1,721,033 research outputs found
Achieving interoperability between federated identity management systems: A case of study
No full textUser authentication schemes have been a key research topic in the field of data security for decades. Such schemes are evaluated according to at least two parameters: security and usability. Since a number of secure and usable authentication schemes are available, each institution can select the scheme that is considered to be most appropriate for its security policy. Such a per-site system selection has the following feature: each site has to authorize each user that tries to access its resources. In a world in which users mobility is growing, the feature we have just described forces a huge overhead; both from the site's viewpoint and the users' viewpoint, since each user needs to store different credentials for each site she accesses to. Federated authentication allows users to use their home authentication credentials for gaining access to other institutions services while moving among different institutions. Different federated authentication systems have been designed and implemented. Despite simplified users mobility, one key problem in this area is that, often, different authentication systems do not cooperate or provide a limited interoperability. In this paper we discuss the problem of achieving full interoperability among Federated Identity Management Systems and present, as proof-of-concept, a solution to allow full communication between two federated authentication systems, Shibboleth a de facto standard in this context, and PAPI (Point of Access to Providers of Information). Such a solution leverages an intermediate bridge which joins both federations and features protocols translation during cross-federation Authentication/Authorization (AA) sessions
On user authentication by means of video events recognition
No full textGraphical password schemes have been widely analyzed in the last couple of decades. Typically such schemes are not resilient to adversaries who are able to collect a considerable amount of session transcripts, and can process them automatically in order to extract the secret. In this paper we discuss a possible enhancement to graphical passwords aiming at making infeasible to the attacker to automatically process the collected transcripts. In particular, we investigate the possibility of replacing static graphical challenges with on-the-fly edited videos. In our approach, the system challenges the user by showing her a short film containing a number of pre-defined pass-events and the user replies with the proof that she recognized such events. We present a proof-of-concept prototype, FilmPW, and discuss some issues related to event life-cycle management. Our preliminary experiments show that such an authentication mechanism is well accepted by users and achieves low error rates
Secure Dependency Enforcement in Package Management Systems
No full textPackage management systems play an essential role in pursuing systems dependability by ensuring that software is correctly installed and kept up-to-date according to vendor-defined installation policies. Circumventing such policies could make the system unhealthy and insecure and can constitute a serious security threat. In many application scenarios, e.g., distribution of commercial software, the confidentiality of the software must be guaranteed against non-authorized players. In some cases, the installation policy itself is considered a sensitive information, e.g., when it reveals required hardware in military contexts. In this paper we address the problem of strongly enforcing software dependencies in package management systems, to prevent that a malicious user forces the system to install any package despite its requirements are not completely fulfilled. The enforcement is strong in the sense that the encrypted software package cannot be even decrypted if the dependencies are not satisfied. Once a new package is decrypted and installed, our protocol non-interactively updates the key material on the target device. This key update will allow the decryption of further packages that depend on the newly installed one. We further present “policy-hiding” variants of our protocol. Finally we provide an experimental evaluation of the system performance
Analysis of a two-factor graphical password scheme
No full textGraphical passwords are a promising research branch, but implementation of many proposed schemes often requires considerable resources (e.g., data storage, high quality displays) making difficult their usage on small devices, such as old-fashioned ATM terminals. Furthermore, most of the time, such schemes lack a careful security analysis. In this paper, we analyze the security and usability for an authentication mechanism that can be instantiated as a graphical password scheme. We model the information an adversary might extract by analyzing the transcripts of authentication sessions as a boolean formula. Our experiments show that the time needed by a passive adversary to extract the user secret in the last presented protocol grows exponentially in the system parameter, giving evidence of the security of the proposed scheme
- …
