one role and more than one user can have the same role. Role hierarchies can be used to match natural relations between roles. Example: A Lecturer can create a role Student and give it a privilege read course material.
35 Summary Passwords and shared secrets are the most common tools for user authentication. limited security (cracking) and usability (forgetting, management) alternatives: biometrics and smart cards Single sign-on methods such as Kerberos provide means for automating authentication in large distributed environments. single point of failure Access control is based on the notion of the access matrix and its approximations (ACS, capabilities) and abstraction (groups, roles).
Introduction to Computer Security
Introduction to Computer Security Identification and Authentication Pavel Laskov Wilhelm Schickard Institute for Computer Science Resource access: a big picture 1. Identification Which object O requests
More informationIntroduction to Computer Security
Introduction to Computer Security Access Control and Authorization Pavel Laskov Wilhelm Schickard Institute for Computer Science Resource access recapitulated 1. Identification Which object O requests
More informationCompTIA Security+ Certification SY0-301
CompTIA Security+ Certification SY0-301 Centro Latino, Inc. Computer Technology Program Prof: Nestor Uribe, nuribe@centrolatino.org www.centrolatino.org 267 Broadway, Chelsea, MA 02150 Tel. (617) 884-3238
More informationCSC 474 -- Network Security. User Authentication Basics. Authentication and Identity. What is identity? Authentication: verify a user s identity
CSC 474 -- Network Security Topic 6.2 User Authentication CSC 474 Dr. Peng Ning 1 User Authentication Basics CSC 474 Dr. Peng Ning 2 Authentication and Identity What is identity? which characteristics
More information4.2: Kerberos Kerberos V4 Kerberos V5. Chapter 5: Security Concepts for Networks. Lehrstuhl für Informatik 4 Kommunikation und verteilte Systeme
Chapter 2: Security Techniques Background Chapter 3: Security on Network and Transport Layer Chapter 4: Security on the Application Layer Secure Applications Network Authentication Service: Kerberos 4.2:
More informationAuthentication Applications
Authentication Applications CSCI 454/554 Authentication Applications will consider authentication functions developed to support application-level authentication & digital signatures Kerberos a symmetric-key
More informationTOPIC HIERARCHY. Distributed Environment. Security. Kerberos
KERBEROS TOPIC HIERARCHY Distributed Environment Security Privacy Authentication Authorization Non Repudiation Kerberos ORIGIN MIT developed Kerberos to protect network services. Developed under the Project
More informationChapter 4. Authentication Applications. COSC 490 Network Security Annie Lu 1
Chapter 4 Authentication Applications COSC 490 Network Security Annie Lu 1 OUTLINE Kerberos X.509 Authentication Service COSC 490 Network Security Annie Lu 2 Authentication Applications authentication
More information10.2 World Wide Web Security S-HTTP (secure hypertext transfer protocol) SEA (security extension architecture)
Contents 1 / 55 10.1 Kerberos Kerberos V4 Kerberos V5 10.2 World Wide Web Security S-HTTP (secure hypertext transfer protocol) SEA (security extension architecture) Kerberos V4 / Contents 2 / 55 Kerberos
More informationNIST PKI 06: Integrating PKI and Kerberos (updated April 2007) Jeffrey Altman
NIST PKI 06: Integrating PKI and Kerberos (updated April 2007) Jeffrey Altman The Slow Convergence of PKI and Kerberos At Connectathon 1995 Dan Nessett of Sun Microsystems was quoted saying Kerberos will
More informationChapter 15 User Authentication
Chapter 15 User Authentication 2015. 04. 06 Jae Woong Joo SeoulTech (woong07@seoultech.ac.kr) Table of Contents 15.1 Remote User-Authentication Principles 15.2 Remote User-Authentication Using Symmetric
More informationHOBCOM and HOBLink J-Term
HOB GmbH & Co. KG Schwadermühlstr. 3 90556 Cadolzburg Germany Tel: +49 09103 / 715-0 Fax: +49 09103 / 715-271 E-Mail: support@hobsoft.com Internet: www.hobsoft.com HOBCOM and HOBLink J-Term Single Sign-On
More informationKerberos. Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530 520 BC. From Italy (?).
