Re-authentication of Critical Operations
This is a study on the development of a re-authentication prototype. Re- authentication serves as a receipt for e.g. system administrators that authorise them to carry out a critical operation in a system that already is protected by a security architecture. A critical operation is a kind of operati...
Main Author: | |
---|---|
Format: | Others |
Language: | English |
Published: |
Linköpings universitet, Institutionen för systemteknik
2002
|
Subjects: | |
Online Access: | http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-1174 |
id |
ndltd-UPSALLA1-oai-DiVA.org-liu-1174 |
---|---|
record_format |
oai_dc |
spelling |
ndltd-UPSALLA1-oai-DiVA.org-liu-11742018-01-14T05:13:54ZRe-authentication of Critical OperationsengÅterautentisering av Kritiska OperationerYachouh, MarwanLinköpings universitet, Institutionen för systemteknikInstitutionen för systemteknik2002InformationsteknikComputer SecurityDistributed SystemsAccess-controlCertificatesRe-authentication CertificatesCryptography.InformationsteknikComputer and Information SciencesData- och informationsvetenskapThis is a study on the development of a re-authentication prototype. Re- authentication serves as a receipt for e.g. system administrators that authorise them to carry out a critical operation in a system that already is protected by a security architecture. A critical operation is a kind of operation that can cause serious damage to a network node or a set of network nodes, if it is done without one giving it a second thought. The purpose is to prevent mistakes and secure the users’ audit trail. The main task is to propose and implement a re-authentication prototype, that is to enable the incorporation of the re-authentication prototype to an already complete security architecture and yet preserve the security and performance level of the architecture. This thesis deals with this problem by using digitally signed certificates to provide the necessary security issues. The certificates used are called re- authentication certificates and follows the X.509 attribute certificate standard. The re-authentication certificate is optimised so that it only holds authorisation information regarding one critical operation. An access control decision function is used to decide if the re-authentication certificate and its owner are authentic. On basis of that decision the user can get the authority to execute critical operations. The finished prototype confirms that a re-authentication can be incorporated with the security architecture. The report also shows that the security status of the architecture is preserved. The performance of the prototype is rather difficult to prove since the prototype implementation only initialises the objects that are required to prove the security issues. A performance test can therefore never prove how the prototype will perform in an authentic environment. The performance is assumed to be adequate since it uses the same authentication function that is used by the security architecture. Student thesisinfo:eu-repo/semantics/bachelorThesistexthttp://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-1174LiTH-ISY-Ex, ; 3276application/pdfinfo:eu-repo/semantics/openAccess |
collection |
NDLTD |
language |
English |
format |
Others
|
sources |
NDLTD |
topic |
Informationsteknik Computer Security Distributed Systems Access-control Certificates Re-authentication Certificates Cryptography. Informationsteknik Computer and Information Sciences Data- och informationsvetenskap |
spellingShingle |
Informationsteknik Computer Security Distributed Systems Access-control Certificates Re-authentication Certificates Cryptography. Informationsteknik Computer and Information Sciences Data- och informationsvetenskap Yachouh, Marwan Re-authentication of Critical Operations |
description |
This is a study on the development of a re-authentication prototype. Re- authentication serves as a receipt for e.g. system administrators that authorise them to carry out a critical operation in a system that already is protected by a security architecture. A critical operation is a kind of operation that can cause serious damage to a network node or a set of network nodes, if it is done without one giving it a second thought. The purpose is to prevent mistakes and secure the users’ audit trail. The main task is to propose and implement a re-authentication prototype, that is to enable the incorporation of the re-authentication prototype to an already complete security architecture and yet preserve the security and performance level of the architecture. This thesis deals with this problem by using digitally signed certificates to provide the necessary security issues. The certificates used are called re- authentication certificates and follows the X.509 attribute certificate standard. The re-authentication certificate is optimised so that it only holds authorisation information regarding one critical operation. An access control decision function is used to decide if the re-authentication certificate and its owner are authentic. On basis of that decision the user can get the authority to execute critical operations. The finished prototype confirms that a re-authentication can be incorporated with the security architecture. The report also shows that the security status of the architecture is preserved. The performance of the prototype is rather difficult to prove since the prototype implementation only initialises the objects that are required to prove the security issues. A performance test can therefore never prove how the prototype will perform in an authentic environment. The performance is assumed to be adequate since it uses the same authentication function that is used by the security architecture. |
author |
Yachouh, Marwan |
author_facet |
Yachouh, Marwan |
author_sort |
Yachouh, Marwan |
title |
Re-authentication of Critical Operations |
title_short |
Re-authentication of Critical Operations |
title_full |
Re-authentication of Critical Operations |
title_fullStr |
Re-authentication of Critical Operations |
title_full_unstemmed |
Re-authentication of Critical Operations |
title_sort |
re-authentication of critical operations |
publisher |
Linköpings universitet, Institutionen för systemteknik |
publishDate |
2002 |
url |
http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-1174 |
work_keys_str_mv |
AT yachouhmarwan reauthenticationofcriticaloperations AT yachouhmarwan aterautentiseringavkritiskaoperationer |
_version_ |
1718610589409869824 |