SSO Mechanism in Distributed Environment
1.
Vinay Kumar Ande 2.Hitesh Mohapatra
*
Asst .Prof(Computer Engg)
Sanjivani Collage of Engineering,
Kopargaon, Savitribai Phule, Pune University
Email:{andevinay, hiteshmahapatra }@gmail.com
Abstract
Wired network work with physical
spectacle and then the information assemble is
processed to get applicable results. Method is
based on centralized approach. If Service provider
is affected at any causes the Whole process will be
failed. To overcome this problem, secure
mechanism is used.
Secure and Distributed
mechanism consists of five phases: Method
initialization phase, user identification phase,
hacking
phase, recovering phase, security
analysis. If client login to service provider it can
access the multiple services. Hacking is main issue
for accessing multiple services in SSO mechanism.
Impersonation attack means the challenger
successfully attempts to identify one of the
genuine parties to takeoff various attacks. To solve
this problem the single sign on mechanism (SSO)
have been proposed.
Keywords
Network Security, Wired networks, Secure
and Distributed mechanism, Single Sign on
Mechanism (SSO).
I.
Introduction
A wired network [1] [4] [5] is a computer
networks composed of distributed environment in
different locations. Wired networks can be used in
newscast arrangements. The use of wired linkage
needs limited energy and computational facility.
Distributed wired contain self-organizing and selfhealing networks. This network allows a new node
to join the network with the help of Authenticated
server. SSO Mechanism contains five phases:
system initialization phase, user identification
phase, hacking phase, recovering phase, security
analysis. Attack will perform on system on the
basis of password and user name of User. To
overcome the impersonation attack single sign on
Mechanism can be used with the security
mechanism. The user contains multiple username
and password for retrieving the different services
from service provider [2]. But in single sign on
mechanism only need single username and
password for accessing the different services from
service provider. Except the authorized person or
admin, even a non-trusted authority and service
providers are not able to forge valid records for a
new user. Attacker is the unauthorized party when
trying to access the any services from service
provider then systems monitors those users and
block that user for that session only. Credential
privacy guarantees that untrusted authority should
not be able to impersonate the trusted party and
also does not recover the user details. Chang–Lee
scheme [3] is insecure by two attacks, i.e. Denial
of service attack and SQL injection attack without
identifications.
In the recovery attack, a malicious service
provider who has communicated with a legal user
twice can successfully recover the user’s
credential. The malicious service provider can
impersonate the user to access the services and
then the services can provide by other service
providers. These two attacks can imply that the
Chang–Lee SSO scheme fails to meet soundness
and credential privacy, which are essential
requirements for SSO schemes and authentication.
We also can identify the faults in their security
arguments to explain why it is possible to mount
our attacks against their scheme. Finally, to avoid
these two attacks, propose an improved SSO
scheme to improve the user authentication phase.
To this end, we employ the efficient RSA-based
algorithm to secure communication between user’s
criterions. There are no analogous attacks in the
SSO, and this is also the first time of using RSA to
design an SSO scheme, to the best of our
knowledge.
access the several services. The process is
authenticating to the user for accessing different
services during a particular session. SSO is a skill
for a user to enter the same username and
password to log on to the accessing multiple
services. As passwords is an apparatus for the
protected authentication, a single sign on has now
become also known as an (Reduced Sign On)
RSO. Single Sign On mechanism is a property of
access control of many related but free software
methods. Single Sign On mechanism are used to
reduce the username and password fault for
accessing different services for single user and
password groupings, and also falling the time
disbursed for re-entering passwords for the same
user identity.
II. Preliminaries
A. Existing Method
Secure and Distributed Reprogramming
Protocol (SDRP) is used. In distributed
reprogramming mechanism multiple authorized
network users can simultaneously and directly
reprogram sensors nodes without the involvement
of base station. Secure and Distributed
Reprogramming Protocol (SDRP) consists of three
phases: Method initialization phase, user preprocessing phase, and sensor node verification
phase. Method Initialization Phase: The network
owner creates a private and public key and assigns
the reprogramming privileges. User Pre-processing
phase: If network owner enters a WSN and has a
new code image and paradigm the reprogramming
packets. Sensor node confirmation phase: If
packet Confirmation passes. The node accepts the
code image. An characteristic design weakness in
the user preprocessing phase of SDRP is wellknown such that the node is weak to an
impersonation attack. Impersonation attack means
the adversary successfully attempts to identify one
of the real parties to launch various attacks. To
solve this problem the single sign on mechanism
have been proposed B. Proposed Method Chang
and Lee’s single sign-on scheme is a distant user
authentication method, supporting user secrecy
and session token establishment. In their scheme,
RSA algorithms are used to initialize an authorized
user, called as a service providers and (SSO)
Single Sign on Mechanism. The token are
established using the mac and ip address. In the
Chang–Lee scheme, individual person can apply a
valid top from the authorized user SSO; RSA
signature is used for the identification of the user
to check the user details. The service providers can
support its communication by using token. The
SSO (Single Sign On) scheme consists of a five
phases: system initialization, registration p, and
user identification. Method Initialization phase:
The trusted person SSO selects a two prime
numbers p and q. After that, SSO fixes its RSA.
SSO chooses a generator, where is also a large
prime number. Attacker hack that method than
recover that attack by using security analysis.
Finally, SSO issues, keeps as a secret, and erases
immediately once this phase has been finished.
