a mobile single sign-on system master thesis 2006 mats byfuglien
TRANSCRIPT
![Page 1: A mobile single sign-on system Master thesis 2006 Mats Byfuglien](https://reader036.vdocuments.site/reader036/viewer/2022062417/551c01d65503469e4f8b4c81/html5/thumbnails/1.jpg)
A mobile single sign-on system
Master thesis 2006
Mats Byfuglien
![Page 2: A mobile single sign-on system Master thesis 2006 Mats Byfuglien](https://reader036.vdocuments.site/reader036/viewer/2022062417/551c01d65503469e4f8b4c81/html5/thumbnails/2.jpg)
Outline
Problem description Project description Research questions Methods Related work The prototype Results Further work
Conclusion
![Page 3: A mobile single sign-on system Master thesis 2006 Mats Byfuglien](https://reader036.vdocuments.site/reader036/viewer/2022062417/551c01d65503469e4f8b4c81/html5/thumbnails/3.jpg)
Problem description
Most users today have a large number of passwords to manage
This often results in: The passwords are written down Easily guessable passwords are used One password used on multiple accounts
This reduces the security passwords provide Secure passwords is still a good authentication mechanism SSO proposed as a way to improve password security
![Page 4: A mobile single sign-on system Master thesis 2006 Mats Byfuglien](https://reader036.vdocuments.site/reader036/viewer/2022062417/551c01d65503469e4f8b4c81/html5/thumbnails/4.jpg)
Project description
Today there are no mobile SSO solutions on the market supporting automated sign-ins.
Develop a functional prototype of a mobile SSO system that handles passwords and supports automatic sign in. A mobile phone with a Java MIDlet handles the management of
usernames and passwords Bluetooth/USB unit connected to the PC
Conduct a user test Security analysis to find what security measures should be
implemented
![Page 5: A mobile single sign-on system Master thesis 2006 Mats Byfuglien](https://reader036.vdocuments.site/reader036/viewer/2022062417/551c01d65503469e4f8b4c81/html5/thumbnails/5.jpg)
Research questions
1. What types of single sign-on solutions are available? 2. How secure is the Bluetooth protocol for transferring
sensitive data? 3. Is it possible to implement the proposed single sign-on
concept? 4. What security mechanisms need to be in place to assure
the security of this system? 5. How will this SSO concept be received by the users? 6. Will this SSO concept increase the users’ security level?
![Page 6: A mobile single sign-on system Master thesis 2006 Mats Byfuglien](https://reader036.vdocuments.site/reader036/viewer/2022062417/551c01d65503469e4f8b4c81/html5/thumbnails/6.jpg)
Methods
Literature study Technical feasibility study
Develop the prototype User test
Scenario Survey Interview
Security analysis Adversary modeling
![Page 7: A mobile single sign-on system Master thesis 2006 Mats Byfuglien](https://reader036.vdocuments.site/reader036/viewer/2022062417/551c01d65503469e4f8b4c81/html5/thumbnails/7.jpg)
Other SSO solutions A taxonomy lists 4 main categories:
Local pseudo SSO SSO component is on the user's computer
Proxy based pseudo SSO The user authenticates once to the proxy and the proxy handles
authentication to the services Do not require any changes to the authentication systems
True SSO User authenticates to Authentication Service Provider (ASP) once. True SSO solutions are expensive and difficult to configure correctly All systems must support the SSO solution
Local true SSO Trused component
Proxy based true SSO Kerberos
![Page 8: A mobile single sign-on system Master thesis 2006 Mats Byfuglien](https://reader036.vdocuments.site/reader036/viewer/2022062417/551c01d65503469e4f8b4c81/html5/thumbnails/8.jpg)
The prototype
![Page 9: A mobile single sign-on system Master thesis 2006 Mats Byfuglien](https://reader036.vdocuments.site/reader036/viewer/2022062417/551c01d65503469e4f8b4c81/html5/thumbnails/9.jpg)
Adversary modeling
![Page 10: A mobile single sign-on system Master thesis 2006 Mats Byfuglien](https://reader036.vdocuments.site/reader036/viewer/2022062417/551c01d65503469e4f8b4c81/html5/thumbnails/10.jpg)
Results from the security analysis
Four main issues were discovered: Secure the Bluetooth channel
Secure protocol on top of Bluetooth protocol
Properly authenticate the devices Digital certificates
Protect data stored on the mobile phone Encryption Split data on two devices
Confirm the integrity of software packages Digitally sign the packages
![Page 11: A mobile single sign-on system Master thesis 2006 Mats Byfuglien](https://reader036.vdocuments.site/reader036/viewer/2022062417/551c01d65503469e4f8b4c81/html5/thumbnails/11.jpg)
Results from the user test
28 users participated 26 rated the system above average 19 would like to use the system daily
7 did not have an opinion, 2 would not use it
24 believes the system will improve their password management
Everyone wanted a backup solution
![Page 12: A mobile single sign-on system Master thesis 2006 Mats Byfuglien](https://reader036.vdocuments.site/reader036/viewer/2022062417/551c01d65503469e4f8b4c81/html5/thumbnails/12.jpg)
Further work
Implement the proposed security measures Port the code to a smaller device Implement a backup solution Conduct a detailed security analysis when the security
measures are implemented Conduct a large scale user test
Allow users to test the system over time Include a largerer number of participants
![Page 13: A mobile single sign-on system Master thesis 2006 Mats Byfuglien](https://reader036.vdocuments.site/reader036/viewer/2022062417/551c01d65503469e4f8b4c81/html5/thumbnails/13.jpg)
Conclusion
It is possible to implement the SSO concept The system was well received by the users The system will not provide better security then other SSO solutions Mobility and easy to use functionality (no software or drivers
needed) makes the system stand out The solution might apeal to a different group then other SSO
solutions Will increase the security level of users who manages passwords
manually Enables the user to use more secure passwords
![Page 14: A mobile single sign-on system Master thesis 2006 Mats Byfuglien](https://reader036.vdocuments.site/reader036/viewer/2022062417/551c01d65503469e4f8b4c81/html5/thumbnails/14.jpg)
Questions?