Keywords Distributed database system, Database security, Single sign-on, Web Services, Facebook Connect services

Similar documents
Secure Authentication of Distributed Networks by Single Sign-On Mechanism

Digital Identity Management

Single Sign-On in PHP & HATS Applications using Hashed Cookies

Thick Client Application Security

Chapter 23. Database Security. Security Issues. Database Security

Chapter 23. Database Security. Security Issues. Database Security

Application Security Testing. Generic Test Strategy

Single Sign-On Secure Authentication Password Mechanism

SECURITY ANALYSIS OF A SINGLE SIGN-ON MECHANISM FOR DISTRIBUTED COMPUTER NETWORKS

SINGLE SIGN-ON MECHANISM FOR DISTRIBUTED COMPUTING SECURITY ENVIRONMENT

Journal of Electronic Banking Systems

Absorb Single Sign-On (SSO) V3.0

Integration of Sound Signature in 3D Password Authentication System

Is Drupal secure? A high-level perspective on web vulnerabilities, Drupal s solutions, and how to maintain site security

INTRUSION PROTECTION AGAINST SQL INJECTION ATTACKS USING REVERSE PROXY

CHAPTER 1 INTRODUCTION

Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data

A Data Synchronization based Single Sign-on Schema Supporting Heterogeneous Systems and Multi-Management Mode

Using Foundstone CookieDigger to Analyze Web Session Management

Evaluation of different Open Source Identity management Systems

Security Analysis of Cloud Computing: A Survey

A Study on User Access Control Method using Multi-Factor Authentication for EDMS

Database Migration over Network

A Review of Web Application Security for Preventing Cyber Crimes

Computer Systems Security 2013/2014. Single Sign-On. Bruno Maia Pedro Borges

Oracle Database Security

DKIM Enabled Two Factor Authenticated Secure Mail Client

A Tokenization and Encryption based Multi-Layer Architecture to Detect and Prevent SQL Injection Attack

Choosing an SSO Solution Ten Smart Questions

OpenHRE Security Architecture. (DRAFT v0.5)

BlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: Security Note

Database Security and Authorization

Keywords Cloud Storage, Error Identification, Partitioning, Cloud Storage Integrity Checking, Digital Signature Extraction, Encryption, Decryption

Is your data safe out there? -A white Paper on Online Security

Criteria for web application security check. Version

Table of Contents INTRODUCTION... 2 HOME PAGE Announcements... 7 Personalize & Change Password... 8 Reminders... 9 SERVICE CATALOG...

Single Sign-On Guide for Blackbaud NetCommunity and The Patron Edge Online

Towards Securing E-Banking by an Integrated Service Model Utilizing Mobile Confirmation

Centralized Self-service Password Reset: From the Web and Windows Desktop

Signature Amortization Technique for Authenticating Delay Sensitive Stream

Finding Anomalies in Windows Event Logs Using Standard Deviation

Copyright

DriveLock and Windows 7

Secure Semantic Web Service Using SAML

A Secure Authenticate Framework for Cloud Computing Environment

SURVEY ON INFORMATION HIDING TECHNIQUES USING QR BARCODE

International Journal of Advance Foundation and Research in Computer (IJAFRC) Volume 2, Special Issue (NCRTIT 2015), January 2015.

: Network Security. Name of Staff: Anusha Linda Kostka Department : MSc SE/CT/IT

One Time Password Generation for Multifactor Authentication using Graphical Password

Keywords Decryption, Encryption,password attack, Replay attack, steganography, Visual cryptography EXISTING SYSTEM OF KERBEROS

Authentication Types. Password-based Authentication. Off-Line Password Guessing

Concepts of Database Management Seventh Edition. Chapter 7 DBMS Functions

Entrust Managed Services PKI

Password Power 8 Plug-In for Lotus Domino Single Sign-On via Kerberos

Performance Gathering and Implementing Portability on Cloud Storage Data

Oracle Enterprise Single Sign-on Technical Guide An Oracle White Paper June 2009

INTERNATIONAL JOURNAL OF PURE AND APPLIED RESEARCH IN ENGINEERING AND TECHNOLOGY

MANAGED FILE TRANSFER: 10 STEPS TO SOX COMPLIANCE

Improving the Security of SSO in Distributed Computer Network using Digital Certificate and one Time Password (OTP)

Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs

Sync Security and Privacy Brief

Workday Mobile Security FAQ

2.4: Authentication Authentication types Authentication schemes: RSA, Lamport s Hash Mutual Authentication Session Keys Trusted Intermediaries

Gateway Apps - Security Summary SECURITY SUMMARY

Defense In-Depth to Achieve Unbreakable Database Security

GoldKey Software. User s Manual. Revision WideBand Corporation Copyright WideBand Corporation. All Rights Reserved.

A Review of Cloud Environment and Recognition of Highly Secure Public Data Verification Architecture using Secure Public Verifier Auditor

Analysis of E-Commerce Security Protocols SSL and SET

Leverage Active Directory with Kerberos to Eliminate HTTP Password

ORACLE ACCESS MANAGER

FINAL DoIT v.8 APPLICATION SECURITY PROCEDURE

Common Criteria Web Application Security Scoring CCWAPSS

Leveraging SAML for Federated Single Sign-on:

ORACLE DATABASE SECURITY. Keywords: data security, password administration, Oracle HTTP Server, OracleAS, access control.

DCH File Transfer Application User Manual

OpenClinica SSL VPN Access New User Setup Guide

Cybersecurity and Secure Authentication with SAP Single Sign-On

How To Encrypt Data With A Power Of N On A K Disk

(M.S.), INDIA. Keywords: Internet, SQL injection, Filters, Session tracking, E-commerce Security, Online shopping.

4. Getting started: Performing an audit

CryptoNET: Security Management Protocols

OPENID AUTHENTICATION SECURITY

Medical Services Administration Bureau of Medicaid Financial Services. LTC File Transfer Application. User Manual

Research and Implementation of Single Sign-On Mechanism for ASP Pattern *

An Implementation of RSA Algorithm in Google Cloud using Cloud SQL

An Anti-Phishing mechanism for Single Sign-On based on QR-Code

SECURITY ANALYSIS OF PASSWORD BASED MUTUAL AUTHENTICATION METHOD FOR REMOTE USER

USING MYWEBSQL FIGURE 1: FIRST AUTHENTICATION LAYER (ENTER YOUR REGULAR SIMMONS USERNAME AND PASSWORD)

Client Side Filter Enhancement using Web Proxy

WHITE PAPER. Smart Card Authentication for J2EE Applications Using Vintela SSO for Java (VSJ)

An Oracle White Paper December Leveraging Oracle Enterprise Single Sign-On Suite Plus to Achieve HIPAA Compliance

Tenrox. Single Sign-On (SSO) Setup Guide. January, Tenrox. All rights reserved.

Review Paper on Two Factor Authentication Using Mobile Phone (Android) ISSN

Transcription:

Volume 4, Issue 3, March 2014 ISSN: 2277 128X International Journal of Advanced Research in Computer Science and Software Engineering Research Paper Available online at: www.ijarcsse.com Implementation of Single Sign-On Technique in Heterogeneous Distributed Environment Kirti Bhandari *, Parminder Kaur CSE & Guru Nanak Dev University India Abstract In a Distributed database system, the database is stored physically across computers or sites in different locations that are connected together by some form of data communication network. Distributed database security is to deal with protecting data from people or software having malicious intentions, from unauthorized access, modification and misuse of information or destruction. Most distributed systems are assembled from different components. Each of the component acts as an isolated security domain independently. In the multi sign-on environment, the end-user who wants to use services housed in different servers has to sign-on multiple times. User has to remember large numbers of passwords. With multiple sign on, user may have some bad habits that reduce the system security, such as, using the same password for all the systems. Therefore, multiple sign-on is very troublesome, so the single sign-on solution has been introduced to solve this problem. Single sign-on (SSO) is the mechanism whereby a single action of user authentication and authorization can permit a user to access all computers and systems where that user has access permission, without the need to enter. This paper implements the Single Sign-On Scenario in Distributed Heterogeneous Environment. Keywords Distributed database system, Database security, Single sign-on, Web Services, Facebook Connect services I. INTRODUCTION In a Distributed database system, the database is stored/spread physically across computers or sites in different locations that are connected together [3] by some form of data communication network. The main objective of Distributed database is Location transparency and Local Autonomy. Homogeneous and Heterogeneous are two main environments of distributed Database. In the former, the data stored across multiple sites is managed by same DBMS software whereas in latter, the data stored across multiple sites is managed by different DBMS software. When database is stored on multiple locations, security of Distributed Database is very important. The main security issues of Distributed Database describes by the following table: Table1 A Matrix of Security Risks and Solutions [10] Problem Solution Security Technology Unauthorized users Know your users Authentication Unauthorized access to data Limit access to data Access control Dynamic query modification Limit access to data rows and columns Encrypt data Limit privileges Fine-grained access control Label-based access control Data encryption Privilege management Eavesdropping on communications Protect the network Network encryption Corruption of data Protect the network Data integrity Denial of service Control access to resources Availability Complexity to user Limit number of passwords Single sign on Complexity to administrator Centralize management Enterprise user security Lack of accountability Monitor users' actions Auditing 2014, IJARCSSE All Rights Reserved Page 774

