Security characteristics of internet username and password authentication systems : an analysis of the strengths and weaknesses of current and future authentication systems, 2012

Item — Call Number: MU Thesis Car

Identifier: b4175556

Staff Only

Scope and Contents

From the Collection:

The collection consists of theses written by students enrolled in the Monmouth University graduate Software Engineering program. The holdings are bound print documents that were submitted in partial fulfillment of requirements for the Master of Science degree.

Dates

Creation: 2012

Creator

Cardio, Cory (1987- ) (Author, Person)
Wang, Jiacun, 1963- (Thesis advisor, Person)
McDonald, James (Thesis advisor, Person)

Conditions Governing Access

The collection is open for research use. Access is by appointment only.

Access to the collection is confined to the Monmouth University Library and is subject to patron policies approved by the Monmouth University Library.

Collection holdings may not be borrowed through interlibrary loan.

Research appointments are scheduled by the Monmouth University Library Archives Collections Manager (723-923-4526). A minimum of three days advance notice is required to arrange a research appointment for access to the collection.

Patrons must complete a Researcher Registration Form and provide appropriate identification to gain access to the collection holdings. Copies of these documents will be kept on file at the Monmouth University Library.

Extent

1 Items (print book) : 88 pages ; 8.5 x 11.0 inches (28 cm).

Language of Materials

English

Additional Description

Abstract

Web authentication systems use username and password mechanisms as the primary control for authorizing access to sensitive data and other resources of the Internet. While most Internet users view authentication systems as secure and usable, much research shows and many security experts believe that this view and the current authentication systems promote bad habits that result in loss of security, which poses real dangers to the Internet. Because site-centric authentication models result in the loss of security, alternative authentication models which conform to web centric authentication should be adopted.

This thesis presents the research, analysis, and assessment of security strengths and weaknesses of Internet site's username and password authentication methods. Specifically, three methods will be addressed: per-site username and password authentication, managed per-site username and password authentication, and single sign on username and password authentication.

The goal of this thesis is to improve user and developer understanding of the domain in order to increase security by exploring the security aspects of the Web authentications technologies of today. In order to successfully do so, developers and users alike were confronted on their needs and concerns, while thorough research was performed to provide data as a base to validate the thesis.

Keywords

Authentication, Single Sign On, SSO, Password, Login

Partial Contents

Abstract -- Acknolwedgements -- 1. Introduction -- 2. Background -- 3. Authentication systems -- 4. Authentication models -- 5. Security characteristics -- 6. Surveys and polling research -- 7. Concluding remarks -- Appendix A. Reference -- Appendix B. Summary table of strengths and weaknesses -- Appendix C. Calculating strength and weakness charts -- Appendix D. Survey and polling results -- Appendix E. Attack tree -- Appendix F. Terms defined.