Single Sign On - PowerPoint PPT Presentation

1 / 11
About This Presentation
Title:

Single Sign On

Description:

Passport risks: http://avirubin.com/passport.html ... Microsoft .NET Passport Review Guide http://www.microsoft.com/net/services ... – PowerPoint PPT presentation

Number of Views:387
Avg rating:3.0/5.0
Slides: 12
Provided by: andy83
Category:
Tags: com | microsoft | sign | single

less

Transcript and Presenter's Notes

Title: Single Sign On


1
Single Sign On
  • Glen Dorton

2
The Problem
  • Users have to authenticate to multiple systems
  • User name and password is the most common
    authentication scheme
  • Users are required to remember multiple user
    names and passwords, one per system
  • Why is this a problem?

3
Solution Single Sign On
  • Single sign on still employs user name and
    password as most common method
  • However, users only need to remember one user
    name and password to access all systems

4
Benefits
  • One sign on grants access to all resources
  • Users will be less likely to write down passwords
    and hide the paper under a keyboard
  • Administration of user accounts and access
    control is vastly simplified
  • Improved security through administration ease,
    better control of account management

5
Implementations
  • Scripting
  • Kerberos
  • Secure European System for Applications in a
    Multi-vendor Environment
  • Diskless workstations
  • Microsoft .NET Passport

6
Problems
  • Subject to standard password attacks
  • Once a password is compromised or an attacker can
    create an account, access to all resources
    allowed for that user is obtained
  • Central point of failure

7
Problems with Passport
  • User interface, web browser
  • Uses encrypted cookies
  • Uses Javascript
  • Key management
  • Uses 3DES, generated randomly and must be
    distributed securely
  • Persistent cookies
  • Allow user to be logged in all the time
  • Theft of cookies

8
Passport Attacks
  • Phishing attacker sets up fake merchant site
    and redirects to fake passport.com, user enters
    credentials
  • Man in the middle attacker intercepts
    legitimate redirect to passport.com and redirects
    to his own fake passport.com
  • DNS attacks passport relies on redirects to
    passport.com for authentication

9
What is Microsoft Doing
  • Move to Kerberos
  • Allow user to specify whether credentials are
    cached (automatically, prompted)
  • Support for certificates

10
Conclusion
  • Difficult to implement with legacy systems that
    have proprietary authentication schemes
  • Will be more practical in the future

11
References
  • Passport risks http//avirubin.com/passport.html
  • Opengroup http//www.opengroup.org/security/sso/
  • Microsoft .NET Passport Review Guide
    http//www.microsoft.com/net/services/passport/rev
    iew_guide.asp
Write a Comment
User Comments (0)
About PowerShow.com