Problem Solution Security Technology Overly broad access to data Dynamic query modification Fine-grained access control Too many accounts Centralize management Directory services, LDAPcompliant directory services By increasing the users of the distributed systems that should often access to remote resource, different authentication techniques are needed when users want to enter the systems. Therefore, SSO technology has been introduced as a special form of authentication mechanisms. This technology is meant to facilitate the job for users in a way that with one time authentication they could be able to access to several software resources on different servers. II. RELATED WORK In 1995, Parker [8] defined the various Technologies and The Products of Single Sign-on Systems. Scripting and Access Tickets are the two main approaches of single sign-on. In 2000, Lee and Chang proposed [4] a user identification and key distribution scheme to maintain user anonymity in distributed computer networks. Later, Wu and Hsu pointed out that Lee-Chang scheme is insecure against both impersonation attack and identity disclosure attack. Meanwhile, Yang et al. identified a weakness in Wu-Hsu scheme and proposed an improvement. In 2004, Gang et al [2] proposed two designs of Single Sign-On and discuss its advantages and disadvantage of these two versions. In 2007, Suriadi et al [11] find out that there is a lack of built-in privacy mechanisms within the current identity management systems. They give a proposal for the extension of existing Federated Single Sign-On (FSSO) systems to adopt the beneficial properties of the User-Centric Identity Management (UCIM) model to provide an identity management system that allows the users to control and enforce their privacy requirements while still retaining the convenient features of FSSO. In 2007, Maryam [6] et al demonstrates a centralized password-based authentication system using SSO for Webbased application in distributed environments. Centralised, Distributed and Federated Approaches are introduced and Cookie capabilities are used for implementation of this system that is called centralized cookie-based SSO or CC-SSO. In 2008, David [1] proposed a framework for single sign-on by using an EMV card for two-factor authentication. Single sign-on by using an EMV card does not need the card making physical contact with the network connected device and without exposing the keys and PIN that are used to protect financial transactions. The proposed method could improve the protection for the card, the cardholder and the service provider(s). In 2009, Magyari et al [5] proposed a single sign-on mechanism which is based on certificates generated on request for client applications. In 2009, Rajesh and Alwyn [9] discussed that several Single Sign-On frameworks were proposed and implemented so far but they are not balance in Security, Efficiency and Usability. Their proposed framework using Identity Based Encryption System (IBES) instead of Public key infrastructure (PKI). In 2010, Moo Nam Ko et al [7] discussed Facebook Connect services which allow users to login to other websites using their Facebook identity and information and which will then potentially feed back to a users Facebook network information about their actions on the site. Facebook Platform allows users to import their identity, profile, privacy policy, social graph and content from Facebook to third-party sites. III. PROPOSED SCHEME In this scheme, user does not need to remember multiple passwords. In Single Sign-on, only one password is needed to log-on to different sites. In this scheme, data is distributed among Blog Answer and Single Sign-on Services. User first need to enter their personal information on Single Sign-on server. User's information is stored in SQL database. With this Username and Password, he/she log in to Social Networking Site and Blog Answer. When the user sign in Blog Answer with Single Sign-on Services Username and password, user first redirects to single sign-on services server and finds user's information in their database. If user's data exist in the database then it will generate a authenticated key. With this key, user can log on to the Blog Answer. The main steps when user log on to social Networking Site with single sign-on are : 1. User enter their single sign-on Email and Password and then click on sign-in. This information first strikes on single sign-on server and get all the necessary attributes but some attributes (Father Name, Landline Number, Photo) are not present on this site. 2. Single sign-on server requests the necessary attributes to the Blog Answer. Blog Answer find the attributes in their database. 3. Blog Answer sends the required information (Gender, Father Name, Photo) about user to Single sign-on server. 4. Single sign-on Services generate an authenticated key to Social Network Site and providing all the information about the user from a Blog Answer. User can log on by getting authenticated key and provided information can easily seen through User's profile on Social Networking Site. Data is only accessed through Web Services. 2014, IJARCSSE All Rights Reserved Page 775

