This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.
Single Sign-On (SSO) is a system log in management approach aims to solve problems in the environment of coexisting of multiple systems. SSO allows user to use a single set of credential information to access all these system which may built with different operation systems and languages. It is a useful tool nowadays because the increasingly complexity of job functions.
SSO generally improves the daily operations by simplifying the processes and increasing the efficiency. However, another the benefits, it can brings out some security problems, and responsive remediation should be made.
As the complexity of the business evolves, end user and system administrator are using increasing number of application to complete their daily operations. End users required to sign on to multiple system to access the services, it means that they may need to remember multiple set of user names and password and interact with number of log in interfaces to gain the access. For system administrator, he also maintaining many set of user account databases of multiple system. It is quite time consuming and troublesome for end user and system administrator to handle these activities.
The Single Sign-On is developed to solve this problem. It is a independent log in management service adding on the existing distributed computer system. End user can use single set of credential information to access all systems and he can directly call the services in another system without interact with the sign on interface again. On the other hand, system administrator also required to maintain a single user account database only, it saves time and effort. In management prospect, it also save the daily operation cost the process become simplified.
Unfortunately, SSO is not a prefect tool. There are weaknesses on its architecture, resulting it become more sensitive to some kind of attacks.
All the issues will be discussed more detail in the following paragraphs.
What is Single Sign-On?
As mentioned above, when the complexities of the job functions increase, number of systems will be used at the same time to perform the business functions. The diagram below illustrated the traditional approach for users to sign on in multiple systems:
As shown in the diagram, a distributed system in an organization may consist of applications in multiple systems with independent security domain which may built on different operation systems or configurations. It means that user are required to authenticate them in each different in order to access respective services.
In the illustration, end user interacts with the "Primary Domain" to establish a session that identified him before gain access to services in the domain. This activity is called "Primary Domain Sign-On" in the diagram which requires user to provide information of "Primary Domain User Credentials" (For example: user name and password, smart card, or some biometrics characteristics (e.g. finger print). After the "Primary Domain User Credentials" is authenticated, a "Primary Domain Shell" which represented by an operation system session shell or application session shell will be set up for the user. Through the "Primary Domain Shell", user can access services gained within the "Primary Domain", or invokes application from another domains.
In case of invoking application from "Secondary Domain", user is required do something similar to sign in "Primary Domain". He should provides another set of credentials that applicable to "Secondary Domain" by interacts with the interface of "Secondary Domain Sign-On". After authentication, the "Secondary Domain Shell" will be set up for the user for him to access the content in the domain. Obviously, there are some repeating processes and it results out less preferred user experience.
In order to solve the problem, Single Sign-On approach can be used in system design. With reference to Wikipedia, Single Sign-On (SSO) is defined as:
Single sign-on (SSO) is a property of access control of multiple related, but independent software systems. With this property a user logs in once and gains access to all systems without being prompted to log in again at each of them. Single sign-off is the reverse property whereby a single action of signing out terminates access to multiple software systems.
Simply say, Single Sign-On allows user to access applications in different domains (systems with different authentication) by log in one time only. The diagram below further describes the concept of SSO:
In Single Sign-On approach, end user should also supplies to provide identification and credential information to support authentication in all of "Secondary Domains" as a part of "Primary Sign-On". By using the information, the SSO services can interact with the "Secondary Domains" and authenticate end user automatically when he requests the services in these domains. The SSO services which combined in the "Primary Domain Sign-On" procedure can be implemented in the following ways:
i) Directly passing the information supplied by user to "Secondary Domain"for "Secondary Domain Sign-On"
ii) Using the information supplied to retrieve the identification and credential information stored in the database of SSO service and then pass the extracted information for the "Secondary Domain Sign-On" process.
iii) Establish sessions with "Secondary Domain" when the "Primary Domain Session" is established. It means that the applications in "Secondary Domain" are invoked at the time of initial sign-on operation.
