Authentication in VPNs and 802.1X networks with identity providers

Detalhes bibliográficos
Autor(a) principal: Mortágua, Duarte Neves Tavares
Data de Publicação: 2023
Tipo de documento: Dissertação
Idioma: eng
Título da fonte: Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
Texto Completo: http://hdl.handle.net/10773/40690
Resumo: Services provided by companies or public sector departments often require people to register themselves, i.e. to create an account. Such registration usually involves the provisioning of users’ authentication credentials, usually a username and password. Centralized Identity Providers (IdPs) appeared to reduce the users’ burden regarding account management. They permitted to evolve from a so-called silo approach (where services do not share accounts) to accounts that can be shared by a set of federated services. Nowadays, popular Internet services such as Google and Facebook, which authenticate millions of people, and keep some relevant user identity attributes in their accounts, are often used as IdPs. These IdPs were conceived for web authentication, using HTTP-based protocols and standards such as SAML, and more recently OAuth2.0 and OpenID Connect, which offer powerful authentication and authorization capabilities. This work explores those capabilities and describes solutions that allow their combination with VPN and WiFi authentication mechanisms. Having the identity and access management functionalities of IdP web authentication available in network access control mechanisms can provide stronger authentication and authorization policies, improve the user experience and simplify management, which consequently aims for enhancing security.
id RCAP_ce602a7f2182973c29623003daa4b630
oai_identifier_str oai:ria.ua.pt:10773/40690
network_acronym_str RCAP
network_name_str Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
repository_id_str 7160
spelling Authentication in VPNs and 802.1X networks with identity providersIdentity providersAuthenticationSecurityVPNWiFi networksOAuth2.0Wire guard802.1X.Services provided by companies or public sector departments often require people to register themselves, i.e. to create an account. Such registration usually involves the provisioning of users’ authentication credentials, usually a username and password. Centralized Identity Providers (IdPs) appeared to reduce the users’ burden regarding account management. They permitted to evolve from a so-called silo approach (where services do not share accounts) to accounts that can be shared by a set of federated services. Nowadays, popular Internet services such as Google and Facebook, which authenticate millions of people, and keep some relevant user identity attributes in their accounts, are often used as IdPs. These IdPs were conceived for web authentication, using HTTP-based protocols and standards such as SAML, and more recently OAuth2.0 and OpenID Connect, which offer powerful authentication and authorization capabilities. This work explores those capabilities and describes solutions that allow their combination with VPN and WiFi authentication mechanisms. Having the identity and access management functionalities of IdP web authentication available in network access control mechanisms can provide stronger authentication and authorization policies, improve the user experience and simplify management, which consequently aims for enhancing security.Os serviços prestados por empresas ou pelo setor público geralmente exigem que as pessoas se registem, ou seja, criem uma conta. Esse registo geralmente envolve o fornecimento de credenciais de autenticação dos utilizadores, geralmente através de um nome de utilizador e de uma senha. Os Provedores de Identidade (Identity Providers, IdPs) centralizados apareceram com o objetivo de reduzir o fardo que os utilizadores carregam relativamente à gestão de contas. Estes permitiram evoluir de uma chamada abordagem em silo (onde os serviços online não partilham contas) para contas que podem ser partilhadas por um conjunto de serviços federados. Hoje em dia, serviços populares na Internet como o Google e o Facebook, que autenticam milhões de pessoas e preservam alguns atributos de identidade dos utilizadores nas respetivas contas, são frequentemente utilizados como IdPs. Estes IdPs foram concebidos para o paradigma da autenticação web, que utiliza protocolos e standards baseados em HTTP, como SAML e, mais recentemente, OAuth2.0 e OpenID Connect, que oferecem capacidades poderosas de autenticação e autorização. Este trabalho explora essas capacidades e descreve soluções que permite a sua combinação com mecanismos de autenticação em VPNs e redes WiFi. Ter as funcionalidades de gestão de identidades e acessos da autenticação web dos IdPs disponíveis nos mecanismos de controlo de acesso a redes pode dotar as mesmas de políticas de autenticação e autorização mais fortes, melhorar a experiência do utilizador e simplificar a gestão, o que, consequentemente, visa melhorar a segurança.2024-02-14T11:40:33Z2023-07-04T00:00:00Z2023-07-04info:eu-repo/semantics/publishedVersioninfo:eu-repo/semantics/masterThesisapplication/pdfhttp://hdl.handle.net/10773/40690engMortágua, Duarte Neves Tavaresinfo:eu-repo/semantics/openAccessreponame:Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)instname:Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informaçãoinstacron:RCAAP2024-05-06T04:52:28Zoai:ria.ua.pt:10773/40690Portal AgregadorONGhttps://www.rcaap.pt/oai/openairemluisa.alvim@gmail.comopendoar:71602024-05-06T04:52:28Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) - Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informaçãofalse
dc.title.none.fl_str_mv Authentication in VPNs and 802.1X networks with identity providers
title Authentication in VPNs and 802.1X networks with identity providers
spellingShingle Authentication in VPNs and 802.1X networks with identity providers
Mortágua, Duarte Neves Tavares
Identity providers
Authentication
Security
VPN
WiFi networks
OAuth2.0
Wire guard
802.1X.
