Single Sign On - PowerPoint PPT Presentation

About This Presentation
Title:

Single Sign On

Description:

Users have to authenticate to multiple systems ... Users will be less likely to write down passwords and hide the paper under a keyboard ... – PowerPoint PPT presentation

Number of Views:98
Avg rating:3.0/5.0
Slides: 14
Provided by: andy83
Learn more at: https://www.cs.odu.edu
Category:
Tags: hide | sign | single

less

Transcript and Presenter's Notes

Title: Single Sign On


1
Single Sign On
  • Glen Dorton

2
The Problem
  • Users have to authenticate to multiple systems
  • User name and password is the most common
    authentication scheme
  • Users are required to remember multiple user
    names and passwords, one per system
  • Why is this a problem?

3
Solution Single Sign On
  • Single sign on still employs user name and
    password as most common method
  • However, users only need to remember one user
    name and password to access all systems

4
Benefits
  • One sign on grants access to all resources
  • Users will be less likely to write down passwords
    and hide the paper under a keyboard
  • Administration of user accounts and access
    control is vastly simplified
  • Improved security through administration ease,
    better control of account management

5
Problems
  • Subject to standard password attacks
  • Once a password is compromised or an attacker can
    create an account, access to all resources
    allowed for that user is obtained
  • Central point of failure

6
Implementations
  • Scripting
  • Kerberos
  • Secure European System for Applications in a
    Multi-vendor Environment
  • Diskless workstations
  • Directory Services
  • Microsoft .NET Passport

7
Microsoft .NET Passport
  • Developed to provide single sign on solution to
    web based applications
  • Kids Passport Service

8
Microsoft .NET Passport
  • Registration
  • Stores credentials and personal information
  • Email address is user id
  • Human Interaction Protocol
  • Email validation

9
Microsoft .NET Passport
  • Authentication
  • Uses authentication ticket ticket granting
    cookie
  • Subsequent sites may use same authentication
    ticket based on its age
  • Sign out of password accomplished by deleting
    cookies except if sign me in automatically is
    enabled

10
Problems with .NET Passport
  • Key management
  • Uses 3DES, keys generated randomly and must be
    distributed securely
  • Persistent cookies
  • Allow user to be logged in all the time
  • Theft of cookies
  • Coding vulnerabilities

11
Passport Attacks
  • Phishing attacker sets up fake merchant site
    and redirects to fake passport.com, user enters
    credentials
  • Man in the middle attacker intercepts
    legitimate redirect to passport.com and redirects
    to his own fake passport.com
  • DNS attacks passport relies on redirects to
    passport.com for authentication

12
Conclusion
  • Becoming more prevalent with directory services
  • Difficult to implement with systems that have
    proprietary authentication schemes
  • Will be more practical in the future

13
References
  • Passport risks http//avirubin.com/passport.html
  • Opengroup http//www.opengroup.org/security/sso/
  • Microsoft .NET Passport Review Guide
    http//www.microsoft.com/net/services/passport/rev
    iew_guide.asp
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Single Sign On" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!