Kerberos Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530 520 BC. From Italy (?). 1 Kerberos Kerberos is an authentication protocol and a software suite implementing this
More informationBM482E Introduction to Computer Security
BM482E Introduction to Computer Security Lecture 7 Database and Operating System Security Mehmet Demirci 1 Summary of Lecture 6 User Authentication Passwords Password storage Password selection Token-based
More informationWATCHING THE WATCHDOG: PROTECTING KERBEROS AUTHENTICATION WITH NETWORK MONITORING
WATCHING THE WATCHDOG: PROTECTING KERBEROS AUTHENTICATION WITH NETWORK MONITORING Authors: Tal Be ery, Sr. Security Research Manager, Microsoft Michael Cherny, Sr. Security Researcher, Microsoft November
More informationKerberos. Login via Password. Keys in Kerberos
Kerberos Chapter 2: Security Techniques Background Chapter 3: Security on Network and Transport Layer Chapter 4: Security on the Application Layer Secure Applications Network Authentication Service: Kerberos
More informationAccess Control Basics. Murat Kantarcioglu
UT DALLAS Erik Jonsson School of Engineering & Computer Science Access Control Basics Murat Kantarcioglu Access Control - basic concepts An access control system regulates the operations that can be executed
More informationArchitecture of Enterprise Applications III Single Sign-On
Architecture of Enterprise Applications III Single Sign-On Haopeng Chen REliable, INtelligent and Scalable Systems Group (REINS) Shanghai Jiao Tong University Shanghai, China e-mail: chen-hp@sjtu.edu.cn
More informationOutline. INF3510 Information Security University of Oslo Spring 2015. Lecture 9 Identity Management and Access Control. The concept of identity
INF50 Information Security University of Oslo Spring 05 Outline Identity and access management concepts Identity management models Access control models (security models) Lecture 9 Identity Management
More informationHow To Use Kerberos
KERBEROS 1 Kerberos Authentication Service Developed at MIT under Project Athena in mid 1980s Versions 1-3 were for internal use; versions 4 and 5 are being used externally Version 4 has a larger installed
More informationDr. Cunsheng DING HKUST, Hong Kong. Security Protocols. Security Protocols. Cunsheng Ding, HKUST COMP685C
Cunsheng Ding, HKUST Lecture 06: Public-Key Infrastructure Main Topics of this Lecture 1. Digital certificate 2. Certificate authority (CA) 3. Public key infrastructure (PKI) Page 1 Part I: Digital Certificates
More informationIDENTITY MANAGEMENT. February 2008. The Government of the Hong Kong Special Administrative Region
IDENTITY MANAGEMENT February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part without
More informationAuthentication Applications
Authentication Applications will consider authentication functions developed to support application-level authentication & digital signatures will consider Kerberos a private-key authentication service
More informationAuthentication. Computer Security. Authentication of People. High Quality Key. process of reliably verifying identity verification techniques
Computer Security process of reliably verifying identity verification techniques what you know (eg., passwords, crypto key) what you have (eg., keycards, embedded crypto) what you are (eg., biometric information)
More informationA Comparative Study of Security Features in FreeBSD and OpenBSD
Department of Computer Science Magnus Persson A Comparative Study of Security Features in FreeBSD and OpenBSD Master s Thesis 2006:02 A Comparative Study of Security Features in FreeBSD and OpenBSD Magnus
More informationSecurity+ Guide to Network Security Fundamentals, Third Edition. Chapter 7 Access Control Fundamentals
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 7 Access Control Fundamentals Objectives Define access control and list the four access control models Describe logical access control
