tuesday afternoon section

8/9/2019 Tuesday AfterNoon Section

1/23

10/02/2015-AfterNoon-

Section

Arun Anoop M,

Asst. Professor-CSE,MESCE,Kuttipuram


2/23

Part 2 Access Control

Sometin! "ou #a$e

• Sometin! in %our possession

• E&amples inclu'e follo(in!)

– Car *e%

– +aptop computer or MAC a''ress

– Pass(or' !enerator ne&t

– AM car', smartcar', etc.


3/23

Part 2

Access Control

Pass(or' enerator

• Alice recei$es ran'om callen!e from 3o4

• Alice enters PN an' in pass(or' !enerator

• Pass(or' !enerator ases s%mmetric *e% K (it

• Alice sen's response K,4ac* to 3o4• 3o4 $eri6es response

• Note7 Alice hasp(' !enerator an' knowsPN

Alice 3o4, K

1. 8m Alice

2.

5. K,

3. PN,

4.K,pass(or'!enerator

K


4/23

Part 2

Access Control

2-factor Autentication

• e9uires an% 2 out of : of

o Sometin! %ou *no(

o Sometin! %ou a$e

o Sometin! %ou are

• E&amples

– AM7 Car' an' PN

– Cre'it car'7 Car' an' si!nature

– Pass(or' !enerator7 ;e$ice an' PN

– Smartcar' (it pass(or'/PN


5/23

Part 2

Access Control

Sin!le Si!n-on

• A assle to enter pass(or's repeate'l%

– Alice (ants to autenticate onl% once

– Cre'entials sta% (it Alice (ere$er se !oes

–

Su4se9uent autentications transparent to Alice• Ker4eros --- e&ample sin!le si!n-on protocol

• Sin!le si!n-on for te nternet<

– Microsoft7 Passport

– E$er%4o'% else7 Liberty Alliance

– Securit% Assertion Mar*up +an!ua!e SAML


6/23

Single Sign-on

Systems


7/23

Scenario

Going to travel

• Sign in for booking flight ticket

•

Sign in for booking hotel room• Sign in for renting a car


8/23


9/23


10/23


11/23

• Multi sign on is troublesome

• Is it possible to just sign-on once to performall the actions?

• Single sign-on can be use to ans!er that"uestion#


12/23

Definitions of Single Sign-On (SSO) on the Web:

$sers sign onto a site onl% once an are given access to one ormore applications in a single omain or across multiple

omains#

& mechanism to verif% a user across multiple applicationsthrough a single authentication challenge# 'ebSphere

(ortal Server uses )ava &uthentication an &uthori*ation

Services to achieve single sign-on#

+ne log-on provies access to all resources of the net!ork,

&., or '&.#


13/23

Single Sign-+n enables users to login "uickl%

an securel% to all their applications, !ebsites

an mainframe sessions !ith just one ientit%#


14/23

.NET Passport

• Microsoft/ #.01 (assport

- (assport single sign in service

- is (assport service

(assport supplies registere users an electronic ticket#

'ith this ticket users are authori*e to access pages

in participating sites#


15/23

.NET Passport

• &n implementation of Single Sign-+n s%stem,

base on the cookie mechanism#

• 0mplo%ing techni"ue to prevent attacks

- aptcha telling human from computers

- Sec!re Soc"ets #ayer (SS#)


16/23

.NET Passport

• egistration process

- Information store in passport account

- 6aptcha

- 0-mail 7aliation

• &uthentication process

- 6ookies !ritten b% passport

- .avigate to another (articipating Site

- Secure Sockets a%er 8SS9


17/23

$egistration process

• 6aptcha :uman Interaction (rotocol

- telling human from computers b% asking registers to t%pein alphanumeric characters from a picture

- ;bots< attackers submit thousans of fake registrations inshort time


18/23

$egistration process

• 6&(16:& stans for ;6ompletel% &utomate

(ublic 1uring 1est to 1ell 6omputers an :umans &part#<

• 6&(16:& test is a program that can generate an grae tests

that=- Most humans can pass#

- 6urrent computer programs can>t pass#

• or e@ample, humans can rea istorte te@t as the one sho!n belo!

but current computer programs can>t=


19/23

Part 2

Access Control

=e4 Coo*ies

• Coo*ie is pro$i'e' 4% a =e4site an' store'on user8s macine

• A coo*ie is a 6le create' 4% a (e4 4ro(ser,

at te re9uest of a (e4 site, tat is tenstore' on a computer.

• Coo*ies maintain state across sessions

– =e4 uses a stateless protocol7 #P

– Coo*ies also maintain state (itin a session

• +n a public machine, a user !ho forgets to log outcoul leave vali authentication for an% users to misuse#


20/23


21/23

• e =e4 ser$er retrie$es te user8sinformation from tose coo*ies (en te

user later returns to te same (e4site• e coo*ie8s purpose is to ac9uire

information for use in su4se9uent ser$er-

4ro(ser communications (itout as*in!for te same information.


22/23


23/23

A@N ANP M,AP,CSE'ept MESCE Kuttipuram
mailto:[email protected]

tuesday afternoon section

Documents