Secure Authentication of Distributed Networks by Single Sign-On Mechanism



Similar documents
SINGLE SIGN-ON MECHANISM FOR DISTRIBUTED COMPUTING SECURITY ENVIRONMENT

SECURITY ANALYSIS OF A SINGLE SIGN-ON MECHANISM FOR DISTRIBUTED COMPUTER NETWORKS

Single Sign-On Secure Authentication Password Mechanism

Improving the Security of SSO in Distributed Computer Network using Digital Certificate and one Time Password (OTP)

SECURITY ANALYSIS OF A SINGLE SIGN-ON MECHANISM FOR DISTRIBUTED COMPUTER NETWORKS

Capture Resilient ElGamal Signature Protocols

An Efficient Data Security in Cloud Computing Using the RSA Encryption Process Algorithm

SECURITY ANALYSIS OF PASSWORD BASED MUTUAL AUTHENTICATION METHOD FOR REMOTE USER

Dynamic Query Updation for User Authentication in cloud Environment

Public Key Cryptography. c Eli Biham - March 30, Public Key Cryptography

Client Server Registration Protocol

International Journal of Emerging Technology & Research

Data Integrity for Secure Dynamic Cloud Storage System Using TPA

Keywords Distributed database system, Database security, Single sign-on, Web Services, Facebook Connect services

Integration of Sound Signature in 3D Password Authentication System

Keywords Decryption, Encryption,password attack, Replay attack, steganography, Visual cryptography EXISTING SYSTEM OF KERBEROS

HOST BASED INTERNAL INTRUSION DETECTION AND PREVENTION SYSTEM.

CRYPTANALYSIS OF A MORE EFFICIENT AND SECURE DYNAMIC ID-BASED REMOTE USER AUTHENTICATION SCHEME

A More Robust Authentication Scheme for Roaming Service in Global Mobility Networks Using ECC

A Secure Authenticate Framework for Cloud Computing Environment

Application of Automatic Variable Password Technique in Das s Remote System Authentication Scheme Using Smart Card

DATA SECURITY IN CLOUD USING ADVANCED SECURE DE-DUPLICATION

IMPROVED SECURITY MEASURES FOR DATA IN KEY EXCHANGES IN CLOUD ENVIRONMENT

Multifactor Graphical Password Authentication System using Sound Signature and Handheld Device

THE UNIVERSITY OF TRINIDAD & TOBAGO

EXAM questions for the course TTM Information Security May Part 1

Secure File Transfer Using USB

Efficient Nonce-based Authentication Scheme for. session initiation protocol

Keywords-- Cloud computing, Encryption, Data integrity, Third Party Auditor (TPA), RC5 Algorithm, privacypreserving,

CS 348: Computer Networks. - Security; 30 th - 31 st Oct Instructor: Sridhar Iyer IIT Bombay

Cryptography and Network Security

Journal of Electronic Banking Systems

The Design of Web Based Secure Internet Voting System for Corporate Election

A secure login system using virtual password

Efficient nonce-based authentication scheme for Session Initiation Protocol

Chapter 16: Authentication in Distributed System

An Improved Authentication Protocol for Session Initiation Protocol Using Smart Card and Elliptic Curve Cryptography

Security vulnerabilities in the Internet and possible solutions

RIGOROUS PUBLIC AUDITING SUPPORT ON SHARED DATA STORED IN THE CLOUD BY PRIVACY-PRESERVING MECHANISM

Secure Alternate Viable Technique of Securely Sharing The Personal Health Records in Cloud

Server-Assisted Generation of a Strong Secret from a Password

FAREY FRACTION BASED VECTOR PROCESSING FOR SECURE DATA TRANSMISSION

Information Security Basic Concepts

Chapter 9 Key Management 9.1 Distribution of Public Keys Public Announcement of Public Keys Publicly Available Directory

On the Security Vulnerabilities of a Hash Based Strong Password Authentication Scheme

Authentication Types. Password-based Authentication. Off-Line Password Guessing

Rfid Authentication Protocol for security and privacy Maintenance in Cloud Based Employee Management System

How To Make A Secure Storage On A Mobile Device Secure

Privacy Preservation and Secure Data Sharing in Cloud Storage

Security. Contents. S Wireless Personal, Local, Metropolitan, and Wide Area Networks 1

SURVEY ON INFORMATION HIDING TECHNIQUES USING QR BARCODE

2.4: Authentication Authentication types Authentication schemes: RSA, Lamport s Hash Mutual Authentication Session Keys Trusted Intermediaries

