Spelling suggestions: "subject:"dentity managemement"" "subject:"dentity managementment""
31 |
Dois pesos, duas medidas : gerenciamento de identidades orientado a desafios adaptativos para contenção de Sybils. / TwoWeights and two measures: using adaptive puzzles in identity management for sybil contentionMauch, Gustavo Huff January 2010 (has links)
O ataque Sybil consiste na criação indiscriminada de identidades forjadas por um usuário malicioso (atacante). Uma abordagem promissora para mitigar esse ataque consiste em conceder novas identidades mediante a resolução de desafios computacionais. Apesar de suas potencialidades, as soluções baseadas em tal abordagem não distinguem solicitações de usuários corretos das de atacantes, fazendo com que ambos paguem o mesmo preço por identidade solicitada. Por conta disso, essas soluções podem não ser efetivas quando os recursos computacionais dos atacantes são muito superiores aos que os usuários legítimos dispõem. Assumindo desafios de uma determinada dificuldade, atacantes com hardware de maior capacidade conseguiriam resolver um conjunto muito superior de desafios e, com isso, obter um número elevado de identidades. Aumentar uniformemente a dificuldade dos desafios poderia, no outro extremo, tornar proibitivo o ingresso de pares a rede. Para lidar com esse problema, nesta dissertação propi5e-se o use de desafios adaptativos como limitante a disseminação de Sybils. Estima-se um grau de confiança da fonte de onde partem as solicitações de identidade em relação as demais. Quanto maior a frequência de solicitação de identidades, menor o grau de confiança e, consequentemente, maior a complexidade do desafio a ser resolvido pelo(s) usuário(s) associado(s) Aquela fonte. Resultados obtidos por meio de experimentação mostram a capacidade da solução de atribuir desafios mais complexos a potenciais atacantes, penalizando minimamente usuários legítimos. / The Sybil attack consists on the indiscriminate creation of counterfeit identities by a malicious user (attacker). An effective approach to tackle such attack consists of establishing computational puzzles to be solved prior to granting new identities. Despite its potentialities, solutions based on such approach do not distinguish between identity requests from correct users and attackers, and thus require both to afford the same cost per identity requested. Therefore, those approaches may not be effective when the attacker's computational resources are superior than those used by correct users. Assuming any choice of puzzle hardness, attackers that have access to high-performance computing resources will be able to solve puzzles several order of magnitude faster than legitimate users and thus obtain a large amount of identities. On the other way, raising the cost to solve the puzzles could restrict legitimate users too much. To tackle this problem, in this paper we propose the use of adaptive computational puzzles to limit the spread of Sybils. We estimate a trust score of the source of identity requests in regard to the behavior of others. The higher the frequency a source requests identities, the lower its trust score and, consequently, the higher the complexity of the puzzle to be solved by the user(s) associated to that source. Results achieved by means of an experimental evaluation evidence our solution's ability to establish more complex puzzles to potential attackers, while minimally penalizing legitimate users.
|
32 |
Dois pesos, duas medidas : gerenciamento de identidades orientado a desafios adaptativos para contenção de Sybils. / TwoWeights and two measures: using adaptive puzzles in identity management for sybil contentionMauch, Gustavo Huff January 2010 (has links)
O ataque Sybil consiste na criação indiscriminada de identidades forjadas por um usuário malicioso (atacante). Uma abordagem promissora para mitigar esse ataque consiste em conceder novas identidades mediante a resolução de desafios computacionais. Apesar de suas potencialidades, as soluções baseadas em tal abordagem não distinguem solicitações de usuários corretos das de atacantes, fazendo com que ambos paguem o mesmo preço por identidade solicitada. Por conta disso, essas soluções podem não ser efetivas quando os recursos computacionais dos atacantes são muito superiores aos que os usuários legítimos dispõem. Assumindo desafios de uma determinada dificuldade, atacantes com hardware de maior capacidade conseguiriam resolver um conjunto muito superior de desafios e, com isso, obter um número elevado de identidades. Aumentar uniformemente a dificuldade dos desafios poderia, no outro extremo, tornar proibitivo o ingresso de pares a rede. Para lidar com esse problema, nesta dissertação propi5e-se o use de desafios adaptativos como limitante a disseminação de Sybils. Estima-se um grau de confiança da fonte de onde partem as solicitações de identidade em relação as demais. Quanto maior a frequência de solicitação de identidades, menor o grau de confiança e, consequentemente, maior a complexidade do desafio a ser resolvido pelo(s) usuário(s) associado(s) Aquela fonte. Resultados obtidos por meio de experimentação mostram a capacidade da solução de atribuir desafios mais complexos a potenciais atacantes, penalizando minimamente usuários legítimos. / The Sybil attack consists on the indiscriminate creation of counterfeit identities by a malicious user (attacker). An effective approach to tackle such attack consists of establishing computational puzzles to be solved prior to granting new identities. Despite its potentialities, solutions based on such approach do not distinguish between identity requests from correct users and attackers, and thus require both to afford the same cost per identity requested. Therefore, those approaches may not be effective when the attacker's computational resources are superior than those used by correct users. Assuming any choice of puzzle hardness, attackers that have access to high-performance computing resources will be able to solve puzzles several order of magnitude faster than legitimate users and thus obtain a large amount of identities. On the other way, raising the cost to solve the puzzles could restrict legitimate users too much. To tackle this problem, in this paper we propose the use of adaptive computational puzzles to limit the spread of Sybils. We estimate a trust score of the source of identity requests in regard to the behavior of others. The higher the frequency a source requests identities, the lower its trust score and, consequently, the higher the complexity of the puzzle to be solved by the user(s) associated to that source. Results achieved by means of an experimental evaluation evidence our solution's ability to establish more complex puzzles to potential attackers, while minimally penalizing legitimate users.
