Secure Access Framework for mobile applications

Motivation

In a user environment where the identification of the individual to a complete system is very important, BBB based one only in the possession of the mobile device itself is not enough. Con un tipo de conectividad basada en telefonía móvil y redes Wifi es necesario desplegar toda una infraestructura de seguridad entre componentes, This includes user authentication throughout a work session that may include varied connections. ecurity establishing what application to use as not enough.

Para garantizar la integridad y confidencialidad del usuario de la aplicación debemos confirmar que:

  1. Application Servers are who they say they are.
  2. The client requesting access and service Platform is who he says he.

Therefore, we include the use of Kerberos as a security system and therefore it is necessary to deploy Key Distribution Center (KDC). Más información sobre el sistema Kerberos en la página de distribuciónhttp://web.mit.edu/kerberos/dist/index.html

This service can not be used without further, for this we need an API to give us access. GSS- API (Generic Security Service API) Sets an interface to access different security services, in our case Kerberos. His description is found in RFC 2743: http://tools.ietf.org/html/rfc2743.html

These security methods are not available even in current applications, therefore requires a framework that serves as support for its development.

As extra security method for a particular application, podemos registrar las acciones que un usuario ha podido realizar incluida su acceso a dicha aplicación. This service will try to hold by "logger"Based on WebDAV: http://www.webdav.org/

 

Objectives

  • Create a system for secure access to the application using a user name and password.
  • That this secure connection can be maintained for as long as the user is active in the application.
  • Give endured through a programming API for client and server applications this project.
  • Keep a record of the activities if required to check whether a application service Iha been used or not.

Participants

Miguel A. Tejero de Pablos and Cesar Llamas

Leave a Reply

Your email address will not be published. Required fields are marked *