Global ETD Search

21	Emulerad single sign-on Högberg, Per, Malmqvist, Lars January 2015 (has links) The goal of the project was to create an extension to Internet Explorer forStatens Tjänstepensionsverk (SPV) which would give the staff the experience ofSingle sign-on (SSO) to external web service providers as well as manage andupdate their passwords in a secure manner. The survey focused on the providersPalasso, ProCompetence and Wera. The extension was created as a BrowserHelper Object (BHO) with C# in .NET. The solution was implemented as aCOM object in a DLL-file that was running in-process with the browser. Theprogram used a locally stored XML file containing URLs, usernames andencrypted passwords to the providers. When a user came to a login page theprogram collected the HTML elements on the page and populated them withdata from the file and logged in the user. Encryption and decryption was solvedwith a symmetric key that was stored in the program. In the XML file was alsothe date for the latest update of the password. If one month had passed, theprogram either gave the user an indication that the password needed to beupdated, or updated it automatically with a new generated password, dependingon the provider. The conclusion was that the extension worked as planned butthat there were improvements to be made regarding the possibility to add newsites to the system. The project also included an analysis of alternative optionsto solve the problem using JavaScript, Add-in Express, or via a portal page. Theconclusion was that none of these were an equally powerful tool as a BHO. Single sign-on Internet Explorer .NET C# COM XML kryptering lösenord säkerhet Computer Engineering Datorteknik
22	A Framework To Implement OpenID Connect Protocol For Federated Identity Management In Enterprises Rasiwasia, Akshay January 2017 (has links) Federated Identity Management (FIM) and Single-Sign-On (SSO) concepts improve both productivity andsecurity for organizations by assigning the responsibility of user data management and authentication toone single central entity called identity provider, and consequently, the users have to maintain only oneset of credential to access resources at multiple service provider. The implementation of any FIM and SSOprotocol is complex due to the involvement of multiple organizations, sensitive user data, and myriadsecurity issues. There are many instances of faulty implementations that compromised on security forease of implementation due to lack of proper guidance. OpenID Connect (OIDC) is the latest protocolwhich is an open standard, lightweight and platform independent to implement Federated IdentityManagement; it offers several advantages over the legacy protocols and is expected to have widespreaduse. An implementation framework that addresses all the important aspects of the FIM lifecycle isrequired to ensure the proper application of the OIDC protocol at the enterprise level. In this researchwork, an implementation framework was designed for OIDC protocol by incorporating all the importantrequirements from a managerial, technical and security perspective of an enterprise level federatedidentity management. The research work closely follows the design science research process, and theframework was evaluated for its completeness, efficiency, and usability. FIM SSO OpenID Connect OIDC Single Sign On Federated Identity Management Computer Systems Datorsystem
23	En säkerhetsanalys och jämförelse av SAML och OAuth P Svensson, Gustav, Eriksson, Filip January 2020 (has links) Vi har utfört en jämförelse av två populära SSO protokoll, OAuth och SAML. Detta för att göra valet av protokoll enklare för företag. Två simplistiska SSO-implementationer har utvecklats för att testa säkerheten av de två protokollen. En simplistisk SSO-implementation betyder i detta fallet att inga säkerhetsfunktioner har lagts till utöver vad protokollen kräver. Tre attacker har utförts: 307 redirect attack, Man in the middle och Replay attack. Resultatet visar att en simplistisk SAML implementation är säkrare än en simplistisk OAuth implementation. Vidare arbete krävs dock för att få en bättre bild av säkerheten för de olika protokollen. SAML OAuth SSO Single sign on säkerhet Other Engineering and Technologies Annan teknik
24	Identity management / Identity management Kefer, Daniel January 2009 (has links) The master thesis is divided into two parts. In the first part, identity management is described on theoretical basis. Particular domains of identity management including authentication, authorization and audit are explained as well as Single Sign-On concept, i.e. using single credentials and entering them just once for access to multiple independent systems or services. In the second part, which forms the main part of this thesis, a practical project was implemented on the infrastructure of the Department of Telecommunications within the Faculty of Electrical Engineering and Communication, Brno University of Technology. The goal of this project was to create an environment for central 4 authentication and Single Sign-On using only open source technologies within a computer laboratory used for teaching OS Linux. The project is based on OS Linux Debian, Kerberos as a protocol for secure authentication and LDAP server OpenLDAP. For the Single Sign-On demonstration, NFS services for accessing data on the network were chosen. Using NFS services, users can sign-on to any workstation and access all their data. Administration of users and their import from central FEEC databases was implemented using scripts developed in Python. Next, using Apache, PHP and MySQL, a front-end audit interface for the network administrator was developed in order to inspect and evaluate security events in the network. Messages about suspicious events are delivered to administrator’s mailbox in real time. The project is intended as a security platform which means that other services can be implemented for Single Sign-On as well as new mechanisms for evaluation of suspicious events.