Motivation of Single Sign-On
It some problems in authentication when a user wanted to access multiple system, this situations is popular in organization and Internet nowadays. While different system have different log in authentication,, user is required to memorize different passwords which it is inconvenient. Moreover, it also increase the workload (in other word: costs) of system administrator as he needs to maintain multiple user databases in different system. The Single Sign-On architecture integrated the many user databases into a single one, so user only needs to keep one set of credential information and system administrator only takes care one single user database. As result, the process in the daily operation is simplified and efficiency is improved.
Applications of Single Sign-On
According to the nature of usage, SSO can be classified into three categories:
i) Web Single Sign-On (WSSO) - the applications are running on different computer network and those applications must be web based. It uses standards-based web services in communicating among applications in different computer networks, so allows user to use single password to browse web sites of different companies or accessing different services within a web site. Example: Microsoft Passport, Central Authentication Service (Yale University)
ii) Enterprise Single Sign-On (ESSO) - As told in the name, it usually used within an organization. The user can use a single set of credential information to access all application running on organization's network. The applications may built on different types of operation systems and computers, such as Window in PC, Unix on Mainframe. Example: Kerberos, Grid Security infrastructure (GSI).
ii) Password Manager - It assists end user to organize his own password. Typically there is a local database stored the user's encrypted password (In contrast to WSSO and ESSO where the password is stored in server). Some of the Password Manager have the function to fill and send out log in information automatically to the authentication interface of applications. Example: Critx (critx.com), WiseGuard SSOWatch (evidian.com).
Common Attacks and Responsive Protections
A sniffer is a program installed in a networked computer that allows it to capture all data passing through the network interface, no matter the data is destined for the computer itself or another computers in the network. It brings out two potential risk to SSO. Firstly, malicious user can capture the password by searching for sign on transmission. Secondly, the location of single sign on interface may be easier to be discover, as every sign on transmission target on it. It makes the attacker also easier to focus on the point of attack.
In order to protect from sniffing, the network transmission should be encrypted (e.g. Secure Shell (SSH). Moreover, switching network configuration will helps also. In native broadcast network, all data packets are listened by all computers, so it makes sniffing easy. In a switching network, all computers connected to switches directly. Instead of broadcasting the data in the network, all packets will be sent to switches and the switches will resolve the physical address and sent to the destination directly. So, it is no need for the packets to be transmitted through another computers, so sniffing become difficult.
Password Cracking is a process that aims to discover the password from either extracting from data base or transmission in computer network. Generally, it is carried out by repeatedly guessing the real password by brute force, common techniques includes Dictionary Attack and Rain Table Attack. In case of the attacker have gained the access to the domain sign-on interface (For example Accessing computer of the organization by physical break in the property, make connection to the private network by pass through firewall via internet), he can further access the computer system of the organization by search for usable passwords with the assistance of this technique. It is a importantly serious risk for the SSO architecture, because when the attacker gained one access, he can access every system within the organization. The unauthorized access may results a different levels of damage to the organization, the data may be stolen, altered, or destroyed and wrong operations may be carried out.
Firstly, instead of storing password with plain text, the password database must be encrypted. In addition, ensure the transmissions of password among program are encrypted also (Protect password from suffering). Secondly, try to control the access to password file, limit the number of user accounts having the right to access. For example in Unix system, change the password file to shadow password file which can only be access by program that having "system" privilege. Finally, encourage end user to use "Strong" password. "Strong" password must be long enough and preferred consisting of alpha-numeric and special letters when letters with mixed cases. It is especially helpful for preventing Dictionary Attack.
Through session hijacking, attacker can get unauthorized access to the computer system, it is done by exploitation of a valid computer session and stealing the magic cookies (i.e. session key) that authenticating the end user. The risk to SSO based system is similar to those of password cracking, the malicious user may gained any privilege and able to thief any data from the system and do any damage on it.