Fig. 3.1 Proposed Scheme IV. IMPLEMENTATION User made an account on Single Sign-On services by giving all the information like username, password, Email id, DOB, Address, Mobile No. but username, password, Email id are unique fields. This information is stored in SQL database. All the required fields are shown by * mark. After filling this sign up form, they have to click on sign up button. Fig. 4.1 Sign up form on Single Sign-on User log on to single sign-on services successfully by getting the message on screen. Fig. 4.2 Successfully Signup on Single Sign on Services 2014, IJARCSSE All Rights Reserved Page 776

After making an account Single Sign-on Services, user fill up the sign up form on Blog answer. All the data stored in Oracle database. User fill the form with same Email Username and password as single sign-on service. Fig. 4.3 Sign up on Blog Answer User sign up successfully after filling above form by hitting Sign up button. Fig. 4.4 Successfully Sign up on Blog Answer When user fills the Sign up form on Blog Answer, they have two options for log in. They can log in both cases because they have filled signup form also. By login using single sign-on, they can log in through same username and password which they have fill on single sign-on services. Fig. 4.5 Log in using Single Sign-on 2014, IJARCSSE All Rights Reserved Page 777

A profile is created on Blog Answer which contains all the user information like Father Name, Address,Gender, DOB, Landline No, Photo. Landline No and Photo is blank because user does not provide information about these fields during Sign up form. Fig. 4.6 User's Profile is shown on Blog Now, user can easily add a question,view a question, change password and edit profile in Blog Answer. They can easily add a question by typing the question and select the category from which it belong. Then click on Add Question button.they can easily view the added question by pressing View Question link. User can successfully log out from Blog Answer account by clicking on log out button. When the user wants to visit social networking site, they have two options for log in. Either they can log in through using Single Sign-on account or made a separate account on social networking site. Fig. 4.7 Log in using Single sign-on on Social Networking Site User can make an account by providing all the information on Single Sign up form. Through Sign up on Social networking site, they have to fill all the required information which is a lengthy process. 2014, IJARCSSE All Rights Reserved Page 778

Fig. 4.8 Sign up on Social Networking Site Log in using Single sign-on account requires only Single Sign-on username and password. By clicking on Sign in button, user redirects on Single Sign-on services site and find out the typed username and password exists in the database. If it exists, then Social networking Site retrieve all the required information from Single Sign-on database and some information about user is not present in this database like First name, Last name, Landline no. and photo. then it redirect the user to Blog Answer and find all the information to Blog Answer. Then user successfully log in to Social networking site and profile is created by accessing remote data. Fig. 4.9 User's Profile on Social Networking Site User can make new friends, share status and update the profile. When user wants to leave the account, they can leave by pressing log out button. V. ENCRYPTED PASSWORDS To secure the password in database, password must be stored in encrypted form. The proposed scheme uses MD5 hash Algorithm. The message-digest algorithm is a widely used cryptographic hash function that produces a 128-bit (16- byte) hash value. An MD5 hash is typically expressed as a hexadecimal number, 32 digits long. It is an updated version of MD4. It is mainly used for storing small passwords. There is MD5 Encrypter which is used for encoding the passwords, change the readable password into unreadable text. It is used to ensure the data integrity of files. The MD5 hash algorithm always produces the same output for the same given input. When a user enters their password, the system computes the hash of it and compares it to the hashes listed in the database. Data stored on database can be viewed as following snapshot : 2014, IJARCSSE All Rights Reserved Page 779

