Tuesday AfterNoon Section
-
Upload
arun-anoop-m -
Category
Documents
-
view
218 -
download
0
Transcript of Tuesday AfterNoon Section
-
8/9/2019 Tuesday AfterNoon Section
1/23
10/02/2015-AfterNoon-
Section
Arun Anoop M,
Asst. Professor-CSE,MESCE,Kuttipuram
-
8/9/2019 Tuesday AfterNoon Section
2/23
Part 2 Access Control
Sometin! "ou #a$e
• Sometin! in %our possession
• E&les inclu'e follo(in!)
– Car *e%
– +aptop computer or MAC a''ress
– Pass(or' !enerator ne&t
– AM car', smartcar', etc.
-
8/9/2019 Tuesday AfterNoon Section
3/23
Part 2
Access Control
Pass(or' enerator
• Alice recei$es ran'om callen!e from 3o4
• Alice enters PN an' in pass(or' !enerator
• Pass(or' !enerator ases s%mmetric *e% K (it
• Alice sen's response K,4ac* to 3o4• 3o4 $eri6es response
• Note7 Alice hasp(' !enerator an' knowsPN
Alice 3o4, K
1. 8m Alice
2.
5. K,
3. PN,
4.K,pass(or'!enerator
K
-
8/9/2019 Tuesday AfterNoon Section
4/23
Part 2
Access Control
2-factor Autentication
• e9uires an% 2 out of : of
o Sometin! %ou *no(
o Sometin! %ou a$e
o Sometin! %ou are
• E&les
– AM7 Car' an' PN
– Cre'it car'7 Car' an' si!nature
– Pass(or' !enerator7 ;e$ice an' PN
– Smartcar' (it pass(or'/PN
-
8/9/2019 Tuesday AfterNoon Section
5/23
Part 2
Access Control
Sin!le Si!n-on
• A assle to enter pass(or's repeate'l%
– Alice (ants to autenticate onl% once
– Cre'entials sta% (it Alice (ere$er se !oes
–
Su4se9uent autentications transparent to Alice• Ker4eros --- e&le sin!le si!n-on protocol
• Sin!le si!n-on for te nternet<
– Microsoft7 Passport
– E$er%4o'% else7 Liberty Alliance
– Securit% Assertion Mar*up +an!ua!e SAML
-
8/9/2019 Tuesday AfterNoon Section
6/23
Single Sign-on
Systems
-
8/9/2019 Tuesday AfterNoon Section
7/23
Scenario
Going to travel
• Sign in for booking flight ticket
•
Sign in for booking hotel room• Sign in for renting a car
-
8/9/2019 Tuesday AfterNoon Section
8/23
-
8/9/2019 Tuesday AfterNoon Section
9/23
-
8/9/2019 Tuesday AfterNoon Section
10/23
-
8/9/2019 Tuesday AfterNoon Section
11/23
• Multi sign on is troublesome
• Is it possible to just sign-on once to performall the actions?
• Single sign-on can be use to ans!er that"uestion#
-
8/9/2019 Tuesday AfterNoon Section
12/23
Definitions of Single Sign-On (SSO) on the Web:
$sers sign onto a site onl% once an are given access to one ormore applications in a single omain or across multiple
omains#
& mechanism to verif% a user across multiple applicationsthrough a single authentication challenge# 'ebSphere
(ortal Server uses )ava &uthentication an &uthori*ation
Services to achieve single sign-on#
+ne log-on provies access to all resources of the net!ork,
&., or '&.#
-
8/9/2019 Tuesday AfterNoon Section
13/23
Single Sign-+n enables users to login "uickl%
an securel% to all their applications, !ebsites
an mainframe sessions !ith just one ientit%#
-
8/9/2019 Tuesday AfterNoon Section
14/23
.NET Passport
• Microsoft/ #.01 (assport
- (assport single sign in service
- is (assport service
(assport supplies registere users an electronic ticket#
'ith this ticket users are authori*e to access pages
in participating sites#
-
8/9/2019 Tuesday AfterNoon Section
15/23
.NET Passport
• &n implementation of Single Sign-+n s%stem,
base on the cookie mechanism#
• 0mplo%ing techni"ue to prevent attacks
- aptcha telling human from computers
- Sec!re Soc"ets #ayer (SS#)
-
8/9/2019 Tuesday AfterNoon Section
16/23
.NET Passport
• egistration process
- Information store in passport account
- 6aptcha
- 0-mail 7aliation
• &uthentication process
- 6ookies !ritten b% passport
- .avigate to another (articipating Site
- Secure Sockets a%er 8SS9
-
8/9/2019 Tuesday AfterNoon Section
17/23
$egistration process
• 6aptcha :uman Interaction (rotocol
- telling human from computers b% asking registers to t%pein alphanumeric characters from a picture
- ;bots< attackers submit thousans of fake registrations inshort time
-
8/9/2019 Tuesday AfterNoon Section
18/23
$egistration process
• 6&(16:& stans for ;6ompletel% &utomate
(ublic 1uring 1est to 1ell 6omputers an :umans &part#<
• 6&(16:& test is a program that can generate an grae tests
that=- Most humans can pass#
- 6urrent computer programs can>t pass#
• or e@ample, humans can rea istorte te@t as the one sho!n belo!
but current computer programs can>t=
-
8/9/2019 Tuesday AfterNoon Section
19/23
Part 2
Access Control
=e4 Coo*ies
• Coo*ie is pro$i'e' 4% a =e4site an' store'on user8s macine
• A coo*ie is a 6le create' 4% a (e4 4ro(ser,
at te re9uest of a (e4 site, tat is tenstore' on a computer.
• Coo*ies maintain state across sessions
– =e4 uses a stateless protocol7 #P
– Coo*ies also maintain state (itin a session
• +n a public machine, a user !ho forgets to log outcoul leave vali authentication for an% users to misuse#
-
8/9/2019 Tuesday AfterNoon Section
20/23
-
8/9/2019 Tuesday AfterNoon Section
21/23
• e =e4 ser$er retrie$es te user8sinformation from tose coo*ies (en te
user later returns to te same (e4site• e coo*ie8s purpose is to ac9uire
information for use in su4se9uent ser$er-
4ro(ser communications (itout as*in!for te same information.
-
8/9/2019 Tuesday AfterNoon Section
22/23
-
8/9/2019 Tuesday AfterNoon Section
23/23
A@N ANP M,AP,CSE'ept MESCE Kuttipuram
mailto:[email protected]