Chapter 1: Introduction

The Feasibility and Application of using a Zero-knowledge Protocol Authentication Systems

International Conference on Web Services Computing (ICWSC) 2011 Proceedings published by International Journal of Computer Applications (IJCA)

Chapter 10. Network Security

Monalisa P. Kini, Kavita V. Sonawane, Shamsuddin S. Khan

Keywords Cloud Storage, Error Identification, Partitioning, Cloud Storage Integrity Checking, Digital Signature Extraction, Encryption, Decryption

CIS 6930 Emerging Topics in Network Security. Topic 2. Network Security Primitives

Secure Group Oriented Data Access Model with Keyword Search Property in Cloud Computing Environment

A Vulnerability in the Song Authentication Protocol for Low-Cost RFID Tags

EFFICIENT AND SECURE ATTRIBUTE REVOCATION OF DATA IN MULTI-AUTHORITY CLOUD STORAGE

Outline. Computer Science 418. Digital Signatures: Observations. Digital Signatures: Definition. Definition 1 (Digital signature) Digital Signatures

Formal Analysis of A Novel Mutual Authentication and Key Agreement Protocol

Public Auditing & Automatic Protocol Blocking with 3-D Password Authentication for Secure Cloud Storage

Software Puzzle Counterstrike for Denial of Service Attack

Sharing Of Multi Owner Data in Dynamic Groups Securely In Cloud Environment

CS 356 Lecture 28 Internet Authentication. Spring 2013

MULTI-DIMENSIONAL PASSWORD GENERATION TECHNIQUE FOR ACCESSING CLOUD SERVICES

International Journal of Software and Web Sciences (IJSWS)

: Network Security. Name of Staff: Anusha Linda Kostka Department : MSc SE/CT/IT

Computer Networks. Network Security 1. Professor Richard Harris School of Engineering and Advanced Technology

Towards Securing E-Banking by an Integrated Service Model Utilizing Mobile Confirmation

IY2760/CS3760: Part 6. IY2760: Part 6

Network Security [2] Plain text Encryption algorithm Public and private key pair Cipher text Decryption algorithm. See next slide

SECURITY IMPROVMENTS TO THE DIFFIE-HELLMAN SCHEMES

Content Teaching Academy at James Madison University

IDRBT Working Paper No. 11 Authentication factors for Internet banking

A NOVEL APPROACH FOR MULTI-KEYWORD SEARCH WITH ANONYMOUS ID ASSIGNMENT OVER ENCRYPTED CLOUD DATA

VICTORIA UNIVERSITY OF WELLINGTON Te Whare Wānanga o te Ūpoko o te Ika a Māui

Information Security

Improving data integrity on cloud storage services

An Efficient Security Based Multi Owner Data Sharing for Un-Trusted Groups Using Broadcast Encryption Techniques in Cloud

A SOFTWARE COMPARISON OF RSA AND ECC

Lecture slides by Lawrie Brown for Cryptography and Network Security, 5/e, by William Stallings, Chapter 14 Key Management and Distribution.

How To Detect Denial Of Service Attack On A Network With A Network Traffic Characterization Scheme

Authentication requirement Authentication function MAC Hash function Security of

CSCE 465 Computer & Network Security

Cryptography. Debiao He. School of Mathematics and Statistics, Wuhan University, Wuhan, People s Republic of China. hedebiao@163.

Introduction to Cryptography CS 355

7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security?

Providing Access Permissions to Legitimate Users by Using Attribute Based Encryption Techniques In Cloud

DKIM Enabled Two Factor Authenticated Secure Mail Client

Transcription:

