Web Based Secure Authentication and Access Control System
Miranda Maria Irene,
M.Tech,
00,
38 pp.
Department of
Computer Science and Engineering
Indian Institute of Technology Bombay,
Powai, Mumbai 400 076.
Supervisor(s):
Sundar Vishwanathan, G. Sivakumar
As the need for connectivity increase it becomes
necessary for organisations to build and manage their services in a
secure way. In this project, we have designed a framework for a
reasonably open network with good security. All requests to services
from the network go through an {\it Application Level Gateway}. We have
implemented a different version of inetd called {\it ModInetd},
which has
support for access control.
It controls access to the different
servers on the application level gateway. {\it Role Based Access Control (RBAC)}
has been implemented in {\it ModInetd}. RBAC makes it easier to implement and manage an organisations
security policy. Requests to the servers on
the gateway can be directed to an authentication server which supports
different authentication protocols{\it (S/Key,Challenge-Response,etc.)} offering different levels of
security. {\it Secure remote password
protocol(SRP)}
resists most of the
common attacks on cryptographic algorithms. This protocol has been
implemented to authenticate users of the application level gateway when
high degree of assurance is desired.
We
discuss the design and implementation of the complete system.
We conclude with directions for future work.