Fig 1.Single Sign on Mechanism
C. User Identification Phase
In the user documentation phase only
authorized user can access the services in this
check detailed of the user and deliver access for
authorized user. Suppose user request services
from service provider, service provider deliver
message which is made up by RSA on algorithm.
Once this authentication is validated, it means that
user has authenticated person then service provider
deliver services successfully. To access the
services of a service provider, user can need to go
through the authentication phase. If users request
for services then service provider can conform
identification. After that the authentication server
generates the token temporarily. Once u close the
process there is needed to reenter the user name
and password, cause your session are stationary.
D. Attacks against the Single Sign on
Mechanism.
The single sign on is actually not a secure
SSO scheme because there may be possibility of
hacking of data. The first attack, an SQL-injection
attack and denial of service attack to identify like
as an behavior of trusted party and copy the details
in a method or in a communications protocol and
make use of services offered by service providers.
The attacker can violate the requirement of
B. Single Sign On Mechanisms
SSO (Single Sign-On) is which single
user that enters single username and password to
2
soundness for an SSO scheme and thus
successfully impersonate a legal user without
holding a valid credential. The Chang–Lee scheme
as a malicious service provider is able to recover
the credential of a legal user. In real life, these
attacks may be both users and service providers at
high risk.
one username and password, likewise yahoo,
twitter, fb user have same username but using
different password. In SSO mechanism provide
only one username and password.
E. Recovering Attack
Single sign on scheme specifies that is not
trusted parties can try to access the services. So,
that this implies the client could be malicious and
are not trusted parties. The user’s token against a
malicious service, the work also decides indirectly
that there is the potential for attacks from the
malicious service providers against a Single Sign
on (SSO) schemes. In fact, single sign on
mechanism are supposed to be a trusted, to classify
user can just monitor and block that user for the
current session only. In fact, such a mechanism is
more efficient, much simpler and has better
security.
Fig 3.Method Architecture
F. Security Analysis
IV. RESULT
The security of the better SSO scheme by
fixing on the security of the user authentication
part, particularly credential privacy and reliability
due to two reasons. On the one hand, the security
of service provider authentication is confirmed by
the enforceability of the secure scheme and the
enforceability of the credential is guaranteed by
the enforceability of RSA algorithm, chosen by
each service provider.
1. There is a two login one for admin second for
user. When admin login to method then
monitoring spoofing as well as register for
employee and when user login then access
different services.
Fig 4.Admin login
2. When authorized client accesses the services
then there is unauthorized user who uses its own
string and hack the method.
Fig 2.Security Analysis
III. Method Architecture
The distributed network users or multiple
users can register the username and password in
single sign on mechanism (SSO).that SSO
mechanism can provide the secret token to the
user’s .Any provider or social network i.e. they
also register with SSO mechanisms. If user can
securely access the network with single username
and password. For example: in Gmail user have
3
and outsider at high risk. In proposed method
using Single Sign On mechanisms can be used. By
using Single user name and password to access the
different services with SQL injection and denial of
service attacks perform on system then system
identifies that attack block that user for that
session only. Using RSA technique to encode and
decrypt the message and to securely access the
authenticated and communicated with a user .With
the help of secure socket layer to protect the
message from attacker. The result is to provide
high security without any attack
Fig 5.Unauthorized user
3. Admin monitoring the method when it found the
illegal user which accesses the services then admin
block that user for that session.
REFERENCES
1. M. Cheminod, A. Pironti, and R. Sisto,
“Formal vulnerability analysis of a security
method for remote fieldbus access,”IEEE
Trans. Ind. Inf.,vol. 7, no. 1, pp. 30–40, Feb.
2011.
2. D. G. Zhang and X. J. Kang, “A novel image
de-noising method based on spherical
coordinates method,” EURASIP J. Adv.
Signal Process, vol. 1, p. 110, 2012.
3. H.-M. Sun, Y.-H. Chen and Y.-H. Lin, “oPass:
A user authentication protocol resistant to
password stealing and password reuse
attacks,”IEEE Trans. Inf. Forensics Security,
vol. 7, no. 2, pp. 651–663, Apr.2012.
4. Daojing He and Laurence T. Yang, “Security
Analysis and Improvement of a Secure and
Distributed Reprogramming Protocol for
Wireless Sensor Networks,” IEEE transactions
on parallel and distributed methods, vol. 60,
no. 11, November 2013.
5. Kasim Sinan Yildirim and Aylin Kantarci,
“Time Synchronization Based on SlowFlooding in Wireless Sensor Networks,” IEEE
transactions on parallel and distributed
methods, vol. 25, no. 1, January 2014.
Fig 6.Admin monitoring
4. When admin observe that illegal user then
admin block that user for that session then
unauthorized user fail to access the services
Fig 7.Authentication failed
V. CONCLUSION
The existing method determine the two
attacks The first attack, is an “impersonation
attack, “to identify like as an behavior of trusted
party and copy the details in a method or in a
communications and make use of services
obtainable by service providers. The attacker can
interrupt the requirement of for an SSO scheme
and thus successfully impersonate a legal user
without holding a valid recommendation. The
other attack, the “credential recovering attack”
compromises the credential privacy in the Chang–
Lee scheme as a malicious service provider is able
to recover the credential of a legal user. In real life,
these attacks may be both user’s means intruder
4