- Title
- Distributed authentication for resource control
- Creator
- Burdis, Keith Robert
- ThesisAdvisor
- Wentworth, Peter
- Subject
- Computers -- Access control
- Subject
- Data protection
- Subject
- Computer networks -- Security measures
- Subject
- Electronic data processing departments -- Security measures
- Date
- 2000
- Type
- Thesis
- Type
- Masters
- Type
- MSc
- Identifier
- vital:4630
- Identifier
- http://hdl.handle.net/10962/d1006512
- Identifier
- Computers -- Access control
- Identifier
- Data protection
- Identifier
- Computer networks -- Security measures
- Identifier
- Electronic data processing departments -- Security measures
- Description
- This thesis examines distributed authentication in the process of controlling computing resources. We investigate user sign-on and two of the main authentication technologies that can be used to control a resource through authentication and providing additional security services. The problems with the existing sign-on scenario are that users have too much credential information to manage and are prompted for this information too often. Single Sign-On (SSO) is a viable solution to this problem if physical procedures are introduced to minimise the risks associated with its use. The Generic Security Services API (GSS-API) provides security services in a manner in- dependent of the environment in which these security services are used, encapsulating security functionality and insulating users from changes in security technology. The un- derlying security functionality is provided by GSS-API mechanisms. We developed the Secure Remote Password GSS-API Mechanism (SRPGM) to provide a mechanism that has low infrastructure requirements, is password-based and does not require the use of long-term asymmetric keys. We provide implementations of the Java GSS-API bindings and the LIPKEY and SRPGM GSS-API mechanisms. The Secure Authentication and Security Layer (SASL) provides security to connection- based Internet protocols. After finding deficiencies in existing SASL mechanisms we de- veloped the Secure Remote Password SASL mechanism (SRP-SASL) that provides strong password-based authentication and countermeasures against known attacks, while still be- ing simple and easy to implement. We provide implementations of the Java SASL binding and several SASL mechanisms, including SRP-SASL.
- Format
- 122 p., pdf
- Publisher
- Rhodes University, Faculty of Science, Computer Science
- Language
- English
- Hits: 2611
- Visitors: 2720
- Downloads: 159
Thumbnail | File | Description | Size | Format | |||
---|---|---|---|---|---|---|---|
View Details | SOURCEPDF | 591 KB | Adobe Acrobat PDF | View Details |