分散式多層級單一登入系統

Chih-Hsing Wu; 吳致行

請用此 Handle URI 來引用此文件： http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/43131

完整後設資料紀錄

DC 欄位	值	語言
dc.contributor.advisor	曹承礎(Seng-Cho T. Chou, Ph.D.)
dc.contributor.author	Chih-Hsing Wu	en
dc.contributor.author	吳致行	zh_TW
dc.date.accessioned	2021-06-15T01:38:31Z	-
dc.date.available	2013-08-15
dc.date.copyright	2011-09-08
dc.date.issued	2011
dc.date.submitted	2011-08-16
dc.identifier.citation	[1] D. Florencio and C. Herley. A large-scale study of web password habits. In WWW ’07: Proceedings of the 16th International Conference on World Wide Web, pages 657–666, New York, NY, USA, 2007. ACM. [2] Sean Coughlan, 'Don't forget to remember,' The Guardian, August 4, 2001 [3] Microsoft .Net Passport: a security analysis, Computer, 2003, Oppliger, R, eSecurity Technologies [4] Yahoo Inc. Browser-Based Authentication (BBAuth), http://developer.yahoo.com/auth/ [5] Liberty Alliance Project, http://www.projectliberty.org/ [6] OpenID authentication 2.0, http://openid.net/specs/ [7] OpenID Foundation, http://openid.net/2009/12/16/openid-2009-year-in-review/ [8] A Billion Keys, but Few Locks: The Crisis of Web Single Sign-On, New Security Paradigms Workshop, 2010, San-Tsai Sun, Yazan Boshmaf, Kirstie Hawkey, Konstantin Beznosov, University of British Columbia, Vancouver, Canada [9] A Unified Authentication Framework for Accessing Heterogeneous Web Services, Next Generation Web Services Practices, 2008. NWESP '08. 4th International Conference on, Moss, A., Liu, S., Richard, R., Inst. for Inf. Technol., Nat. Res. Council Canada, ON [10] The Seven Flaws of Identity Management, Security & Privacy, IEEE , 2008, Dhamija, R., Dusseault, L., Harvard Univ., Cambridge [11] Single Sign-On for the Internet: A Security Story, Eugene Tsyrklevich, BlackHat USA, Las Vegas, 2007 [12] The Security Limitations of SSO in OpenID, Advanced Communication Technology, 2008. ICACT 2008. 10th International Conference on, 2008, Hyun-Kyung Oh, Seung-Hun Jin, Inf. Security Eng., Korea Univ. of Sci. & Technol., Seoul [13] A Large Scale Study of Web Password Habits, WWW '07: Proceedings of the 16th international conference on World Wide Web, Dinei Florencio, Cormac Herley, Microsoft Research [14] Architecture of a single sign on (SSO) for internet banking, Wireless, Mobile and Multimedia Networks, 2008, Bhosale, S.K., International Institute of Information Technology, Pune, India [15] Federated Security: The Shibboleth Approach, EDUCAUSE Quarterly, vol. 27, pp. 12-17, 2004, R. L. Morgan, S. Cantor, W. Hoehn, K. Klingenstein [16] User-centric Identity Management in heterogeneous Federations, Internet and Web Applications and Services, 2009, Rieger, S., Gesellschaft fur wissenschaftliche Datenverarbeitung mbH, Gottingen [17] Identity Federation Broker for Service Cloud, 2010 International Conference on Service Sciences, He Yuan Huang, Bin Wang, Xiao Xi Liu, Jing Min Xu, IBM Research – China [18] The Study of Multi-Level Authentication-Based Single Sign-On System, Broadband Network & Multimedia Technology, 2009, Niu Ying, Zhao Yao, Zou Hua, State Key Lab. of Networking & Switching Technol., Beijing Univ. of Posts & Telecommun., Beijing, China [19] Identity Federation and Privacy: One Step Beyond, 4th ACM Workshop on Digital Identity Management, 2008 , Sebastien Canard, Eric Malville, Jacques Traore, Orange Labs R&D, Caen, France [20] A Robust Single Sign-On Model based on Multi-Agent System and PKI, Networking, 2007, Fugkeaw, S., Manpanpanich, P., Juntapremjitt, S., Thai Digital ID Co.Ltd., Bangkok [21] A Data