More informationProtec'ng Informa'on Assets - Week 10 - Identity Management and Access Control. MIS 5206 Protec/ng Informa/on Assets Greg Senko
Protec'ng Informa'on Assets - Week 10 - Identity Management and Access Control In the News Readings MIS5206 Week 10 Identity Management and Access Control Test Taking Tip Quiz In the News Discuss items
More informationCS 356 Lecture 28 Internet Authentication. Spring 2013
CS 356 Lecture 28 Internet Authentication Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists
More informationA Secure Authenticate Framework for Cloud Computing Environment
A Secure Authenticate Framework for Cloud Computing Environment Nitin Nagar 1, Pradeep k. Jatav 2 Abstract Cloud computing has an important aspect for the companies to build and deploy their infrastructure
More informationAuthentication Application
Authentication Application KERBEROS In an open distributed environment servers to be able to restrict access to authorized users to be able to authenticate requests for service a workstation cannot be
More informationRed Hat Enterprise IPA Identity & Access Management for Linux and Unix Environments. Dragos Manac 01.10.2008
Red Hat Enterprise IPA Identity & Access Management for Linux and Unix Environments Dragos Manac 01.10.2008 Agenda The Need for Identity & Access Management Enterprise IPA Overview Pricing Questions to
More informationSmart Card- An Alternative to Password Authentication By Ahmad Ismadi Yazid B. Sukaimi
Smart Card- An Alternative to Password Authentication By Ahmad Ismadi Yazid B. Sukaimi Purpose This paper is intended to describe the benefits of smart card implementation and it combination with Public
More informationInstallation and Configuration Guide
Entrust Managed Services PKI Auto-enrollment Server 7.0 Installation and Configuration Guide Document issue: 1.0 Date of Issue: July 2009 Copyright 2009 Entrust. All rights reserved. Entrust is a trademark
More informationAPI-Security Gateway Dirk Krafzig
API-Security Gateway Dirk Krafzig Intro Digital transformation accelerates application integration needs Dramatically increasing number of integration points Speed Security Industrial robustness Increasing
More informationCEN 559 Selected Topics in Computer Engineering. Dr. Mostafa H. Dahshan KSU CCIS mdahshan@ccis.ksu.edu.sa
CEN 559 Selected Topics in Computer Engineering Dr. Mostafa H. Dahshan KSU CCIS mdahshan@ccis.ksu.edu.sa Access Control Access Control Which principals have access to which resources files they can read
More informationKerberos-Based Authentication for OpenStack Cloud Infrastructure as a Service
Kerberos-Based Authentication for OpenStack Cloud Infrastructure as a Service Sazzad Masud and Ram Krishnan University of Texas at San Antonio Sazzad.Masud@gmail.com, Ram.Krishnan@utsa.edu Abstract Cloud
More informationDigital Certificates (Public Key Infrastructure) Reshma Afshar Indiana State University
Digital Certificates (Public Key Infrastructure) Reshma Afshar Indiana State University October 2015 1 List of Figures Contents 1 Introduction 1 2 History 2 3 Public Key Infrastructure (PKI) 3 3.1 Certificate
More informationAuthentication Types. Password-based Authentication. Off-Line Password Guessing
Authentication Types Chapter 2: Security Techniques Background Secret Key Cryptography Public Key Cryptography Hash Functions Authentication Chapter 3: Security on Network and Transport Layer Chapter 4:
More informationThe Security Behind Sticky Password
The Security Behind Sticky Password Technical White Paper version 3, September 16th, 2015 Executive Summary When it comes to password management tools, concerns over secure data storage of passwords and
More informationKerberos: An Authentication Service for Computer Networks by Clifford Neuman and Theodore Ts o. Presented by: Smitha Sundareswaran Chi Tsong Su
Kerberos: An Authentication Service for Computer Networks by Clifford Neuman and Theodore Ts o Presented by: Smitha Sundareswaran Chi Tsong Su Introduction Kerberos: An authentication protocol based on
