Authentication in VPNs and 802.1X networks with identity providers
Autor(a) principal: | |
---|---|
Data de Publicação: | 2023 |
Tipo de documento: | Dissertação |
Idioma: | eng |
Título da fonte: | Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) |
Texto Completo: | http://hdl.handle.net/10773/40690 |
Resumo: | Services provided by companies or public sector departments often require people to register themselves, i.e. to create an account. Such registration usually involves the provisioning of users’ authentication credentials, usually a username and password. Centralized Identity Providers (IdPs) appeared to reduce the users’ burden regarding account management. They permitted to evolve from a so-called silo approach (where services do not share accounts) to accounts that can be shared by a set of federated services. Nowadays, popular Internet services such as Google and Facebook, which authenticate millions of people, and keep some relevant user identity attributes in their accounts, are often used as IdPs. These IdPs were conceived for web authentication, using HTTP-based protocols and standards such as SAML, and more recently OAuth2.0 and OpenID Connect, which offer powerful authentication and authorization capabilities. This work explores those capabilities and describes solutions that allow their combination with VPN and WiFi authentication mechanisms. Having the identity and access management functionalities of IdP web authentication available in network access control mechanisms can provide stronger authentication and authorization policies, improve the user experience and simplify management, which consequently aims for enhancing security. |
id |
RCAP_ce602a7f2182973c29623003daa4b630 |
---|---|
oai_identifier_str |
oai:ria.ua.pt:10773/40690 |
network_acronym_str |
RCAP |
network_name_str |
Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) |
repository_id_str |
7160 |
spelling |
Authentication in VPNs and 802.1X networks with identity providersIdentity providersAuthenticationSecurityVPNWiFi networksOAuth2.0Wire guard802.1X.Services provided by companies or public sector departments often require people to register themselves, i.e. to create an account. Such registration usually involves the provisioning of users’ authentication credentials, usually a username and password. Centralized Identity Providers (IdPs) appeared to reduce the users’ burden regarding account management. They permitted to evolve from a so-called silo approach (where services do not share accounts) to accounts that can be shared by a set of federated services. Nowadays, popular Internet services such as Google and Facebook, which authenticate millions of people, and keep some relevant user identity attributes in their accounts, are often used as IdPs. These IdPs were conceived for web authentication, using HTTP-based protocols and standards such as SAML, and more recently OAuth2.0 and OpenID Connect, which offer powerful authentication and authorization capabilities. This work explores those capabilities and describes solutions that allow their combination with VPN and WiFi authentication mechanisms. Having the identity and access management functionalities of IdP web authentication available in network access control mechanisms can provide stronger authentication and authorization policies, improve the user experience and simplify management, which consequently aims for enhancing security.Os serviços prestados por empresas ou pelo setor público geralmente exigem que as pessoas se registem, ou seja, criem uma conta. Esse registo geralmente envolve o fornecimento de credenciais de autenticação dos utilizadores, geralmente através de um nome de utilizador e de uma senha. Os Provedores de Identidade (Identity Providers, IdPs) centralizados apareceram com o objetivo de reduzir o fardo que os utilizadores carregam relativamente à gestão de contas. Estes permitiram evoluir de uma chamada abordagem em silo (onde os serviços online não partilham contas) para contas que podem ser partilhadas por um conjunto de serviços federados. Hoje em dia, serviços populares na Internet como o Google e o Facebook, que autenticam milhões de pessoas e preservam alguns atributos de identidade dos utilizadores nas respetivas contas, são frequentemente utilizados como IdPs. Estes IdPs foram concebidos para o paradigma da autenticação web, que utiliza protocolos e standards baseados em HTTP, como SAML e, mais recentemente, OAuth2.0 e OpenID Connect, que oferecem capacidades poderosas de autenticação e autorização. Este trabalho explora essas capacidades e descreve soluções que permite a sua combinação com mecanismos de autenticação em VPNs e redes WiFi. Ter as funcionalidades de gestão de identidades e acessos da autenticação