Secure Authentication of Distributed Networks by Single Sign-On Mechanism Swati Sinha 1, Prof. Sheerin Zadoo 2 P.G.Student, Department of Computer Application, TOCE, Bangalore, Karnataka, India 1 Asst.Professor, Department of Computer Application, TOCE, Bangalore, Karnataka, India 2 Abstract: Credential of the technology is missing in the recent system. So, to improve the authentication of the distributed networks or multiple applications we are making use of a single sign on mechanism. Previously, users were using n number of usernames and passwords to access different applications on network. This would lead to higher expense for the administrator as each and every account of the organization will be handled with their particular username and password. But, now user needs to remember just single secure credential to access the multiple service providers in a distributed network by using single sign-on mechanism. However, most existing systems which are using this mechanism have some disadvantage regarding security requirements. So through this paper we will discuss about the development of security from earlier stage to present stage. And also discuss about the structure of the mechanism s working strategy. Keywords: Single sign-on, Distributed system and Privacy. I. INTRODUCTION User identification plays key role in distributed networks to verify the user is legal or not and can therefore grant access to distributed service providers [3]. To avoid illegal user accessibility to the services we need proper user authentication [1], [2]. After mutual authentication between the user and the service providers, a session key should be negotiated to keep privacy of the data exchanged [2], [4], and [5]. It is difficult to remember the password with user identity which is required to access each service provider in the network. Hence, Single sign-on mechanism was proposed so that user with single credential can be authenticated by multiple service providers. Single sign-on mechanism should meet two basic security requirements that is, credential privacy and soundness. Credential privacy guarantees that illegal service provider should not be able to fully recover a user s credential and then impersonate the user to login other service providers. Soundness means that unregistered user should not be able to access the services provided by the service providers [6]. This paper aims to provide the enhanced security from the previous stage to present stage. II. RELATED WORKS In 2000, Lee and Chang proposed a user identification and key distribution scheme to maintain user anonymity in the distributed networks [2]. Later, Wu and Hsu [7] pointed out that the Lee and Chang scheme is insecure against both impersonation attack and identity disclosure attack. Meanwhile, Yang et al. [8] identified a weakness in Wu-Hsu scheme and proposed for improvement. In 2006, Mangipudi and Katti [9] pointed out that Yang et al. scheme suffers from Denial of Service (DoS) attack and presented new scheme. In 2009, Hsu and Chuang [10] showed Yang et al. and Mangipudi Katti scheme were insecure under identity disclosure and proposed an RSA based user identification scheme to overcome the drawbacks. Hence, Single Sign-On mechanism was introduced and presented so that user can remember single username and password for the distributed service providers. A similar concept, called the Public/Private key was proposed to provide user identification and key agreement to access all applications. Copyright to IJIRSET www.ijirset.com 11356

When user registers, then with all the details it gives IP address, which is accepted if not occupied by other users. Administrator will have all the details regarding the IP. Administrator will then allocate different IP to all users. And according to it users will be bonded in the network. Registered users will have their own specific IP address which will be accessed by themselves. When registered user will send some message to the service provider it will change into encrypted signature which will have public key and to prove the service provider s identity, the service provider will verify and decrypt through the private key which he has. While registration, users will use special type of password which will have specific pattern. That special pattern will have Zero knowledge identity (ZKI) [11]. With the complex password and public/private key the system will have credential users and privacy. Soundness will obviously be satisfied by the user by entering valid pair of username and password that is registered and maintained by the server. Third party will not be able to login as they are illegal to the application. As, he/she is not registered to the application, so credential forgery and recovery attacks from outsiders, users, service providers and potential collusion of them will not be possible. USER USER REG. PUB/PRI KEY SERV. PROVIDE USER TRIES TO ACCESS THE SERVICES UNAUTHORISED USER USER LOGIN USER REGISTER SEND ENCRYPT MESSAGE WITH KEY MESSAGE RECEIVED VERIFY AND DECRYPT WITH KEY ACKNOWLEDGEMENT SEND TO PROVIDER Fig 1: WORKING OF APPLICATION WITH SINGLE SIGN-ON A. ALGORITHMS FOR PUBLIC /PRIVATE KEY: Using an encryption key(e,n), the algorithm is as follow: 1. Represent the message as an integer between 0 and (n-1). Large messages can be broken up into a number of blocks. Each block would then be represented by an integer in the same range. 2. Encrypt the message by raising it to the eth power modulo n. The result is a cipher text message C. 3.To decrypt cipher text message C, raise it to another power d modulo n The encryption key(e,n) is made public. The decryption key(d,n) is kept private by the user. We can determine the appropriate values of e, n and d by: 1. Choose two very large (100+ digit) prime numbers. Denote these numbers as u and v. Copyright to IJIRSET www.ijirset.com 11357

2. Set n=u*v 3. Choose any large integer, such that GCD(d, ((u-1) * (v-1))) = 1 4. Find e ;e*d=1 (mod ((u-1) * (v-1))) III. SINGLE SIGN-ON Single sign-on is also called Enterprise Single Sign-On or "ESSO". Single sign on can also be defined as user experiencing of logging once and navigating through multiple applications without giving credentials for each applications. In the enterprises, commonly departments have to take care of many applications running simultaneously for different business functions. So, single sign-on makes easy for the user to handle with security and privacy. Single sign-on mechanism functionality and structure as given below: One login to access all the application Mainframe Commercial Client/Server Fig 2: The Single sign on Benefits: User efficient Team Productivity Single signon Information Security Fig 3: Benefits of Single Sign-On From user view The user has to register them just once. This frees user from remembering large number of passwords. From enterprise view For this, single sign-on delivers tremendous returns on their investment. Increase the potentiality of the password As user has to remember just one password so they construct the password very complex according to their choice. Copyright to IJIRSET www.ijirset.com 11358