25	Browser-Based Trust Negotiation Morris, Cameron 21 March 2006 (has links) (PDF) Trust negotiation allows two parties on the Internet to establish trust in each other according to the digital credentials thateach other possesses. Traditionally, trust negotiation uses certificates as digital credentials. However, certificates make trust negotiation difficult to use since people rarely have certificates available to them, and they must physically possess and secure all needed certificates in order to negotiate. To avoid these problems, this thesis proposes that credential authorities negotiate on behalf of the user. This thesis defines BrowserBased Trust Negotiation (BBTN) as a method for negotiating with credential authorities using the Secure Assertion Markup Language (SAML). Trust Negotiation Internet Security Computer Security SAML Single Sign-on Computer Sciences
26	Convenient Decentralized Authentication Using Passwords Van Der Horst, Timothy W. 10 March 2010 (has links) (PDF) Passwords are a very convenient way to authenticate. In terms of simplicity and portability they are very difficult to match. Nevertheless, current password-based login mechanisms are vulnerable to phishing attacks and typically require users to create and manage a new password for each of their accounts. This research investigates the potential for indirect/decentralized approaches to improve password-based authentication. Adoption of a decentralized authentication mechanism requires the agreement between users and service providers on a trusted third party that vouches for users' identities. Email providers are the de facto trusted third parties on the Internet. Proof of email address ownership is typically required to both create an account and to reset a password when it is forgotten. Despite its shortcomings (e.g., latency, vulnerability to passive attack), this approach is a practical solution to the difficult problem of authenticating strangers on the Internet. This research utilizes this emergent, lightweight relationship with email providers to offload primary user authentication from service providers; thus reducing the need for service provider-specific passwords. Our goal is to provide decentralized authentication that maintains the convenience and portability of passwords, while improving its assurances (especially against phishing). Our first step to leverage this emergent trust, Simple Authentication for the Web (SAW), improves the security and convenience of email-based authentications and moves them from the background into the forefront, replacing need for an account-specific password. Wireless Authenticationg using Remote Passwords (WARP) adapts the principles of SAW to authentication in wireless networks. Lightweight User AUthentication (Luau) improves upon WARP and unifies user authentication across the application and network (especially wireless) layers. Our final protocol, pwdArmor, started as a simple wrapper to facilitate the use of existing databases of password verifiers in Luau, but grew into a generic middleware framework that augments the assurances of conventional password protocols. authentication email-based authentication passwords password-authenticated key exchange single sign-on authentication in wireless networks Computer Sciences
27	Authentication via OpenAthens: Implementing a Single Sign-on Solution for Primo, Alma, and EZproxy Clamon, Travis 01 May 2018 (has links) OpenAthens is a hosted identity and access management service that provides a streamlined solution for implementing single sign-on authentication. This presentation will outline the steps East Tennessee State University took to configure OpenAthens authentication across the Alma, Primo, and EZproxy platforms. We will give a brief overview of the internal configurations related to LDAP integration, allocating electronic resources, and selectively assigning permissions. Finally, we will share our experiences with OpenAthens including support, vendor adoption, and end user benefits. authentication OpenAthens single sign-on Primo Alma EZproxy Charles C. Sherrod Library Computer Engineering
28	Outsmarting Passwords : An Analysis on the use of Smart Cards for Single Sign-On in Legacy Applications / Singelinloggning i Legacysystem : En Studie i Användandet av Smarta Kort för Singelinloggning i Legacysystem Tingström, Alexander January 2017 (has links) By leveraging smart-cards as a bearer of user credentials for legacy applications the security of these systems can be greatly increased. In this thesis a solution to the problem of legacy applications only allowing username-password authentication is proposed. Storing user-data encrypted on the card and automatically serving it to the required application allows for automatically generated passwords to be used. The backbone of this system is developed. This solution is then analyzed and found to result in a significantly increased level of security. / Genom att använda smartakort som bärare av användarnamn och lösenord för gamla "legacyapplikationer" så kan man drastiskt öka säkerheten i dessa system. I detta examensarbete så läggs ett förslag på lösning till problemet att äldre applikationer enbart tillåter autentisering genom användarnamn.lösenord. Genom att lagra användardata på ett enkrypterat utrymme i ett smartkort för att sedan automatiskt mata in detta i den berörda applikationen så tillåts starkare, ej användarvänliga, lösenord att användas. Grunden till detta system utvecklas och en säkerhetsanalys utförs. Detta visar på en kraftig förbättring av säkerheten gentemot dessa system. Smart Cards Security Single Sign On Legacy Systems Computer Sciences Datavetenskap (datalogi)
29	Secure Distributed Single Sign-On with Two-Factor Authentication Brasee, Kaleb D. January 2007 (has links) No description available. Computer Science Single Sign-On Two-Factor Authentication Computer Security Distributed Systems SeDSSO
30	A Modular architecture for Cloud Federation Panjwani, Rizwan 21 December 2015 (has links) Cloud Computing is the next step in the evolution of the Internet. It provides seemingly unlimited computation and storage resources by abstracting the networking, hardware, and software components underneath. However, individual cloud service providers do not have unlimited resources to offer. Some of the tasks demand computational resources that these individual cloud service providers can not fulfill themselves. In such cases, it would be optimal for these providers to borrow resources from each other. The process where different cloud service providers pool their resources is called Cloud Federation. There are many aspects to Cloud Federation such as access control and interoperability. Access control ensures that only the permitted users can access these federated resources. Interoperability enables the end-user to have a seamless experience when accessing resources on federated clouds. In this thesis, we detail our project named GENI-SAVI Federation, in which we federated the GENI and SAVI cloud systems. We focus on the access control portion of the project while also discussing the interoperability aspect of it. / Graduate / 0984 / panjwani.riz@gmail.com OpenStack GENI SAVI Cloud Federation NOVA Shibboleth Single Sign On Software Architecture Authentication Modular Architecture OMNI Third Party Authentication

Search results