More informationCompliance and Security Challenges with Remote Administration
Sponsored by Netop Compliance and Security Challenges with Remote Administration A SANS Whitepaper January 2011 Written by Dave Shackleford Compliance Control Points Encryption Access Roles and Privileges
More informationRSA SecurID Software Token 1.0 for Android Administrator s Guide
RSA SecurID Software Token 1.0 for Android Administrator s Guide Contact Information See the RSA corporate web site for regional Customer Support telephone and fax numbers: www.rsa.com Trademarks RSA,
More informationSecurity and Operating Systems It s the Application
What is Security? Internal Roles Protecting Whom? Operating Systems 1 / 38 What is Security? Internal Roles Protecting Whom? What is operating system security? How do operating systems contribute to system
More information2.4: Authentication Authentication types Authentication schemes: RSA, Lamport s Hash Mutual Authentication Session Keys Trusted Intermediaries
Chapter 2: Security Techniques Background Secret Key Cryptography Public Key Cryptography Hash Functions Authentication Chapter 3: Security on Network and Transport Layer Chapter 4: Security on the Application
More informationAccess Control. Dr George Danezis (g.danezis@ucl.ac.uk)
Access Control Dr George Danezis (g.danezis@ucl.ac.uk) Resources Key paper: Carl E. Landwehr: Formal Models for Computer Security. ACM Comput. Surv. 13(3): 247-278 (1981) See references to other optional
More informationHow To Secure Your Data Center From Hackers
Xerox DocuShare Private Cloud Service Security White Paper Table of Contents Overview 3 Adherence to Proven Security Practices 3 Highly Secure Data Centers 4 Three-Tier Architecture 4 Security Layers Safeguard
More informationComplying with PCI Data Security
Complying with PCI Data Security Solution BRIEF Retailers, financial institutions, data processors, and any other vendors that manage credit card holder data today must adhere to strict policies for ensuring
More informationChapter 23. Database Security. Security Issues. Database Security
Chapter 23 Database Security Security Issues Legal and ethical issues Policy issues System-related issues The need to identify multiple security levels 2 Database Security A DBMS typically includes a database
More informationFINAL DoIT 04.01.2013- v.8 APPLICATION SECURITY PROCEDURE
Purpose: This procedure identifies what is required to ensure the development of a secure application. Procedure: The five basic areas covered by this document include: Standards for Privacy and Security
More informationSecurity Architecture Whitepaper
Security Architecture Whitepaper 2015 by Network2Share Pty Ltd. All rights reserved. 1 Table of Contents CloudFileSync Security 1 Introduction 1 Data Security 2 Local Encryption - Data on the local computer
More informationCrypho Security Whitepaper
Crypho Security Whitepaper Crypho AS Crypho is an end-to-end encrypted enterprise messenger and file-sharing application. It achieves strong privacy and security using well-known, battle-tested encryption
More informationINF3510 Information Security University of Oslo Spring 2016. Lecture 9 Identity Management and Access Control
INF3510 Information Security University of Oslo Spring 2016 Lecture 9 Identity Management and Access Control University of Oslo Spring 2016 Outline Identity and access management concepts Identity management
More informationTIB 2.0 Administration Functions Overview
TIB 2.0 Administration Functions Overview Table of Contents 1. INTRODUCTION 4 1.1. Purpose/Background 4 1.2. Definitions, Acronyms and Abbreviations 4 2. OVERVIEW 5 2.1. Overall Process Map 5 3. ADMINISTRATOR
More informationA brief on Two-Factor Authentication
Application Note A brief on Two-Factor Authentication Summary This document provides a technology brief on two-factor authentication and how it is used on Netgear SSL312, VPN Firewall, and other UTM products.
