Today, a variety of platforms are available to facilitate our work in computer aided environments. At the beginning of a typical working day, the very first action a user has to perform is to start up a workstation and login to the oper-ating system. After this process, a plethora of sessions and program start-ups follows. This could include a login to an email program, terminal services, external databases and administrative applications which all entail calls to several password requesting services. Even leaving the computer for a coffee break would later require a release of the desktop lock by entering a password.
Such a wide range of systems brings with it a vast amount of username / password pairs to remember. The credentials in many cases are given as a secret word at the startup of an application and since humans are tempted to forget things, these credentials are noted down on reminder stickers or other unsecure media which can be accessible to anyone[24].
The next chapter is related to a solution to the above problem and will outline a single platform where users only have to login once to get access to a variety of different applications.
3.4.1 Single Sign-On
When administering a user environment, the work is increased by the number of applications that are implemented. These systems often have their own user accounts and authentication procedures. In general, a coherent authentication strategy or a solid authentication framework is missing[25].
The idea of a Single Sign-On (SSO) platform address the problem by using
only one unique central account database and one login procedure to trans-act authentication to different software systems. It handles access controls for multiple, related but independent applications. A user is able to login to one system and gains admission to all applications within an SSO environment (circle of trust) without being prompted to login again when changing plat-forms.
Ideally, the requestor has only one username and only needs to pass the iden-tity check process once to be able to access all network resources. The reverse process is called Single Sign Off; with one click, the user opts out from every opened platform he called during a session[26].
Generally, an SSO solution brings benefits by making work easier for the user and closes potential leaks or reduces security holes by avoiding multiple creden-tials. On top of this, it facilitates administrative work. Privileges for groups can be changed quickly or a new user can acquire access to all systems by one single entry in the database. In the opposite manner, excluding or blocking a user from the circle of trust can be performed in seconds.
Changing a running system by introducing a new mechanism has advantages and disadvantages. Before a new system can get installed, it must be evalu-ated to see whether or not there is an end benefit. The following list shows the advantages and disadvantages of SSO.
Advantages[25]:
• Improved user productivity
• Simple administration
• One unique central account database
• One authentication process per session
• Reduce ”password fatigue2”
• Multiple applications, portals, systems
• User group management for authorization
• Reduce labor and monetary costs
The universal access can also be seen as a negative feature. This might be an interest point for hacking (single point of attack). Another negative is the need to adapt existing systems. This is most likely connected with additional costs[25].
3.4.2 Types of SSO Models
A SSO model can be realized in different ways. The best model is chosen according to need and technical feasibility.
3.4.2.1 Circle of Trust
In the space of a Single Sign-On infrastructure, a Circle of Trust (CoT) de-scribes virtual separated application communities. A user granted access to one service is then able to move between the services inside a circle of trust without being prompted to for a second login[27]. The user authenticates at the first site and is issued a ticket which is valid for all other locations inside the CoT.
Figure 3.2 shows a simplified diagram of a CoT model. A user is able to login at any client and if the authentication is accepted, the user is able to move freely within the CoT.
2writing down passwords
Figure 3.2: Circle of Trust 3.4.2.2 Centralized Sign-on Server
A centralized Single Sign-On server is a model that acts like a CoT model, but has a dedicated authentication server which handles all user information and controls tickets or tokens. The client logs on to the server and gets a circle-wide valid ticket to access applications within boundaries[27].
Figure 3.3 shows a simplified example of a centralized Single Sign-on architec-ture.
Every request to a service is first directed to the central SSO server. The user logs on with credentials and gains a circle-wide personal ticket. SSO for-wards the client’s request to the desired service by using return addresses from the service. The application verifies the given ticket and, if correct, grants access.
Figure 3.3: Centralized Single Sign-On
3.4.3 SSO Authentication Methods
When introducing an SSO model to an existing environment, security increases when the human-driven ”password fatigue” factor is reduced to a minimum.
Although this increases security, it also makes it possible for intruders to access all areas by entering only one site. The new weak point in the security chain is the portal where Single Sign-On takes place. To combat the security weakness of a single entry point, SSO infrastructure provides different authentication models with different security levels[24]:
• (weak) Classic Web Form: A standard web page with username / password pair to login. Possibility to store credentials in browser cookies for later use.
• (medium) Windows Integrated Authentication: from the current logon to a windows operating system, a token is used to verify the user’s genuineness and to authenticate to other systems. Absolutely required:
desktop lock when leaving the workspace.
• (strong) Certificates: Authentication can be enhanced by incorporat-ing a Certificate Authority (CA) to the process. The user gets a verified certificate from a trusted third party to authenticate when requests on resources appear.
• (strong+) Combination: More factor authentication, as explained in in the chapter on authentication (see 3.1.3.1 Authentication), increases security levels by combining certificates with smartcard tokens or other additional methods.
• (very strong) Biometrics: enhancement of combination. Using hu-man biometric information, such as eye-scans, fingerprint scan or voice recording authentication methods additional to a CoT.
3.4.4 Authentication Token
When a user successfully logs in to a system, an instance combines the re-quested address of a service with a session-dependent token. With this token, the user is able to access all services within the trusted circle. Every resource must check the validity of the token prior to access being granted. If the va-lidity has expired or there is not yet a token in the HTTP header, a redirect to the login page appears.
Figure 3.4: SSO Infrastructure
Figure 3.4 shows a general overview of a SSO infrastructure. (drawn at gliffy.com) A user enters a trusted circle by calling an application. The ac-cess control instance checks if there is a token within the request and whether or not the token is valid. If the token is not valid, the user must authenticate and is then forwarded to the requested service.