.NET PASSPORT

1
.NET PASSPORT TRUSTBRIDGE

• SHRIPAD PATIL
• CS795/895
• SECURITY IN DISTRIBUTED SYSTEMS

2
OVERVIEW

• Why Single Sign-on? (sso)
• How Passport works?
• Security threats
• Passport Implementation (.NET)
• TrustBridge

3
Single Sign-on

• The problem
• Too many credentials
• Which one for which app.
• Multiple logon
• Business Impact
• Increased risk of compromise
• Reduced Productivity
• Increased helpdesk expenses

4
Single sign-on

• The problem
• Provisioning new accounts
• Password management
• Auditing user activity
• Managing non-user access
• Deploying enterprise applications
• Impact
• No single view of user
• Risk of unauthorized access
• Delayed access

5
Passport - Introduction

• single-login system that allows users to navigate
  across Passport-enabled sites without having to
  maintain a separate login at each site
• User Account contains
• A Unique Identifier (PUID)
• A User profile
• Credentials
• 3 security levels
• Standard sign-in
• Secure channel sign-in
• Strong credential sign-in

6
Passport How does it works?

• Cookies
• Ticket cookie
• Profile cookie
• Visited site cookie

7
Problem Areas

• Central point of attack
• Weak user passwords
• Cookies/persistent cookies
• Bogus merchant attack
• Active attack
• DNS Attacks

8
2. TrustBridge

• Microsoft technology to provide AAA
  (Authentication, Authorization, Accounting)
• Designed to achieve cross-organizational resource
  sharing
• Uses windows active directory
• Provides resilient defense against security
  attacks (data mining, Denial Of Service)
• Convenient to use
• But, do not provide heterogeneous enterprise
  system support

9
TrustBridge
10
Passport Implementation

• Requirements- passport SDK, passport manager,
  IIS, DNS name
• Register application with .NET service manager
• Get site ID, Encryption Keys, Certificate
• Code, test, then deploy passport application
• Compliance review from Microsoft
• Launch live web-site

11
Thank You