Advanced Mechanism for Single Sign-On for Distributed Computer Networks

by K.Niranjan Reddy

under the guidance of

G.Suresh ReddyAssoc.Professor & HOD

Department of Information and Technology

VNR VIGNANA JYOTHI INSTITUTE OF ENGINEERING AND TECHNOLOGY

single sign-on(SSO) provides access to many resources once the user is initially authenticated .

it increases the negative impact in case the credentials are available to other persons and misused.

Therefore, single sign-on requires an increased focus on the protection of the user credentials, and should ideally be combined with strong authentication methods

Abstract

Credential privacy Soundness of authentication

Conti…

Password based authentication Two-Factor Authentication technique With the increasing usage of network

services, a user may need to maintain more and more ID/password pairs for accessing different distributed service providers.

Existing SSO schemes which are failed to provide security

Existing system

In Password based authentication security is not reliable since leaking of the table could lead to system breakage.

Two factor scheme vulnerable to impersonation attacks.

* Credential privacy & soundness of authentication

Disadvantages of Existing

Single sign on mechanism to access the multi service provider.

Mutual authentication

General RSA for service provider authentication

Standard RSA signature for user authentication

Proposed system

• Multiple passwords are no longer required

• Improves management of users’ accounts and

authorizations to all associates systems

• Reduces administrative overhead in resetting forgotten

passwords over multiple platforms and applications

• Reduces the time taken by users to log into multiple

applications and platforms

Advantages of proposed system

Initiation for key distribution

User registration for validation

Provider side User identification

Secure signature generation

Secure RSA VES scheme for authentication.

Modules

The trusted authority generate the two prime for the key generation process.

In this process RSA public and private keys are generated based on the above prime values.

Finally it publish the all keys and maintain secret key itself.

Initiation for key distribution

The user send the fixed size ID to the trusted authority .

The trusted authority get the user ID and process it for validation.

Each service provider maintain user ID in the RSA parameter.

This transaction make in secure channel.

User registration for validation

The user has responsible to send service request to service provider.

User request processed at the service environment for validation process.

Here the using of symmetric key encryption methodology provide the authentication to user.

The service provider take the random values for encryption process.

Provider side User identification

Here we predict the attacks in chang lee scheme . There is totally two types of attack happen in this area. Credential recovering attack allow the service provider

to recover the user credential. The RSA public and private key pair provide the way to

attack. Second one is impersonation attack, attacker E send the

request to service provider as a normal user.

Credential attacks on chang lee scheme

In this phase, RSA-VES is employed to authenticate a user, while a normal signature is used for service provider authentication.

The user send the process request to service provider . The service provider authenticate the user login by RSA-

VES scheme. Here the signature is used to the user authentication.

Secure RSA VES scheme for authentication.

Dataflow diagram

start

Initiation phase

Prime selection &form key generation

Publish key pair & keep secret

key

User registration phase

User request

Service provider check

Id & signatur

e

Authentication phase

User request send

Service provider receive

verify User access

valid

invalid

check

end

ER Diagram

Use case diagram

Class diagram

Sequence diagram

SSO scheme protect against two basic requirements.

Soundness- An unregistered user without a credential should not be able to access the services offered by service providers.

Credential privacy guarantees that colluded dishonest service providers should not be able to fully recover a user’s credential and then impersonate the user to log in other service providers.

conclusion

THANK YOU

.