Synchronization based Single Sign-on Schema Supporting Heterogeneous Systems and Multi-Management Mode, Computer Science and Information Technology, 2010, Haojiang Gao, Tianyuan Xiao, Zhongguancun Haidian Sci. Park Postdoctoral Workstation, Beijing Northking Technol. Co.,Ltd., Beijing, China [22] Peer-to-Peer Authentication with a Distributed Single Sign-On Service, 3rd Int. Workshop on Peer-to-Peer Systems, 2004, William K. Josephson, Emin Gun Sirer, Fred B. Schneider, Department of Computer Science Cornell University Ithaca, New York [23] A Novel Distributed Authentication Framework for Single Sign-On Services, Sensor Networks, Ubiquitous and Trustworthy Computing, 2008, Brasee, K., Kami Makki, S., Zeadally, S., Dept. of Electr. Eng. & Comput. Sci., Univ. of Toledo, Toledo, OH [24] ThresPassport - A Distributed Single Sign-On Service, International Conference on Intelligent Computing, 2005, T. Chen, B. Zhu, S. Li, X. Cheng, Microsoft Research Asia, Beijing 100080, China [25] Assertions and Protocols for the OASIS Security Assertion Markup Language (SAML) V2.0, OASIS SSTC, March 2005, S. Cantor et al., http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf 20.02.2009 [26] The Venn of Identity: Options and Issues in Federated Identity Management, Security & Privacy, IEEE, March-April 2008, Maler, E., Reed, D., Sun Microsyst., Santa Clara [27] Shibboleth, http://shibboleth.internet2.edu/ [28] Introduction to the Liberty Alliance Identity Architecture, Liberty Alliance Project, March 2003 [29] User Centric Identity Management, AusCERT Conference 2005, Audun Josang, Simon Pope, The University of Queensland, 4072, Australia [30] How to Share a Secret, Communications of the ACM Vol. NO.11, A. Shamir, 1979 [31] RSA Laboratories, RSA Algorithm, http://www.rsa.com/rsalabs/node.asp?id=2146 [32] National Institute of Standards and Technology, http://www.nist.gov/index.html [33] Criteria for Evaluating the Privacy Protection Level of Identity Management Services, SECURWARE, 2009, Hyangjin Lee, Inkyoung Jeun, Hyuncheol Jung, Korea Inf. Security Agency, South Korea [34] Anatomy of an attack, http://blogs.rsa.com/rivner/anatomy-of-an-attack/ [35] Attribute exchange security alert, http://openid.net/2011/05/05/attribute-exchange-security-alert/ [36] Symantec Internet Security Threat Report Trends for 2010, http://msisac.cisecurity.org/resources/reports/documents/SymantecInternetSecurityThreatReport2010.pdf [37] Trustwave global security report 2010, https://www.trustwave.com/downloads/whitepapers/Trustwave_WP_Global_Security_Report_2010.pdf [38] Institute for Information Industry, http://www.iii.org.tw/
dc.identifier.uri	http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/43131	-
dc.description.abstract	有鑑於資訊服務大量的電子化，資訊來源、內容及安全需求差異越來越複雜，使用者存取網路資源的認證問題更需要去重視。大量的帳號密碼是網路角色管理的一大障礙，使用者為了方便，使用較簡單或重複的密碼去進行不同服務的認證，進而變成網路安全的漏洞。單一登入（single sign-on）系統是有效解決此問題的方式之一。透過各服務與認證系統建立的關聯性，單一登入系統可以讓使用者藉由一次認證來存取多個服務的資源。但單一登入系統仍有單點攻擊（single point attack）、無法隨網路服務特性調整的安全機制、缺乏統一標準等問題存在。此研究提出一個改良的單一登入模型：分散式多層級單一登入模型（distributed multi-level SSO model）。此認證模型擁有分散式結構，用來降低單點攻擊的風險性，並且提供安全層級的客製化調整，用來提供每個網路服務最適合的安全認證流程。我們也希望這個改良的模型可以作為單一登入統一標準的參考。從安全層級客製化這個概念，我們延伸出一個多重操作環境的構想，命名為服務內網路角色管理（intra-service identity management）。讓使用者對某個網路服務訂定安全層級之外，也可以設定不同的角色來享有差異化的使用環境，每個環境擁有獨立的資源限制及操作權限。服務內網路角色管理可以提供使用者對於一個網路服務有更直覺及主動的使用經驗。	zh_TW
