13071d7802design ppt_2
DESCRIPTION
aasasaTRANSCRIPT
![Page 1: 13071D7802design ppt_2](https://reader036.vdocuments.us/reader036/viewer/2022062323/55cf8cd75503462b13900c99/html5/thumbnails/1.jpg)
Advanced Mechanism for Single Sign-On for Distributed Computer Networks
by K.Niranjan Reddy
under the guidance of
G.Suresh ReddyAssoc.Professor & HOD
Department of Information and Technology
VNR VIGNANA JYOTHI INSTITUTE OF ENGINEERING AND TECHNOLOGY
![Page 2: 13071D7802design ppt_2](https://reader036.vdocuments.us/reader036/viewer/2022062323/55cf8cd75503462b13900c99/html5/thumbnails/2.jpg)
single sign-on(SSO) provides access to many resources once the user is initially authenticated .
it increases the negative impact in case the credentials are available to other persons and misused.
Therefore, single sign-on requires an increased focus on the protection of the user credentials, and should ideally be combined with strong authentication methods
Abstract
![Page 3: 13071D7802design ppt_2](https://reader036.vdocuments.us/reader036/viewer/2022062323/55cf8cd75503462b13900c99/html5/thumbnails/3.jpg)
Credential privacy Soundness of authentication
Conti…
![Page 4: 13071D7802design ppt_2](https://reader036.vdocuments.us/reader036/viewer/2022062323/55cf8cd75503462b13900c99/html5/thumbnails/4.jpg)
Password based authentication Two-Factor Authentication technique With the increasing usage of network
services, a user may need to maintain more and more ID/password pairs for accessing different distributed service providers.
Existing SSO schemes which are failed to provide security
Existing system
![Page 5: 13071D7802design ppt_2](https://reader036.vdocuments.us/reader036/viewer/2022062323/55cf8cd75503462b13900c99/html5/thumbnails/5.jpg)
In Password based authentication security is not reliable since leaking of the table could lead to system breakage.
Two factor scheme vulnerable to impersonation attacks.
* Credential privacy & soundness of authentication
Disadvantages of Existing
![Page 6: 13071D7802design ppt_2](https://reader036.vdocuments.us/reader036/viewer/2022062323/55cf8cd75503462b13900c99/html5/thumbnails/6.jpg)
Single sign on mechanism to access the multi service provider.
Mutual authentication
General RSA for service provider authentication
Standard RSA signature for user authentication
Proposed system
![Page 7: 13071D7802design ppt_2](https://reader036.vdocuments.us/reader036/viewer/2022062323/55cf8cd75503462b13900c99/html5/thumbnails/7.jpg)
• Multiple passwords are no longer required
• Improves management of users’ accounts and
authorizations to all associates systems
• Reduces administrative overhead in resetting forgotten
passwords over multiple platforms and applications
• Reduces the time taken by users to log into multiple
applications and platforms
Advantages of proposed system
![Page 8: 13071D7802design ppt_2](https://reader036.vdocuments.us/reader036/viewer/2022062323/55cf8cd75503462b13900c99/html5/thumbnails/8.jpg)
Initiation for key distribution
User registration for validation
Provider side User identification
Secure signature generation
Secure RSA VES scheme for authentication.
Modules
![Page 9: 13071D7802design ppt_2](https://reader036.vdocuments.us/reader036/viewer/2022062323/55cf8cd75503462b13900c99/html5/thumbnails/9.jpg)
The trusted authority generate the two prime for the key generation process.
In this process RSA public and private keys are generated based on the above prime values.
Finally it publish the all keys and maintain secret key itself.
Initiation for key distribution
![Page 10: 13071D7802design ppt_2](https://reader036.vdocuments.us/reader036/viewer/2022062323/55cf8cd75503462b13900c99/html5/thumbnails/10.jpg)
The user send the fixed size ID to the trusted authority .
The trusted authority get the user ID and process it for validation.
Each service provider maintain user ID in the RSA parameter.
This transaction make in secure channel.
User registration for validation
![Page 11: 13071D7802design ppt_2](https://reader036.vdocuments.us/reader036/viewer/2022062323/55cf8cd75503462b13900c99/html5/thumbnails/11.jpg)
The user has responsible to send service request to service provider.
User request processed at the service environment for validation process.
Here the using of symmetric key encryption methodology provide the authentication to user.
The service provider take the random values for encryption process.
Provider side User identification
![Page 12: 13071D7802design ppt_2](https://reader036.vdocuments.us/reader036/viewer/2022062323/55cf8cd75503462b13900c99/html5/thumbnails/12.jpg)
Here we predict the attacks in chang lee scheme . There is totally two types of attack happen in this area. Credential recovering attack allow the service provider
to recover the user credential. The RSA public and private key pair provide the way to
attack. Second one is impersonation attack, attacker E send the
request to service provider as a normal user.
Credential attacks on chang lee scheme
![Page 13: 13071D7802design ppt_2](https://reader036.vdocuments.us/reader036/viewer/2022062323/55cf8cd75503462b13900c99/html5/thumbnails/13.jpg)
In this phase, RSA-VES is employed to authenticate a user, while a normal signature is used for service provider authentication.
The user send the process request to service provider . The service provider authenticate the user login by RSA-
VES scheme. Here the signature is used to the user authentication.
Secure RSA VES scheme for authentication.
![Page 14: 13071D7802design ppt_2](https://reader036.vdocuments.us/reader036/viewer/2022062323/55cf8cd75503462b13900c99/html5/thumbnails/14.jpg)
Dataflow diagram
![Page 15: 13071D7802design ppt_2](https://reader036.vdocuments.us/reader036/viewer/2022062323/55cf8cd75503462b13900c99/html5/thumbnails/15.jpg)
start
Initiation phase
Prime selection &form key generation
Publish key pair & keep secret
key
User registration phase
User request
Service provider check
Id & signatur
e
Authentication phase
User request send
Service provider receive
verify User access
valid
invalid
check
end
![Page 16: 13071D7802design ppt_2](https://reader036.vdocuments.us/reader036/viewer/2022062323/55cf8cd75503462b13900c99/html5/thumbnails/16.jpg)
ER Diagram
![Page 17: 13071D7802design ppt_2](https://reader036.vdocuments.us/reader036/viewer/2022062323/55cf8cd75503462b13900c99/html5/thumbnails/17.jpg)
Use case diagram
![Page 18: 13071D7802design ppt_2](https://reader036.vdocuments.us/reader036/viewer/2022062323/55cf8cd75503462b13900c99/html5/thumbnails/18.jpg)
Class diagram
![Page 19: 13071D7802design ppt_2](https://reader036.vdocuments.us/reader036/viewer/2022062323/55cf8cd75503462b13900c99/html5/thumbnails/19.jpg)
Sequence diagram
![Page 20: 13071D7802design ppt_2](https://reader036.vdocuments.us/reader036/viewer/2022062323/55cf8cd75503462b13900c99/html5/thumbnails/20.jpg)
SSO scheme protect against two basic requirements.
Soundness- An unregistered user without a credential should not be able to access the services offered by service providers.
Credential privacy guarantees that colluded dishonest service providers should not be able to fully recover a user’s credential and then impersonate the user to log in other service providers.
conclusion
![Page 21: 13071D7802design ppt_2](https://reader036.vdocuments.us/reader036/viewer/2022062323/55cf8cd75503462b13900c99/html5/thumbnails/21.jpg)
THANK YOU
.