Distributed authentication for resource control

Burdis, Keith Robert (2000) Distributed authentication for resource control. Masters thesis, Rhodes University.

[img]
Preview
Text
BURDIS-MSc-TR00-21.pdf

592Kb

Abstract

This thesis examines distributed authentication in the process of controlling computing resources. We investigate user sign-on and two of the main authentication technologies that can be used control a resource through authentication and providing additional security services. The problems with the existing sign-on scenario are that users have too much credential information to manage and are prompted for this information too often. Single Sign-On (SSO) is a viable solution to this problem if physical procedures are introduced to minimise the risks associated with its use. The Generic Security Services API (GSS-API) provides security services in a manner independent of the environment in which these security services are used, encapsulating security functionality and insulating users from changes in security technology. The underlying security functionality is provided by GSS-API mechanisms. We developed the Secure Remote Password GSS-API Mechanism (SRPGM) to provide a mechanism that has low infrastructure requirements, is password-based and does not require the use of long-term asymmetric keys. We provide implementations of the Java GSS-API bindings and the LIPKEY and SRPGM GSS-API mechanisms. The Secure Authentication and Security Layer (SASL) provides security to connection-based Internet protocols. After finding deficiencies in existing SASL mechanisms we developed the Secure Remote Password SASL mechanism (SRP-SASL) that provides strong password-based authentication and countermeasures against known attacks, while still being simple and easy to implement. We provide implementations of the Java SASL binding and several SASL mechanisms, including SRP-SASL.

Item Type:Thesis (Masters)
Uncontrolled Keywords:Computers, Access control, Data protection, Computer networks, Security measures, Electronic data processing departments
Subjects:Q Science > QA Mathematics > QA75 Electronic computers. Computer science
Divisions:Faculty > Faculty of Science > Computer Science
Faculty > Faculty of Commerce > Information Systems
Faculty > Faculty of Science > Information Systems
ID Code:2177
Deposited By: Ms Chantel Clack
Deposited On:08 Nov 2011 08:55
Last Modified:06 Jan 2012 16:22
21 full-text download(s) since 08 Nov 2011 08:55
21 full-text download(s) in the past 12 months
More statistics...

Repository Staff Only: item control page