|
33 |
Architectural Design of a Conformative Authentication Service for Security PlatformsHermansson, Mikael January 2013 (has links)
Authentication services in security platforms often need to handle different types of systems which have various requirements regarding the authentication. These requirements can often interfere with each other and the issue here is that the authentication service often needs to be manually adjusted to comply with these requirements. Therefore there is a need for a flexible architectural design which enables changes and could open up for new emerging technologies and possibilities. This thesis presents an architectural design of a conformative authentication service based on SAML 2.0 to be used in security platforms. In this thesis a requirements analysis was performed and an architectural design was developed. The architectural design presented in this thesis is conformative in various aspects, e.g. usage of various authentication methods, versatile handling of attributes, handling of various SAML 2.0 profiles, possibilities to participate in various identity federations and handling of legacy systems not supporting SAML. In addition, an evaluation comparing the candidate architectural design presented in this thesis with a currently active architectural design was performed. This evaluation showed that the candidate architectural design was considered better for more usage scenarios.
|
34 |
Federated Identity Management : AD FS for single sign-on and federated identity managementWikblom, Carl January 2012 (has links)
Organizations are continuously expanding their use of computer ser-vices. As the number of applications in an organization grows, so does the load on the user management. Registering and unregistering users both from within the organization and also from partner organizations, as well as managing their privileges and providing support all accumu-lates significant costs for the user management. FIdM is a solution that can centralize user management, allow partner organizations to feder-ate, ease users’ password management, provide SSO functionality and externalize the authentication logic from application development. An FIdM system with two organizations, AD FS and two applications have been deployed. The applications are constructed in .NET, with WIF, and in Java using a custom implementation of WS-Federation. In order to evaluate the system, a functional test and a security analysis have been performed. The result of the functional test shows that the system has been implemented successfully. With the use of AD FS, users from both organizations are able to authenticate within their own organization and are then able to access the applications in the organizations without any repeated authentication. The result of the security analysis shows that the overall security in the system is good. The use of AD FS does not allow anyone to bypass authentication. However, the standard integra-tion of WIF in the .NET application makes it more susceptible to a DoS attack. It has been indicated that FIdM can have positive effects on an organization’s user management, a user’s password management and login procedures, authentication logic in application development, while still maintaining a good level of security.
|
35 |
A Framework To Implement OpenID Connect Protocol For Federated Identity Management In EnterprisesRasiwasia, Akshay January 2017 (has links)
Federated Identity Management (FIM) and Single-Sign-On (SSO) concepts improve both productivity andsecurity for organizations by assigning the responsibility of user data management and authentication toone single central entity called identity provider, and consequently, the users have to maintain only oneset of credential to access resources at multiple service provider. The implementation of any FIM and SSOprotocol is complex due to the involvement of multiple organizations, sensitive user data, and myriadsecurity issues. There are many instances of faulty implementations that compromised on security forease of implementation due to lack of proper guidance. OpenID Connect (OIDC) is the latest protocolwhich is an open standard, lightweight and platform independent to implement Federated IdentityManagement; it offers several advantages over the legacy protocols and is expected to have widespreaduse. An implementation framework that addresses all the important aspects of the FIM lifecycle isrequired to ensure the proper application of the OIDC protocol at the enterprise level. In this researchwork, an implementation framework was designed for OIDC protocol by incorporating all the importantrequirements from a managerial, technical and security perspective of an enterprise level federatedidentity management. The research work closely follows the design science research process, and theframework was evaluated for its completeness, efficiency, and usability.
|
36 |
Protecting Telemetry Data from Compromise Learning from the Mistakes of the Breached!Kalibjian, Jeff 11 1900 (has links)
Information has value and as such any network based computer (whether that network touches
the Internet or not) has the potential to be hacked. Telemetry data is not immune to the threat.
While there are a myriad of security sensor and analytics tools available for entities to deploy in
order to protect their IT networks and assets on those networks, sometimes overlooked is also the
wealth of research data available regarding the etiology of breaches that reveal fascinating,
sometimes counterintuitive insights in the best ways to configure and integrate security
applications to protect the organization.
