A DYNAMIC WEB AUTHENTICATION FRAMEWORK BASED ON SINGLE SIGN-ON SCHEME

Abstract

The rapid expansion of the Internet has increased the number of application service providers. This in turn increases the number of web services available. The users gain access to these protected web services using various credentials. This imposes a burden on users to manage these credentials in various ways. This makes them vulnerable to several attacks. This dissertation work consists of two parts. In the first part, a new approach for web authentication based on Single Sign-On (SSO) scheme has been proposed. This new approach holds a I:m SSO identity/service provider relationship per user. This improves the overall efficiency of the authentication system. This is because only a single identity per user needs to be maintained for access to all the necessary services. The strategy is to generate a dynamic session token of valid credentials that will be utilized to access these services. The proposed system has low computation and communication costs as compared to existing authentication schemes. It provides better features as compared to the existing authentication schemes and Single Sign-On systems. The analysis shows that the proposed system can withstand the replay and man-in-middle attacks that occur frequently on such systems. In the second part, Kerberos as a Single Sign-On protocol has been analyzed. The analysis is performed with respect to the various security threats that cause vulnerability during the authentication and authorization processes. Based on these results, an improvement to the existing protocol has been suggested. This improved Kerberos protocol has the ability to withstand the common security threats that affect the original version. iii