Presentation is loading. Please wait.

Presentation is loading. Please wait.

Single Sign On Glen Dorton 1/18/2019.

Similar presentations


Presentation on theme: "Single Sign On Glen Dorton 1/18/2019."— Presentation transcript:

1 Single Sign On Glen Dorton 1/18/2019

2 The Problem Users have to authenticate to multiple systems
User name and password is the most common authentication scheme Users are required to remember multiple user names and passwords, one per system Why is this a problem? 1/18/2019

3 Solution: Single Sign On
Single sign on still employs user name and password as most common method However, users only need to remember one user name and password to access all systems 1/18/2019

4 Benefits One sign on grants access to all resources
Users will be less likely to write down passwords and hide the paper under a keyboard Administration of user accounts and access control is vastly simplified Improved security through administration ease, better control of account management 1/18/2019

5 Problems Subject to standard password attacks
Once a password is compromised or an attacker can create an account, access to all resources allowed for that user is obtained Central point of failure 1/18/2019

6 Implementations Scripting Kerberos
Secure European System for Applications in a Multi-vendor Environment Diskless workstations Directory Services Microsoft .NET Passport 1/18/2019

7 Microsoft .NET Passport
Developed to provide single sign on solution to web based applications Kids Passport Service 1/18/2019

8 Microsoft .NET Passport
Registration Stores credentials and personal information address is user id Human Interaction Protocol validation 1/18/2019

9 Microsoft .NET Passport
Authentication Uses authentication ticket – “ticket granting cookie” Subsequent sites may use same authentication ticket based on its age Sign out of password accomplished by deleting cookies except if “sign me in automatically” is enabled 1/18/2019

10 Problems with .NET Passport
Key management Uses 3DES, keys generated randomly and must be distributed securely Persistent cookies Allow user to be ‘logged in’ all the time Theft of cookies Coding vulnerabilities 1/18/2019

11 Passport Attacks Phishing – attacker sets up fake merchant site and redirects to fake passport.com, user enters credentials Man in the middle – attacker intercepts legitimate redirect to passport.com and redirects to his own fake passport.com DNS attacks – passport relies on redirects to passport.com for authentication 1/18/2019

12 Conclusion Becoming more prevalent with directory services
Difficult to implement with systems that have proprietary authentication schemes Will be more practical in the future 1/18/2019

13 References Passport risks: http://avirubin.com/passport.html
Opengroup: Microsoft .NET Passport Review Guide 1/18/2019


Download ppt "Single Sign On Glen Dorton 1/18/2019."

Similar presentations


Ads by Google