In programming level, it is better to use random number for the session key, and it should be as long as possible. It reduces the risk for attacker to use brute force to guess the key. In addition, it is also preferred to regenerate the session key after successful log in. It can prevents "session fixation", attacker can't track the session after log in as it is changed. On other hand, on the network level the communication in the network should be encrypted, it can be done by using SSH or virtual private network (VPN).
Denial of Service Attack
Denial of Service Attack aims to turn down the services provided by the target computer. It is done by flooding messages to the objective machine to exhaust its network capacity. It may cause the computer crash down also. As a result, end user can't access the services provided by the server. It can be a serious problem to the SSO based system, as if the log in interface halts, all service will be suspended.
The preventive action can be done in the network architecture. Configuration (e.g. proxy setting) should be make in network hardware such as switch, router, and firewall to block the traffic from malicious addressees.
Pros and cons of Single Sign-On
In the above sections, some of the benefits of Sign Sign-On are briefly mentioned, such as easier to management and save log in time. However, like most of another architectures, SSO is not a totally flawless solution for authentication in multiple system environment, there are some hidden problems in security aspect and another areas. Therefore, it is important to understand the strength and weakness of SSO when considering it to be use in real organization. Those characteristics which categorized by different user's aspect will be discussed in the following paragraphs.
In End User aspect
Generally, the end user will feel happy for using the SSO system, because the log in process which is supposed to be useless/ messy (in the view of user, it is not productive to the job his really want to do) become simplified compared with traditional distributed systems. Firstly, it reduce password fatigue that user no longer required remember many set of user names and passwords; on the other hand, it also gives less chance for entering wrong password or forgetting password . Moreover, it required log in once only, save time to deal with multiple sign on interface which is quite annoying to user also. Finally, it is easier for new user to learn to a single log in interface than difference interfaces of distributed systems.
In System Administrator Aspect
System administrator may admires SSO system is easier for use account maintenance as the many interface are integrated. It saves their effort to do repeatedly maintenance jobs. In addition, system security can be some how improved. It saves time in user account maintenance because system administrator only required to deal with one single SSO system database, any changes of privileges, add or delete user action is done once in the database, instead updating different user account databases in different applications. On other hand, chance of getting error in updating information will be also reduced as number of steps are minimized. For security issues, it may reduces the chance of end user expose his password in case there are too many passwords that he can't remember. Finally, the effort of protection can also be centralized, and security can be improved. It is because there is lesser weaknesses for a single log in interface than multiple log in interfaces.
In Management Aspect
The viewpoint of management people, as SSO simplified the process, it makes things easier to monitor and resources can also be saved. As end user own one set of user account only, it cost of IT help desk can be reduced as number of account to handle is decreased. Moreover, it also save cost in training end user to use different interface as well as improve the learning curve. Similar benefits can also be gained for system administrator in some ways. Finally, it also provides a alternative way to monitor the process. It is because every user must sign on the SSO system, so theoretically all interesting statistics can be extracted through the system.
In End User aspect
Beside end user enjoying the simple log in process of SSO system, he may also something inconvenience. It is because the requirement of security level become higher as SSO become a single point of defense of the distributed systems. Firstly, the end user may forced to use a stronger password which is more difficult to remember compared with the passwords that may allowed to set with lesser limitations in previous multiple systems. Moreover, additional authentication devices such as smart card or finger print recognizer may be used in sign on in order order to achieve higher security requirements. It will increases the complexity of the log in process and may causes inconvenience to user.
In System Administrator Aspect
While the daily maintenance job becomes easier, it required many effort in setting up the SSO service. It is because the current distributed system may contains applications built on different platforms. There are many problems to solve to make those sub systems with different configuration working together. In addition, there is higher security requirement for SOS system. The following are further discussions.
Firstly, the SSO system is difficult to setup. It required many programming efforts to built interfacing program to communicate systems belongs to different versions, platforms, and vendors.
