Font Size: a A A

A Security Framework Based On Two Layers Of Online Identity Authentication System Design And Implementation

Posted on:2015-01-26Degree:MasterType:Thesis
Country:ChinaCandidate:C LiFull Text:PDF
GTID:2268330431453336Subject:Software engineering
Abstract/Summary:PDF Full Text Request
SSO (single sign-on) allows users to free from a lot of passwords, login by IDP (Identify the provider) for SP (service provider) after the authorization. But the traditional password authentication logging on to the IDP process is vulnerable to Phishing, MITM (Man In The Middle) and other attacks. Two-step verification can improve security, but the factor in server layer for authentication, some static authentication data (such as passwords) in the network transmission may be caused by an attacker to obtain a threat. The root of these threats is all validation data transferred over the network to the server validation.FIDOAuth is proposed in this paper, a security framework based on two layers of online identity authentication. Including SSO framework at the same time, the framework also has a way of two layers validation to ensure the security for IDP login. Users need login in the local authentication through static verification (such as Password, fingerprint, etc.) when attempts to the IDP, after that user need equipment to generate dynamic OTP (One Time Password) to submitted to the server for validation. Using three layers associated account system, three of equipment level, user level and service level to complete the mapping from the user equipment to the ending user accounts. Our aim is on the basis of safety certification to provide a quick and convenient SSO login process. This paper detailed description in a fixed terminal the browser, deployment and design of server and in the mobile terminal and a fixed terminal screen more interactive.At first, this paper discuss the system project development background and faced the problem of its development and design, on the basis of analyzing the functional requirements of the system, framework of authentication requirements and the system requirements in the form of a use case diagram to elaborate. In the non-functional requirements by the security in the most important, the design in the security requirements threat model to simulate may bring malicious attacks and robust forecasting system security. On the basis of system requirements analysis, we made a summary of the system structure design. First of all, according to system requirement system design target and principle, and then has been conducted on the system technical architecture and function architecture design. Technical architecture main consideration system scalability, maintainability, and performance issues and the function of each layer are analyzed in the design. In the functional architecture design, discusses the functions of the parts of the system composition, function process of a dynamic system is given.We are on the basis of the detailed design, first have carried on the simple introduction, to the realization of each module are given the overall effect and the realization of the various parts of the system. And then focuses on the implicit identity authentication and the realization of the data structure are analyzed in detail. In this part, firstly briefly introduced the modeling of the system and the foundation of the security framework and SHA3-OTP algorithm design, according to the actual system requirements, threat model was designed and implemented to prevent, and the error analysis and the forecast results are showing effect. Finally, a simple analysis of the system test, and the environment of stress test structures, gives a detailed analysis and testing process.From what has been discussed above, we based on the analysis on the business requirements, designed and implemented for the safety of the network security framework.
Keywords/Search Tags:Cross-domain, single sign-on, multifactor authentication, one time password, two layers of authentication, Screen+
PDF Full Text Request
Related items