Credential Management and Secure Single Login for SPKM
نویسنده
چکیده
The GSS-API [20, 21] offers security services independent of underlying mechanisms. A possible GSS-mechanism is the Simple Public Key Mechanism (SPKM) specified in [1]. In this paper we will focus on the credential management for SPKM. If more than one connection is needed, the standard credential management requires either to cache the secret keys in insecure storage or to make the user entering a password to access the long term secret keys for every new GSS-connection. For environments in which neither one is acceptable we propose a Secure Single Login (SSLogin) variant which works with temporary asymmetric keys and combines security and user comfort.
منابع مشابه
Simplifying Public Key Credential Management Through Online Certificate Authorities and PAM
The secure management of X509 certificates in heterogeneous computing environments has proven to be problematic for users and administrators working with Grid deployments. We present an architecture based on short lived X509 credentials issued by a MyProxy server functioning as an Online Certificate Authority, on the basis of initial user authentication via PAM (Pluggable Authentication Modules...
متن کاملAn Approach for Mitigating Potential Threats in Practical SSO Systems
With the prosperity of social networking, it becomes much more convenient for a user to sign onto multiple websites with a web-based single sign-on (SSO) account of an identity provider website. According to the implementation of these SSO system, we classify their patterns into two general abstract models: independent SSO model and standard SSO model. In our research, we find both models conta...
متن کاملPersonal Information Leaks with Automatic Login in Mobile Social Network Services
To log in to a mobile social network service (SNS) server, users must enter their ID and password to get through the authentication process. At that time, if the user sets up the automatic login option on the app, a sort of security token is created on the server based on the user’s ID and password. This security token is called a credential. Because such credentials are convenient for users, t...
متن کاملClient-Side Biometric Verification Based on Trusted Computing
Traditionally, a user requires substantial trust in a workstation for correctly handling her credentials (e.g. password/login). Unfortunately, malware and compromised software makes them unsuitable for secure credential management. Credentials are easily stolen and the user cannot trust what is being displayed on her workstation, obstructing informed consent. This paper presents a new solution ...
متن کاملSingle Sign-on Mechanism for Secure Web Service Access through ISSO
Single sign-on (SSO) is an emerging and more secure authentication mechanism that enables an authorized user with a single username/password to be authenticated by many service providers in a distributed network system. The existing technique used SSO scheme and it has achieved security by applying wellorganized security parameters and its improved scheme introduced Verifiable Encryption of Sig...
متن کامل