Beside, the complexity of SSO and large number of systems involved, it takes more time for testing, includes internal testing and user acceptance test (UAT). Thirdly, the single log in server is means single point of attack to attacker. Once the attacker successfully break in the SSO system, all the systems in organization will become unprotected. Therefore, high caution should be take for the security risks of the SSO system, attacks like denial of service will totally turn down the operation of the organization. Finally, in order to enhance the security level of sign on activity, additional authentication hardware may required to be installed. It increases the workload of system administrator in term of setting up new devices and training to users.
In Management Aspect
Together with the benefits on facilitating daily operation and management, some costs are raised for the SSO system. In addition, some calibrations should be made in the system migration. The first issues to consider is the usually the initial cost of SSO system is high. It is because it requires effort to match with existing systems based on different architectures. In addition, there is considerable time for system testing. Other than that, there are costs of training staff for the new system and the costs of additional authentication devices. Finally, some legacy systems may be too old to be supported by the new SSO system, decision should be made to suspend these systems or replace them with a new one that supported by SSO. Both decisions incurs cost and disruption to daily operation.
As mentioned above, SSO is not a totally good system approach, it has its advantages and disadvantages. It brings different impacts on different section of an organization which will be discussed below.
Impact on operation
There should be a improvement on efficiency on daily operation that relies on services provided by SSO based system. It is because the time for user to interact with the log in interface decreased. In addition, user can also free form password fatigue, as he only needed to remember single set of user name and password.
At the system administrator's viewpoint, the daily maintenance job (e.g. Add/ alter user, database backup) become easier as they only manage single user account database. While number of accounts decrease, the time spent by IT help desk to solve daily account problems (e.g. forgetting password, revoke of account) will decrease also. Moreover, because the sign on functions are integrated, it is lesser chance to have manual error in these operations. However, because it is difficult to communicate simultaneously with legacy systems with different versions, platforms, or operation systems. Huge effort is required at the initial phase.
Finally, management will find the system is easier to monitor and control as there is only a single system to run.
For conclude, SSO could bring a positive impact on daily operation.
Impact on cost
Because of complexity of the SSO architecture, the initial cost of setting up the system will be high. In addition, there are also another for training user for the new system, buying authentication devices or replacing legacy systems that do not compatible with the new SSO based system. However, after the SSO based system is established, the daily operation cost will be decreased. It is because both the log in process and maintenance of user account are simplified, the effort and time used are minimized.
Therefore, it is difficult to say SSO can raise or reduce cost, it will depends on the balance of initial cost and saving in daily process.
Impact on computer security
SSO as a innovation of sign on method, it changes the viewpoint of evaluating system security so much by centralizing all the log in activities into one single point. The following is the description of impact categorized with goals of computer security.
SSO architecture can generally improve the integrity of user account database. It is because any altering actions is done to the SSO database only compared with it is required to update a single user's information to distributed databases in legacy which will increase the chance of incurring human errors.
SSO based system is more sensitive to attacks (e.g. denial of service attack) or sever malfunction, if the log in interface turn down , all the operations of the organization will be influenced. In legacy system, it is difficult to launch attacks to all services simultaneously and less chance for all servers turn down. Therefore, it is a weakness in availability when SSO compared with distributed systems with many log in interface.
Confidentiality is also not a strength in SSO. It is because it is easier to located attack target as there is a single log in interface. Therefore, attacker can focus on exploiting data (By techniques of sniffing or session hijacking ) sent in and out the SSO service and get the valid authentication information and further invades the system.
In generally speaking, there are many security problems in SSO architecture. Therefore, additional protection should be made in order to maintain the system secure.
The Single Sign-On as a technology simplified the process of authentication in multiple system environment has a obvious advantages of save time and effort for daily operation. However, the cost to establish the system is high in the initial phase, but daily operation cost will be saved after the launching. Therefore, it is important to balance these two kind of costs in planning of the project. In the system security aspect, it have risk of suspension of entire system and created a single point of attack for attacker. It is required to carried out remediation action to fix those security holes.