dc.description.abstract	As more and more information services have been provided via Internet, the requirements of information resource, content and security have become more and more complicated. The authentication process that users used to access Web resources needs even more attention. Nowadays, every user often has large number of accounts and passwords and for their own convenience, they tend to set simple or repeated passwords for multiple Web services with different security requirements, which makes Internet environment vulnerable. Therefore, single sign-on (SSO) system has been proposed to solve this problem effectively. SSO system allows users to access multiple services with only one authentication process. However, SSO system still has some problems, such as vulnerability of single point attack, same security mechanism for all kinds of services and lack of unified standard…etc. In this thesis, we proposed a modified SSO model called distributed multi-level SSO (DMLSSO) model to solve the known issues of current SSO system. The model has distributed architecture, which can be used for reducing the risk of single point attach and providing customized security layering for different sorts of Web services. We also hope our modified model can serve as the standard model for SSO. In addition to bringing modifications to current SSO system, we further propose a brand new Web surfing concept. Extended from customized security layering, we propose that one Web service can have multiple operation environments for their users, and we called this concept intra-service identity management. According to the security level that users choose, service providers can present different environment to different users. Every environment has independent resource and permission, which makes intra-service identity management capable of providing more intuitive and active user experience.	en
dc.description.provenance	Made available in DSpace on 2021-06-15T01:38:31Z (GMT). No. of bitstreams: 1 ntu-100-R98725026-1.pdf: 4642016 bytes, checksum: ecb8b63a44d82a207dda9d06999406a9 (MD5) Previous issue date: 2011	en
dc.description.tableofcontents	致謝 I 論文摘要 II Thesis Abstract III Contents IV List of Figure VI Chapter 1 Introduction 1 1.1 Background 1 1.2 Motivation 2 1.3 Research Objective 5 Chapter 2 Related Works 7 2.1 Federated Identity Management 7 2.1.1 Overview 7 2.1.2 Shibboleth 8 2.1.3 Liberty Alliance 9 2.2 User-centric Identity Management 11 2.2.1 Overview 11 2.2.2 OpenID 12 2.3 Threshold Cryptography 14 2.3.1 Overview 14 2.3.2 ThresPassport 15 2.3.3 SeDSSO 16 2.4 Summary 17 Chapter 3 DMLSSO Model 19 3.1 Distributed Authentication Process 19 3.2 Security Layering 21 3.3 DMLSSO Components 23 3.4 SSO Process 27 3.5 Implementation Tests 30 3.5.1 Test Specifications 30 3.5.2 Test Environment 31 3.5.3 Test Result 32 Chapter 4 Intra-Service Identity Management 35 4.1 Shortcoming of IdM 35 4.2 Identity Segregation 37 4.2.1 Conception 37 4.2.2 Features 39 4.3 Scenario 42 4.4 Summary 47 Chapter 5 Conclusion and Future Work 48 5.1 Conclusion 48 5.2 Future Work 48 Reference 50
dc.language.iso	zh-TW
dc.title	分散式多層級單一登入系統	zh_TW
dc.title	Distributed Multi-Level SSO Model	en
dc.type	Thesis
dc.date.schoolyear	99-2
dc.description.degree	碩士
dc.contributor.oralexamcommittee	杜志挺(DU Timon Chih Ting),陳建錦(Chien Chin Chen)
dc.subject.keyword	單一登入,分散式認證,安全層級,使用環境,	zh_TW
dc.subject.keyword	single sign-on,distributed authentication,security layering,operation environments,	en
dc.relation.page	54
dc.rights.note	有償授權
dc.date.accepted	2011-08-16
dc.contributor.author-college	管理學院	zh_TW
dc.contributor.author-dept	資訊管理學研究所	zh_TW
顯示於系所單位：	資訊管理學系

文件中的檔案：

檔案	大小	格式
ntu-100-1.pdf 目前未授權公開取用	4.53 MB	Adobe PDF

顯示文件簡單紀錄

系統中的文件，除了特別指名其著作權條款之外，均受到著作權保護，並且保留所有的權利。