More informationTwo-Factor Authentication
Two-Factor Authentication This document describes SonicWALL s implementation of two-factor authentication for SonicWALL SSL-VPN appliances. This document contains the following sections: Feature Overview
More informationSuccessful Enterprise Single Sign-on Addressing Deployment Challenges
Successful Enterprise Single Sign-on Addressing Deployment Challenges 2015 Hitachi ID Systems, Inc. All rights reserved. Contents 1 Introduction 1 2 Background: User Problems with Passwords 2 3 Approaches
More informationSecurity Guide. BlackBerry Enterprise Service 12. for ios, Android, and Windows Phone. Version 12.0
Security Guide BlackBerry Enterprise Service 12 for ios, Android, and Windows Phone Version 12.0 Published: 2015-02-06 SWD-20150206130210406 Contents About this guide... 6 What is BES12?... 7 Key features
More informationA Nemaris Company. Formal Privacy & Security Assessment For Surgimap version 2.2.6 and higher
A Nemaris Company Formal Privacy & Security Assessment For Surgimap version 2.2.6 and higher 306 East 15 th Street Suite 1R, New York, New York 10003 Application Name Surgimap Vendor Nemaris Inc. Version
More informationPUBLIC Secure Login for SAP Single Sign-On Implementation Guide
SAP Single Sign-On 2.0 SP04 Document Version: 1.0-2014-10-28 PUBLIC Secure Login for SAP Single Sign-On Implementation Guide Table of Contents 1 What Is Secure Login?....8 1.1 System Overview.... 8 1.1.1
More informationArchitecture Guidelines Application Security
Executive Summary These guidelines describe best practice for application security for 2 or 3 tier web-based applications. It covers the use of common security mechanisms including Authentication, Authorisation
More informationIBM SPSS Collaboration and Deployment Services Version 6 Release 0. Single Sign-On Services Developer's Guide
IBM SPSS Collaboration and Deployment Services Version 6 Release 0 Single Sign-On Services Developer's Guide Note Before using this information and the product it supports, read the information in Notices
More informationSecurity+ Guide to Network Security Fundamentals, Third Edition Chapter 8 Authentication
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 8 Authentication Objectives Define authentication Describe the different types of authentication credentials List and explain the
More informationINF3510 Information Security University of Oslo Spring 2012. Lecture 8 Identity and Access Management. Audun Jøsang
INF3510 Information Security University of Oslo Spring 2012 Lecture 8 Identity and Access Management Audun Jøsang Outline Identity and access management concepts Identity management models Access control
More informationLikewise Security Benefits
Likewise Enterprise Likewise Security Benefits AUTHOR: Manny Vellon Chief Technology Officer Likewise Software Abstract This document describes how Likewise improves the security of Linux and UNIX computers
More informationWhite Paper. Authentication and Access Control - The Cornerstone of Information Security. Vinay Purohit September 2007. Trianz 2008 White Paper Page 1
White Paper Authentication and Access Control - The Cornerstone of Information Security Vinay Purohit September 2007 Trianz 2008 White Paper Page 1 Table of Contents 1 Scope and Objective --------------------------------------------------------------------------------------------------------
More informationCS 4803 Computer and Network Security
Many-to-Many Authentication CS 4803 Computer and Network Security s? Servers Alexandra (Sasha) Boldyreva Kerberos How do users prove their identities when requesting services from machines on the network?
More informationSession objectives. Access control. Subjects and objects. The request. Information Security
The session Session objectives Access Control Information Security Dr Hans Georg Schaathun Introduce fundamental terminology of access control Understand principles of privilege management and identity
More informationImplementing a Kerberos Single Sign-on Infrastructure
Implementing a Kerberos Single Sign-on Infrastructure Gary Tagg IT Security Consultant, Tagg Consulting Ltd gary.tagg@itsecure.demon.co.uk Abstract Kerberos provides secure authentication, single sign-on
More informationCS 4803 Computer and Network Security
Access to general objects CS 4803 Computer and Network Security Memory protection is only one example Need a way to protect more general objects Before we begin, some design principles Alexandra (Sasha)
More informationHow To Make A Trustless Certificate Authority Secure
Network Security: Public Key Infrastructure Guevara Noubir Northeastern University noubir@ccs.neu.edu Network Security Slides adapted from Radia Perlman s slides Key Distribution - Secret Keys What if
More informationWeb Single Sign-On System. For WRL Company
1 Web Single Sign-On System For WRL Company Si Xiong June 2005 Department of Internetworking Royal Institute of Technology (KTH), IT-University Stockholm, Sweden Master of Science Thesis Supervisor: Johan
More informationAuthentication: Password Madness
Authentication: Password Madness MSIT 458: Information Security Group Presentation The Locals Password Resets United Airlines = 83,000 employees Over 13,000 password reset requests each month through the
More informationLecture 13. Public Key Distribution (certification) PK-based Needham-Schroeder TTP. 3. [N a, A] PKb 6. [N a, N b ] PKa. 7.