Fig. 4.10 Passwords stored in the form of Hash value Theoretically, It is impossible to convert encrypted text to original text. But some decrypters convert encrypted text to original text. The main advantage of using MD5 is fast and easy to use. It also ensures security if attacker attacks the system, it will not easy for them to decode the password stored in the database. Sometimes collision also exist i.e. two different data produce the same hash. An attacker can create two colliding files that both begin with the same content. VI. CONCLUSIONS & FUTURE WORK Sign-on in centralized environment, user can only retrieve information from centralized database i.e. all the information about user is stored on single site. All third party websites requests on Single centralized database about user's information. Load increases on this centralized site when number of sites increases and they want to access user's information on this site. So, response time decreases and performance also degrades. Security is also increased by using same password for multiple sites. There is no need to write down password in paper or any other means. They can easily remember one password for log in to multiple sites. Data is stored in encrypted form by using MD5 hash algorithm. It converts the typed password into hash value. It is theoretically impossible to recover the original text from given hash value. Future work includes the feature of "Auto-Update". Updating the data at one site will automatically update the data at other sites. It can also save a lot of time of the user and maintain consistency. References [1] David J. Boyd (2008), " Single Sign-On to the Web with an EMV Card", International Symposium on Collaborative Technologies and Systems, 2008.CTS2008, DOI: 10.1109/CTS.2008.4543920, pp(s) 112-120. [2] Gang Zhao, Dong Zhengand, Kefei Chen (2004), " Design of Single Sign-On", Proceedings of the IEEE International Conference on E-Commerce Technology for Dynamic E-Business, DOI 10.1109/CEC.EAST.2004.34, page(s):253-256. [3] Gupta V.K., Sheetlani Jitendra, Gupta Dhiraj and Shukla Brahma Datta, Concurrency Control and Security issues of Distributed Databases Transaction, Research Journal of Engineering Sciences, NIMS University, Jaipur, Rajasthan, INDIA, Vol. 1(2), 70-73, August (2012). [4] Lee W. B. and Chang C. C., User identification and key distribution maintaining anonymity for distributed computer networks, Computer Systems Science and Engineering, Page (s): 113-116, 2000. [5] Magyari A., Genge B., Haller P. (2009)," Certificate-Based Single Sign-on Mechanism for Multi-Platform Distributed Systems", Electrical and Mechanical Engineering, Page(s): 113-123, 2009. [6] Maryam Eslami Chalandar, Parviz Darvish and Amir Masoud Rahmani (2007) A Centralized Cookie-Based Single Sign-On in Distributed Systems, Information and Communications Technology, ICICT 2007, ITI 5th International Conference on Dec 2007. [7] Moo Nam Ko, Cheek, G.P., Shehab, M., Sandhu, R., "Social-Networks Connect Services", IEEE Computer Society on August 2010, Page(s): 37-43, ISSN: 0018-9162, DOI: 10.1109/MC.2010.239. [8] Parker T.A. (1995), "Single Sign-on Systems - The Technologies And The Products", European Convention on Security and Detection', 16-18 May 1995, Conference publication NO. 408, pp. 151-155. IEE. [9] Rajesh and Alwyn R. (2009), "Secure Web Based Single Sign-On (SSO) framework using Identity Based Encryption System", International Conference on Advances in Recent Technologies in Communication and Computing, DOI 10.1109/ARTCom.2009.82, pp.430-432 2009 IEEE. [10] "Security Issues", available on http://docs.oracle.com/cd/b12037_01/network.101/b10777/overview.htm [11] Suriadi Suriadi, Ernest Foo and Audun Jøsang (2007), "A User-centric Federated Single Sign-on System", IFIP International Conference on Network and Parallel Computing, 2007, pp. 99-106. 2014, IJARCSSE All Rights Reserved Page 780

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information