Lazghab, Souheil

Single Sign-on Using Trusted Hardware Background

• Single Sign-on Using Trusted Hardware Background (presentation)
• (thesis)

Every internet service requires from its user private username and password, this resulted at most of the people today posses more than one password. It is quit a difficult task to remember all these passwords and usernames. Passwords are very difficult to remember, to manage this big number of passwords, users start using very easily passwords e.g. name of his wife, the date of his birthday or the model of his new car. Other users make use of only one single password for many applications. This situation resulted in making our networks system very vulnerable to many different attacks. There is a high demand for a secure single sign-on system (SSO) to mange all these passwords in a secure way. Many of the available SSO system in the market today are beyond the rich of common users or they are too much complicated and could not be used from every one.

The main goal of this thesis is to secure the previously developed SSO system. The system has a lot of weakness concerning the communication protocols used between its devices e.g. Bluetooth protocol. The channels where the confidential and sensitive data traverse through the system left without any protection. The system suffers too from bad secure password generation mechanism and doesn’t offer to its users any back up facilities. The main goal of this thesis is to design, analyze and implement the necessary protocols for turning the existing prototype in to secure SSO system and investigate the best levels of security that could be achieved without affecting the usability of the prototype. The work on this thesis would result on releasing a new prototype and a paper reporting all the activities that was done during the thesis.

While the practical section includes any work related to the SSO system implementation, the theoretical section includes suggestions about what adjustments and changes should be done on a more theoretical level to improve the overall security and usability of the system, such as security analysis and usability tests.

The Practical Work consists of:

• Designing and implementing the necessary security measures for the prototype.
• Porting the solution that I will achieve to different hardware.
• Implementing a secure Back up solution for the SSO System.
• Supporting different login screens. - Implementing a good secure passwords generating mechanism.

The Theoretical Work consists of:

• Conducting a more detailed security analysis.
• Conducting a new thorough user and practical penetration tests that will be dedicated more to test the security issues in the prototype, and in the same time testing its functionality and usability.