Lecture 13 Public Key Distribution (certification) 1 PK-based Needham-Schroeder TTP 1. A, B 4. B, A 2. {PKb, B}SKT B}SKs 5. {PK a, A} SKT SKs A 3. [N a, A] PKb 6. [N a, N b ] PKa 7. [N b ] PKb B Here,
More informationCross-Realm Trust Interoperability, MIT Kerberos and AD
Cross-Realm Trust Interoperability, MIT Kerberos and AD Dmitri Pal Sr. Engineering Manager Red Hat Inc. 10/27/2010 1 INTERNAL ONLY PRESENTER NAME What is our focus? Traditional view on Kerberos interoperability
More informationIntroduction to Computer Security
Introduction to Computer Security Windows Security Pavel Laskov Wilhelm Schickard Institute for Computer Science Microsoft Windows Family Tree Key security milestones: NT 3.51 (1993): network drivers and
More informationThick Client Application Security
Thick Client Application Security Arindam Mandal (arindam.mandal@paladion.net) (http://www.paladion.net) January 2005 This paper discusses the critical vulnerabilities and corresponding risks in a two
More informationUsing LDAP Authentication in a PowerCenter Domain
Using LDAP Authentication in a PowerCenter Domain 2008 Informatica Corporation Overview LDAP user accounts can access PowerCenter applications. To provide LDAP user accounts access to the PowerCenter applications,
More informationAuthentication systems. Authentication methodologies. User authentication. Authentication systems (auth - april 2012)
Authentication systems Diana Berbecaru < diana.berbecaru @ polito.it > Politecnico di Torino Dip. Automatica e Informatica Authentication methodologies can be based on different factors ( 1/2/3-factors
More informationRSA SecurID Software Token 1.3 for iphone and ipad Administrator s Guide
RSA SecurID Software Token 1.3 for iphone and ipad Administrator s Guide Contact Information See the RSA corporate web site for regional Customer Support telephone and fax numbers: www.rsa.com Trademarks
More informationSecurity+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 10 Authentication and Account Management
Security+ Guide to Network Security Fundamentals, Fourth Edition Chapter 10 Authentication and Account Management Objectives Describe the three types of authentication credentials Explain what single sign-on
More informationwww.xceedium.com 2: Do not use vendor-supplied defaults for system passwords and other security parameters
2: Do not use vendor-supplied defaults for system passwords and other security parameters 2.1: Always change vendor-supplied defaults and remove or disable unnecessary default accounts before installing
More informationKey Management. CSC 490 Special Topics Computer and Network Security. Dr. Xiao Qin. Auburn University http://www.eng.auburn.edu/~xqin xqin@auburn.
