Embed Size (px)
DESCRIPTION
Single sign-on (SSO) is a new authentication mechanism that enables a legal user with a single credential to be authenticated by multiple service providers in distributed computer networks. Recently, Chang and Lee proposed a new SSO scheme and claimed its security by providing well-organized security arguments. In this paper, however, we demonstratively show that their scheme is actually insecure as it fails to meet credential privacy and soundness of authentication. Specifically, we present two impersonation attacks. The first attack allows a malicious service provider, who has successfully communicated with a legal user twice, to recover the user’s credential and then to impersonate the user to access resources and services offered by other service providers. In the other attack an outsider without any credential may be able to enjoy network services freely by impersonating any legal user or a nonexistent user.
Citation preview
ZEBROS PROJECTS
Office Address: No 4 / Flat No 3D, Sai Kiran Apts, First Main Road, Kasturba Nagar, Chennai-20 web: www.zebros.in e mail : [email protected] mob: 99400 98300
WAY TO YOUR GOAL
NETWORK SECURITY PROJECTS
FINAL YEAR PROJECTS
IEEE PROJECTS 2013-2014
CONTACT: 9940098300, 9500075001
E-Mail:[email protected]
ZEBROS PROJECTS
Office Address: No 4 / Flat No 3D, Sai Kiran Apts, First Main Road, Kasturba Nagar, Chennai-20 web: www.zebros.in e mail : [email protected] mob: 99400 98300
Security Analysis of a Single Sign-On Mechanism for
Distributed Computer Networks
ABSTRACT
Single sign-on (SSO) is a new authentication mechanism that enables a
legal user with a single credential to be authenticated by multiple service providers in
distributed computer networks. Recently, Chang and Lee proposed a new SSO scheme
and claimed its security by providing well-organized security arguments. In this paper,
however, we demonstratively show that their scheme is actually insecure as it fails to
meet credential privacy and soundness of authentication. Specifically, we present two
impersonation attacks. The first attack allows a malicious service provider, who has
successfully communicated with a legal user twice, to recover the user’s credential and
then to impersonate the user to access resources and services offered by other service
providers. In the other attack an outsider without any credential may be able to enjoy
network services freely by impersonating any legal user or a nonexistent user. We
identify the flaws in their security arguments to explain why attacks are possible
against their SSO scheme. Our attack also applies to another SSO scheme proposed by
Hsu and Chuang, which inspires the design of Chang-Lee scheme. We promote the
study of the soundness of authentication as one open problem.
ZEBROS PROJECTS
Office Address: No 4 / Flat No 3D, Sai Kiran Apts, First Main Road, Kasturba Nagar, Chennai-20 web: www.zebros.in e mail : [email protected] mob: 99400 98300
ZEBROS PROJECTS
SOFTWARE BASED HARDWARE BASED
Networking VLSI
Data Mining Mat lab
Grid Computing Robotics
Network Security Embedded
Image Processing Bio Medical
Web Applications Power Systems
Mobile Computing Power Electronics
Software Engineering Java with Embedded
Cloud Computing Android
What is IEEE?
The Institute of Electrical and Electronics Engineers or IEEE (read eye-triple-e) is Incorporated in the State of New York, United States. It was formed in 1963 by the merger of the Institute of Radio Engineers (IRE, founded 1912) and the American Institute of Electrical Engineers (AIEE, founded 1884). A membership organization comprised of engineers, scientists and students that sets standards for computers and communications. It is a nonprofit organization with more than 365,000 members in around 150 countries.
The IEEE describes itself as "the world's largest technical professional society -- promoting the development and application of electro technology and allied sciences for the benefit of humanity, the advancement of the profession, and the well-being of our members."
Why IEEE based projects?
It grantees for standard
It assured latest solution for problems
It delivers new patented technologies at an ever-increasing pace
It access world-class technical information provided by the IEEE and cut down your
research time.
ZEBROS PROJECTS
Office Address: No 4 / Flat No 3D, Sai Kiran Apts, First Main Road, Kasturba Nagar, Chennai-20 web: www.zebros.in e mail : [email protected] mob: 99400 98300
OUR FEATURES
24*7 Call Support
Project Execution through Remote System
20 Days Technical classes taken by Corporate Trainer
Unlimited Project & Technical Support through your academic
Project software Installation support
PROJECT SUPPORT
0th Review 1st Review
Abstract Existing System Disadvantages Proposed System Advantages Objective System Requirements System Architecture
Literature Survey Module List Module Description Data Flow Diagram Level DFD Module Wise DFD Problem Definition Review Document Explanation
2nd Review 3rd Review
Use case Diagram Class Diagram Collaboration Diagram Sequence Diagram Activity Diagram Testing & test cases Partial Code Screenshot for First two
module Review Document Explanation
Conclusion References Future Enhancement 65% code (Executable Format) Required Software Review Document Explanation
Final Review
Complete Code with Enhancement
Final Document (University Standard Format)
Complete Explanation for Project Concept & Code
![8 IEEE TRANSACTIONS ON INTELLIGENT VEHICLES, VOL… · 8 IEEE TRANSACTIONS ON INTELLIGENT VEHICLES, VOL. 1, NO. 1, ... traffic sign recognition [3], ... and software useful for implementing](https://img.pdfslide.us/doc/110x75/5aed272a7f8b9ad73f90aad9/8-ieee-transactions-on-intelligent-vehicles-vol-ieee-transactions-on-intelligent.jpg)