Improves productivity With less time users can login into multiple applications. Reduces cost There is 33% reduction in help desk volume in the enterprise Single Sign On solutions as estimated by Meta Group. Due to this it reduces password related help desk and lowers the cost. IV. PERFORMANCE AND ANALYSIS When we compare previous and present phase s security then we come to know that: 1. Implementation: Previous security was complex as compared to present single sign-on signature. Now it s easy to implement. 2. Process: Previously, using single username and password to login to one specific server which will take charge of the client authentication to all the other servers. Whereas, now simply changing all applications to use the same passwords. 3. Login Accessibility: Before, the user only needs to login primary authentication authority once. Whereas, now user has to give same password for each and every system. 4. Manage Credential Data: Presently only passwords are managed whereas before client authentication was managed using specific protocols and secrete information. 5. Password: Before, strong password would provide only confidentiality. Whereas AK algorithm can assure authentication and confidentiality. 6. Security: Presently, credentials are identical so it s far more secure than previous security. 100 50 0 PRESENT PREVIOUS Fig 4: Graph shows the performance of security Above graph shows the performance of single sign on mechanism from the previous to present. A. MAINTENANCE: As we know as time passes there is no stop for new vulnerabilities to occur. So secure architecture of a system is not destination, it changes accordingly. To ensure security to the system we should take care of some measures: Software updates and deploy all supportive security fixes. Vulnerability scans performed regularly. Interact with IT security teams to get recent updates regarding software. Copyright to IJIRSET www.ijirset.com 11359

V. CONCLUSION In this paper, we discussed how the two attacks can be saved from the application. Using, Single sign-on mechanism how credential user can access the services provided be service providers by giving authentication keys(ak) and complex format of password which contains Zero knowledge Identity(ZKI) pattern to make the identity stronger. And also, described the working of Single sign-on mechanism, comparative study of previous stage and present stage performance using this mechanism. In addition, discussed the maintenance of the system to get alert from vulnerabilities. REFERENCES [1]. L.Lamport, Password authentication with insecure communication,commun.acm,24(11):pp770-772,nov 1981. [2]. Chin-Chen Chang, A secure single mechanism for distributed computer networks, IEEE Trans. On Industrial Electronics, Vol.59, No.1, Jan 2012. [3]. A.C.Weaver and M.W.Coudtry, Distributing Internet services to the networks edge, IEEE Trans. And Electron 50(3):pp 404-411;Jun2003. [4]. W.B.Lee and C.C.Chang, User authentication and key distribution maintaining anonymity for distributed computer networks, Computer System and Science and Engineering 15(4):113-116, 2000. [5]. W. Juang, S. Chen, and H. Liaw, Robust and efficient password authenticated key agreement using smart cards, IEEE Trans. Ind. Electron., vol. 15, no. 6, pp. 2551 2556, Jun. 2008. [6]. Guilin Wang,Jiangshan Yu, and Qi, Security analysis of a single sign-on mechanism for distributed computer networks, IEEE Trans. Industrial Informatics.,vol. 9,no. 1,Feb 2013. [7]. T.-S.Wu and C.-L. Hsu, Efficient user identification scheme with key distribution preserving anonymity for distributed computer networks, Comput. Security, vol. 23, no. 2, pp. 120 125, 2004. [8]. Y.Yang, S. Wang, F.Bao, J. Wang and R.H. Deng, New efficient user identification and key distribution scheme providing enhanced security, Computers and Security 23(8):697-704,2004. [9]. K.V. Mangipudi and R.S.Katti, A secure identification and key agreement protocol with user anonymity(sika), Computer and Security, 25(6):420-425,2006. [10]. C.-L. Hsu and Y.-H. Chuang, A Novel User Identification Scheme with Key Distribution Preserving User Anonymity for Distributed Computer Networks, Inf. Sci., vol. 179, no. 4, pp. 422-429, 2009. [11]. U. Feige. A. Fiat, and A. Shauin, Zero knowledge proofs of identity, Journal of Cryptography1(2):77-94,1988. BIOGRAPHY Swati Sinha is a student of The Oxford College Of Engineering,Bangalore,India She is pursuing MCA from VISVESVARAYA TECHNOLOGICAL UNIVERSITY,BELGAUM. She is interested in doing research in Computer Networks. Copyright to IJIRSET www.ijirset.com 11360

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information