CSC 490 Special Topics Computer and Network Security Key Management Dr. Xiao Qin Auburn University http://www.eng.auburn.edu/~xqin xqin@auburn.edu Slide 09-1 Overview Key exchange Session vs. interchange
More informationKerberos and Active Directory symmetric cryptography in practice COSC412
Kerberos and Active Directory symmetric cryptography in practice COSC412 Learning objectives Understand the function of Kerberos Explain how symmetric cryptography supports the operation of Kerberos Summarise
More informationOpenHRE Security Architecture. (DRAFT v0.5)
OpenHRE Security Architecture (DRAFT v0.5) Table of Contents Introduction -----------------------------------------------------------------------------------------------------------------------2 Assumptions----------------------------------------------------------------------------------------------------------------------2
More informationXerox DocuShare Security Features. Security White Paper
Xerox DocuShare Security Features Security White Paper Xerox DocuShare Security Features Businesses are increasingly concerned with protecting the security of their networks. Any application added to a
More informationInternational Journal of Computer Engineering and Technology (IJCET), ISSN 0976-6367(Print), INTERNATIONAL JOURNAL OF COMPUTER ENGINEERING &
INTERNATIONAL JOURNAL OF COMPUTER ENGINEERING & TECHNOLOGY (IJCET) ISSN 0976 6367(Print) ISSN 0976 6375(Online) Volume 4, Issue 6, November - December (2013), pp. 62-69 IAEME: www.iaeme.com/ijcet.asp Journal
More informationWHITE PAPER. Smart Card Authentication for J2EE Applications Using Vintela SSO for Java (VSJ)
WHITE PAPER Smart Card Authentication for J2EE Applications Using Vintela SSO for Java (VSJ) SEPTEMBER 2004 Overview Password-based authentication is weak and smart cards offer a way to address this weakness,
More informationSecurity Provider Integration Kerberos Authentication
Security Provider Integration Kerberos Authentication 2015 Bomgar Corporation. All rights reserved worldwide. BOMGAR and the BOMGAR logo are trademarks of Bomgar Corporation; other trademarks shown are
More informationBasic network security threats
Basic network security threats Packet sniffing Packet forgery (spoofed from address) DNS spoofing wrong IP address for hostname Assume bad guy controls network - Can read all your packets - Can tamper
More informationNetwork-Enabled Devices, AOS v.5.x.x. Content and Purpose of This Guide...1 User Management...2 Types of user accounts2
Contents Introduction--1 Content and Purpose of This Guide...........................1 User Management.........................................2 Types of user accounts2 Security--3 Security Features.........................................3
More informationMoving to Multi-factor Authentication. Kevin Unthank
Moving to Multi-factor Authentication Kevin Unthank What is Authentication 3 steps of Access Control Identification: The entity makes claim to a particular Identity Authentication: The entity proves that
More informationWindows 2000 Security Architecture. Peter Brundrett Program Manager Windows 2000 Security Microsoft Corporation
Windows 2000 Security Architecture Peter Brundrett Program Manager Windows 2000 Security Microsoft Corporation Topics Single Sign-on Kerberos v5 integration Active Directory security Delegation of authentication
More informationThe KGpg Handbook. Jean-Baptiste Mardelle Rolf Eike Beer
Jean-Baptiste Mardelle Rolf Eike Beer 2 Contents 1 Introduction 5 2 Getting Started 6 3 Using KGpg 8 3.1 Generating a key...................................... 8 3.2 Revoking a key.......................................
More informationSecurity in Android apps
Security in Android apps Falco Peijnenburg (3749002) August 16, 2013 Abstract Apps can be released on the Google Play store through the Google Developer Console. The Google Play store only allows apps
More informationRSA SecurID Software Token 3.0 for Windows Workstations Administrator s Guide
RSA SecurID Software Token 3.0 for Windows Workstations Administrator s Guide Contact Information See our Web sites for regional Customer Support telephone and fax numbers. RSA Security Inc. RSA Security
More informationIdentity Management and Access Control
and Access Control Marek Rychly mrychly@strathmore.edu Strathmore University, @ilabafrica & Brno University of Technology, Faculty of Information Technology Enterprise Security 7 December 2015 Marek Rychly
More informationHitachi ID Password Manager Telephony Integration
Hitachi ID Password Manager Telephony Integration 2015 Hitachi ID Systems, Inc. All rights reserved. Contents 1 Introduction 1 2 Functional integration 2 2.1 Self-service password reset....................................
More informationEnterprise Security: Building On All Your Assets
Covariant Inc. Enterprise Security: Building On All Your Assets Neil Beesley Covariant Inc neil.beesley@covariant-systems.com Friday August 10 th 2012 Session: 11369 Part 1: Introduction Security requirements
More informationThe Benefits of an Industry Standard Platform for Enterprise Sign-On
white paper The Benefits of an Industry Standard Platform for Enterprise Sign-On The need for scalable solutions to the growing concerns about enterprise security and regulatory compliance can be addressed
More informationEntrust Managed Services PKI
Entrust Managed Services PKI Entrust Managed Services PKI Windows Smart Card Logon Configuration Guide Using Web-based applications Document issue: 1.0 Date of Issue: June 2009 Copyright 2009 Entrust.
More information