SYNCHRONIZED TOKEN GENERATOR SYSTEM
Abstract (Summary)This thesis discusses a novel methodology to protect a user’s credentials in a centralized LDAP authentication environment. The work discusses the design and implementation of the Synchronized Token Generator System that gives the user a temporary token they can use when authenticating to untrusted third-parties such as service providers. This methodology addresses the risk when users give their credentials to a service provider. In LDAP environment it is necessary to give the service provider the user’s actual credentials since the service provider sends these credentials to the central server for authentication. The service providers have plaintext access to the username/password pair (the user’s credentials) even when transmissions are encrypted and the service providers can easily store a copy of the user’s credentials. This research looked at existing solutions to this problem and found that most require that the client programs participate in a secure credential exchange system. This work proposes a solution that does not require modifications to the client or service provider programs. The result is a Synchronized Token Generator System that automatically generates temporary tokens that the users use in place of their password during the authentication process.
School Location:USA - Ohio
Source Type:Master's Thesis
Date of Publication:01/01/2006