web dos IdPs disponíveis nos mecanismos de controlo de acesso a redes pode dotar as mesmas de políticas de autenticação e autorização mais fortes, melhorar a experiência do utilizador e simplificar a gestão, o que, consequentemente, visa melhorar a segurança.2024-02-14T11:40:33Z2023-07-04T00:00:00Z2023-07-04info:eu-repo/semantics/publishedVersioninfo:eu-repo/semantics/masterThesisapplication/pdfhttp://hdl.handle.net/10773/40690engMortágua, Duarte Neves Tavaresinfo:eu-repo/semantics/openAccessreponame:Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)instname:Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informaçãoinstacron:RCAAP2024-05-06T04:52:28Zoai:ria.ua.pt:10773/40690Portal AgregadorONGhttps://www.rcaap.pt/oai/openairemluisa.alvim@gmail.comopendoar:71602024-05-06T04:52:28Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) - Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informaçãofalse |
dc.title.none.fl_str_mv |
Authentication in VPNs and 802.1X networks with identity providers |
title |
Authentication in VPNs and 802.1X networks with identity providers |
spellingShingle |
Authentication in VPNs and 802.1X networks with identity providers Mortágua, Duarte Neves Tavares Identity providers Authentication Security VPN WiFi networks OAuth2.0 Wire guard 802.1X. |
title_short |
Authentication in VPNs and 802.1X networks with identity providers |
title_full |
Authentication in VPNs and 802.1X networks with identity providers |
title_fullStr |
Authentication in VPNs and 802.1X networks with identity providers |
title_full_unstemmed |
Authentication in VPNs and 802.1X networks with identity providers |
title_sort |
Authentication in VPNs and 802.1X networks with identity providers |
author |
Mortágua, Duarte Neves Tavares |
author_facet |
Mortágua, Duarte Neves Tavares |
author_role |
author |
dc.contributor.author.fl_str_mv |
Mortágua, Duarte Neves Tavares |
dc.subject.por.fl_str_mv |
Identity providers Authentication Security VPN WiFi networks OAuth2.0 Wire guard 802.1X. |
topic |
Identity providers Authentication Security VPN WiFi networks OAuth2.0 Wire guard 802.1X. |
description |
Services provided by companies or public sector departments often require people to register themselves, i.e. to create an account. Such registration usually involves the provisioning of users’ authentication credentials, usually a username and password. Centralized Identity Providers (IdPs) appeared to reduce the users’ burden regarding account management. They permitted to evolve from a so-called silo approach (where services do not share accounts) to accounts that can be shared by a set of federated services. Nowadays, popular Internet services such as Google and Facebook, which authenticate millions of people, and keep some relevant user identity attributes in their accounts, are often used as IdPs. These IdPs were conceived for web authentication, using HTTP-based protocols and standards such as SAML, and more recently OAuth2.0 and OpenID Connect, which offer powerful authentication and authorization capabilities. This work explores those capabilities and describes solutions that allow their combination with VPN and WiFi authentication mechanisms. Having the identity and access management functionalities of IdP web authentication available in network access control mechanisms can provide stronger authentication and authorization policies, improve the user experience and simplify management, which consequently aims for enhancing security. |
publishDate |
2023 |
dc.date.none.fl_str_mv |
2023-07-04T00:00:00Z 2023-07-04 2024-02-14T11:40:33Z |
dc.type.status.fl_str_mv |
info:eu-repo/semantics/publishedVersion |
dc.type.driver.fl_str_mv |
info:eu-repo/semantics/masterThesis |
format |
masterThesis |
status_str |
publishedVersion |
dc.identifier.uri.fl_str_mv |
http://hdl.handle.net/10773/40690 |
url |
http://hdl.handle.net/10773/40690 |
dc.language.iso.fl_str_mv |
eng |
language |
eng |
dc.rights.driver.fl_str_mv |
info:eu-repo/semantics/openAccess |
eu_rights_str_mv |
openAccess |
dc.format.none.fl_str_mv |
application/pdf |
dc.source.none.fl_str_mv |
reponame:Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) instname:Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação instacron:RCAAP |
instname_str |
Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação |
instacron_str |
RCAAP |
institution |
RCAAP |
reponame_str |
Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) |
collection |
Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) |
repository.name.fl_str_mv |
Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) - Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação |
repository.mail.fl_str_mv |
mluisa.alvim@gmail.com |
_version_ |
1817543891869499392 |