Re-authentication of Critical Operations

This is a study on the development of a re-authentication prototype. Re- authentication serves as a receipt for e.g. system administrators that authorise them to carry out a critical operation in a system that already is protected by a security architecture. A critical operation is a kind of operati...

Full description

Bibliographic Details
Main Author: Yachouh, Marwan
Format: Others
Language:English
Published: Linköpings universitet, Institutionen för systemteknik 2002
Subjects:
Online Access:http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-1174
id ndltd-UPSALLA1-oai-DiVA.org-liu-1174
record_format oai_dc
spelling ndltd-UPSALLA1-oai-DiVA.org-liu-11742018-01-14T05:13:54ZRe-authentication of Critical OperationsengÅterautentisering av Kritiska OperationerYachouh, MarwanLinköpings universitet, Institutionen för systemteknikInstitutionen för systemteknik2002InformationsteknikComputer SecurityDistributed SystemsAccess-controlCertificatesRe-authentication CertificatesCryptography.InformationsteknikComputer and Information SciencesData- och informationsvetenskapThis is a study on the development of a re-authentication prototype. Re- authentication serves as a receipt for e.g. system administrators that authorise them to carry out a critical operation in a system that already is protected by a security architecture. A critical operation is a kind of operation that can cause serious damage to a network node or a set of network nodes, if it is done without one giving it a second thought. The purpose is to prevent mistakes and secure the users’ audit trail. The main task is to propose and implement a re-authentication prototype, that is to enable the incorporation of the re-authentication prototype to an already complete security architecture and yet preserve the security and performance level of the architecture. This thesis deals with this problem by using digitally signed certificates to provide the necessary security issues. The certificates used are called re- authentication certificates and follows the X.509 attribute certificate standard. The re-authentication certificate is optimised so that it only holds authorisation information regarding one critical operation. An access control decision function is used to decide if the re-authentication certificate and its owner are authentic. On basis of that decision the user can get the authority to execute critical operations. The finished prototype confirms that a re-authentication can be incorporated with the security architecture. The report also shows that the security status of the architecture is preserved. The performance of the prototype is rather difficult to prove since the prototype implementation only initialises the objects that are required to prove the security issues. A performance test can therefore never prove how the prototype will perform in an authentic environment. The performance is assumed to be adequate since it uses the same authentication function that is used by the security architecture. Student thesisinfo:eu-repo/semantics/bachelorThesistexthttp://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-1174LiTH-ISY-Ex, ; 3276application/pdfinfo:eu-repo/semantics/openAccess
collection NDLTD
language English
format Others
sources NDLTD
topic Informationsteknik
Computer Security
Distributed Systems
Access-control
Certificates
Re-authentication Certificates
Cryptography.
Informationsteknik
Computer and Information Sciences
Data- och informationsvetenskap
spellingShingle Informationsteknik
Computer Security
Distributed Systems
Access-control
Certificates
Re-authentication Certificates
Cryptography.
Informationsteknik
Computer and Information Sciences
Data- och informationsvetenskap
Yachouh, Marwan
Re-authentication of Critical Operations
description This is a study on the development of a re-authentication prototype. Re- authentication serves as a receipt for e.g. system administrators that authorise them to carry out a critical operation in a system that already is protected by a security architecture. A critical operation is a kind of operation that can cause serious damage to a network node or a set of network nodes, if it is done without one giving it a second thought. The purpose is to prevent mistakes and secure the users’ audit trail. The main task is to propose and implement a re-authentication prototype, that is to enable the incorporation of the re-authentication prototype to an already complete security architecture and yet preserve the security and performance level of the architecture. This thesis deals with this problem by using digitally signed certificates to provide the necessary security issues. The certificates used are called re- authentication certificates and follows the X.509 attribute certificate standard. The re-authentication certificate is optimised so that it only holds authorisation information regarding one critical operation. An access control decision function is used to decide if the re-authentication certificate and its owner are authentic. On basis of that decision the user can get the authority to execute critical operations. The finished prototype confirms that a re-authentication can be incorporated with the security architecture. The report also shows that the security status of the architecture is preserved. The performance of the prototype is rather difficult to prove since the prototype implementation only initialises the objects that are required to prove the security issues. A performance test can therefore never prove how the prototype will perform in an authentic environment. The performance is assumed to be adequate since it uses the same authentication function that is used by the security architecture.
author Yachouh, Marwan
author_facet Yachouh, Marwan
author_sort Yachouh, Marwan
title Re-authentication of Critical Operations
title_short Re-authentication of Critical Operations
title_full Re-authentication of Critical Operations
title_fullStr Re-authentication of Critical Operations
title_full_unstemmed Re-authentication of Critical Operations
title_sort re-authentication of critical operations
publisher Linköpings universitet, Institutionen för systemteknik
publishDate 2002
url http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-1174
work_keys_str_mv AT yachouhmarwan reauthenticationofcriticaloperations
AT yachouhmarwan aterautentiseringavkritiskaoperationer
_version_ 1718610589409869824