Académique Documents
Professionnel Documents
Culture Documents
Arun Anoop M,
Asst. Professor-CSE,
MESCE,Kuttipuram
Part 2
Access Control
Password Generator
1. Im Alice
3. PIN, R
password
generator
4.h(K,R)
5. h(K,R)
Part 2
2. R
Alice
Bob, K
2-factor Authentication
Examples
Part 2
Access Control
Single Sign-on
A hassle to enter password(s) repeatedly
Alice wants to authenticate only once
Credentials stay with Alice wherever she goes
Subsequent authentications transparent to Alice
Part 2
Access Control
Single Sign-on
Systems
Scenario
Going to travel
Sign in for booking flight ticket
Sign in for booking hotel room
Sign in for renting a car
.NET Passport
Microsoft .NET Passport
- Passport single sign in service
- Kids Passport service
Passport supplies registered users an electronic ticket.
With this ticket users are authorized to access pages
in participating sites.
.NET Passport
An implementation of Single Sign-On system,
based on the cookie mechanism.
Employing technique to prevent attacks
- Captcha telling human from computers
- Secure Sockets Layer (SSL)
.NET Passport
Registration process
- Information stored in passport account
- Captcha
- E-mail Validation
Authentication process
- Cookies written by passport
- Navigate to another Participating Site
- Secure Sockets Layer (SSL)
Registration process
Captcha Human Interaction Protocol
- telling human from computers by asking registers to type
in alphanumeric characters from a picture
- bots attackers submit thousands of fake registrations in
short time
Registration process
For example, humans can read distorted text as the one shown below
but current computer programs can't:
Web Cookies
Cookie is provided by a Website and stored
on users machine
A cookie is a file created by a web browser,
at the request of a web site, that is then
stored on a computer.
Cookies maintain state across sessions
Web uses a stateless protocol: HTTP
Cookies also maintain state within a session
Access Control