After reviewing the latest research data regarding computer and IT network compromise,
security strategies implied in the research data appropriate to the security challenges
encountered in the telemetry post processing environment will be thoroughly examined
providing tangible methodologies that may be employed to better protect organization telemetry
post processing and IT infrastructures.
|
37 |
Řízení identit v organizacích / Identity ManagementFryaufová, Lucie January 2012 (has links)
The topic of this thesis is focused on the issues of the Identity Management. The author of the work describes the possibilities using this concept and application Identity Management in organizations. This issue is not oriented just from the point of Information security where this area belongs. The goal of this work is to create a framework of the process Identity Management by using best practises and standards. The context of the work should describe new trends and using special tools for safety work with process of Identity Management and the risk in area of the Identity Management. To achieve these goals which are mentioned above is ensured by using analysis of information sources and consulting with professionals from organization. The benefit of this work is provide comparison of teoretical knowledges with practical usage in organization and its recommendation to improve the process Identity Management.
|
38 |
Gerenciamento de identidades com privacidade do usuário em ambiente Web. / Privacy enhanced identity management system for the Web.Sakuragui, Rony Rogério Martins 02 December 2011 (has links)
Sistemas de Gerenciamento de Identidade Centrados no Usuário têm sido utilizados na Internet como meio de evitar o gerenciamento de múltiplas contas em sites e serviços na Web. Embora o uso de tais sistemas apresente benefícios, usuários podem ter sua privacidade prejudicada, uma vez que suas identidades tendem a ser conhecidas e controladas por uma entidade central. Dessa maneira, os acessos a serviços e o comportamento dos usuários tendem a ser facilmente rastreáveis em toda a rede. Por outro lado, do ponto de vista dos serviços, existem casos onde o conhecimento e a comprovação de informações do usuário é uma necessidade para o controle de acesso e provimento do serviço. Assim, o objetivo deste trabalho é propor uma solução de gerenciamento de identidades que proteja a privacidade e, ao mesmo tempo, possibilite a comprovação de atributos de identidade do usuário para um provedor de serviços no ambiente Web atual. Esta proposta inova dentre os trabalhos relacionados encontrados na literatura devido à sua adequação às necessidades e limitações existentes no ambiente típico da interação entre usuários e sites na Internet. A verificação do cumprimento dos objetivos de autenticação de atributos de identidade e privacidade do usuário é realizada por meio da análise formal do protocolo da solução. Ainda, com a aplicação de uma métrica, são analisados as condições e níveis de anonimato de um usuário no uso do sistema. / User-centric Identity Management Systems have been used on the Internet for avoiding the management of multiple users accounts in different sites and services on the Web. Although those systems can bring some benefits for its users, their privacy may be jeopardized since their identities are likely to be known and controlled by a central entity. This way, users behavior and their accesses to services are likely to be easily tracked on the network. On the other side, from the services point of view, there are occasions where the knowledge and verification of some users aspects and attributes are necessary for access control and service providing. Thereby, the goal of this work is to propose a solution for identity management that provides enhanced privacy for user and, at the same time, allows them to prove attributes of their identity to a service provider on the current Web environment on the Internet. This proposal innovates when compared to related works due to its suitability to the environment and its interactions between clients and sites on the Internet. The objectives related to the verification of identitys attributes and privacy concerns in this proposal are analyzed by formal methods. This work also presents an analysis on the conditions and levels of anonymity when users interact with the system based on a metric.
|
39 |
Vylepšení architektury systému správy identit ve firmě / Corporate Identity and Access Management System Architecture Improvement ProposalNop, Dominik January 2019 (has links)
The master thesis focuses on assessment of current implementation of identity management system and proposal of a new implementation to increase level of stability and information security in the company, primarily regarding the systems that process financial data. In first part, basic theoretical knowledge related to identity management systems is defined. In second part, an analysis of current system state is performed. Based on this analysis, new organizational and technical solutions are proposed to the company. Finally, an implementation project proposal as well as with risk analysis and economic evaluation is completed in the end of this thesis.
|
40 |
Správa veřejných klíčů SSH v programech FreeIPA a SSSD / SSH Public Key Management in FreeIPA and SSSDCholasta, Jan January 2012 (has links)
SSH je jeden z nejpoužívanějších protokolů pro vzdálený přístup v Internetu. SSH je flexibilní a rozšiřitelný protokol, který se skládá ze tří hlavních součástí: SSH transportního protokolu, který obstarává důvěrnost, integritu a autentizaci serveru, SSH autentizačního protokolu, který obstarává autentizaci uživatelů a SSH spojovacího protokolu, který obstarává multiplexování více kanálů různých typů (interaktivní sezení, přesměrování TCP/IP spojení, atd.) do jednoho spojení. OpenSSH je jedna z nejrozšířenějších implemetací SSH. OpenSSH obsahuje SSH server, SSH klienty, generátor SSH klíčů a autentizační agent, který usnadňuje autentizaci pomocí veřejných klíčů. FreeIPA a SSSD jsou projekty poskytující centrální správu identit pro Linuxové a Unixové systémy. Tyto projekty sice v době psaní této práce přímou podporu SSH neobsahovaly, ale do jisté míry je ve spojení s OpenSSH používat možné bylo.
|
Page generated in 0.083 seconds