title_short Authentication in VPNs and 802.1X networks with identity providers
title_full Authentication in VPNs and 802.1X networks with identity providers
title_fullStr Authentication in VPNs and 802.1X networks with identity providers
title_full_unstemmed Authentication in VPNs and 802.1X networks with identity providers
title_sort Authentication in VPNs and 802.1X networks with identity providers
author Mortágua, Duarte Neves Tavares
author_facet Mortágua, Duarte Neves Tavares
author_role author
dc.contributor.author.fl_str_mv Mortágua, Duarte Neves Tavares
dc.subject.por.fl_str_mv Identity providers
Authentication
Security
VPN
WiFi networks
OAuth2.0
Wire guard
802.1X.
topic Identity providers
Authentication
Security
VPN
WiFi networks
OAuth2.0
Wire guard
802.1X.
description Services provided by companies or public sector departments often require people to register themselves, i.e. to create an account. Such registration usually involves the provisioning of users’ authentication credentials, usually a username and password. Centralized Identity Providers (IdPs) appeared to reduce the users’ burden regarding account management. They permitted to evolve from a so-called silo approach (where services do not share accounts) to accounts that can be shared by a set of federated services. Nowadays, popular Internet services such as Google and Facebook, which authenticate millions of people, and keep some relevant user identity attributes in their accounts, are often used as IdPs. These IdPs were conceived for web authentication, using HTTP-based protocols and standards such as SAML, and more recently OAuth2.0 and OpenID Connect, which offer powerful authentication and authorization capabilities. This work explores those capabilities and describes solutions that allow their combination with VPN and WiFi authentication mechanisms. Having the identity and access management functionalities of IdP web authentication available in network access control mechanisms can provide stronger authentication and authorization policies, improve the user experience and simplify management, which consequently aims for enhancing security.
publishDate 2023
dc.date.none.fl_str_mv 2023-07-04T00:00:00Z
2023-07-04
2024-02-14T11:40:33Z
dc.type.status.fl_str_mv info:eu-repo/semantics/publishedVersion
dc.type.driver.fl_str_mv info:eu-repo/semantics/masterThesis
format masterThesis
status_str publishedVersion
dc.identifier.uri.fl_str_mv http://hdl.handle.net/10773/40690
url http://hdl.handle.net/10773/40690
dc.language.iso.fl_str_mv eng
language eng
dc.rights.driver.fl_str_mv info:eu-repo/semantics/openAccess
eu_rights_str_mv openAccess
dc.format.none.fl_str_mv application/pdf
dc.source.none.fl_str_mv reponame:Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
instname:Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação
instacron:RCAAP
instname_str Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação
instacron_str RCAAP
institution RCAAP
reponame_str Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
collection Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
repository.name.fl_str_mv Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) - Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação
repository.mail.fl_str_mv mluisa.alvim@gmail.com
_version_ 1817543891869499392