Title Sustavi za udruženu autentifikaciju korisnika Title (english) Federated authentication systems Author Dominik Gleich Mentor Ante Đerek (mentor)Committee member Ante Đerek (predsjednik povjerenstva)Committee member Miroslav Popović (član povjerenstva)Committee member Adrian Satja Kurdija (član povjerenstva)Granter University of Zagreb Defense date and country 2017-07-10, Croatia Scientific / art field, TECHNICAL SCIENCES Abstract Gdje god da se okrenemo, povezanost racunalnih sustav je o ˇ cita. Sustavi se pove- ˇ
zaju na svakakve nacine i svi ti na ˇ cini su na usluzi korisniku tj. pokušavaju se povezat ˇ
na smislen nacin za krajnjeg korisnika. Jedan od primjera povezivanja sustava je ˇ Internet.
Internet je u svojoj srži povezanost i medusobna komunikacija razli ¯ citih sustava ˇ
s razlicitim korisnicima. Korisnik se identificira i predstavlja odre ˇ denom servisu ko- ¯
risteci svoje korisni ´ cko ime i lozinku, ili neki drugi oblik identifikacije. S obzirom da ˇ
postoji velik broj servisa i usluga, a korisniko pamcenje je ograni ´ ceno i zaboravljivo ˇ
korisnici cesto ponavljaju korisni ˇ cka imena, a ponekad ˇ cak i lozinke nad razli ˇ citim ˇ
servisima. Takav pristup otvara veliki sigurnosni problem: problem kompromitacije
korisnickog imena i lozinka nad samo jednim servisom može omogu ˇ citi zlo ´ cudnom ˇ
napadacu autentifikaciju s korisni ˇ ckim identitetom na cijeli niz usluga koje taj koris- ˇ
nik cesto koristi ( ˇ Facebook, Gmail, Twitter...)
Upravo iz tog razloga strucnjaci ra ˇ cunalne sigurnosti osmislili su princip autenti- ˇ
fikacije korisnika preko cijelog niza platformi koristeci jedinstveno korisni ´ cko ime i ˇ
lozinku, te jedinstveni sustav koji omogucava pristup svim tim ostalim servisima. Naj- ´
poznatija implementacija jednog takvog sustava u Republici Hrvatskoj jest NIAS (Nacionalni
identifikaciji i autentifikacijski sustav), odnosno e-Gradani ¯ kao glavni sustav
za pristup korisnika na niz servisa. Taj se sustav koristi kako bi gradani imali jed- ¯
nostavniji pristup cijelom nizu usluga kao što su e-Policija, e-Porezna, itd. Time je
omogucena sigurno i efikasno upravljanje elektroni ´ ckim identitetima gra ˇ dana i njihova ¯
autentifikacija u svrhu obavljanja gradanskih dužnost, obaveza i mogu ¯ cnosti. ´
Jednim sigurnim sustavom zatvorili smo problem kompromitacije identiteta racu- ˇ
nalnim napadom nad nekim slabo zašticenim servisom u kojem koristimo isto koris- ´
nicko ime i lozinku, no otvorili smo mogu ˇ cnost napada na upravo taj ´ sigurni sustav i
njegovom kompromitacijom (koja bi trebala biti nekoliko puta teža i sustav bi trebao
biti bolje nadziran) zapravo komprimitiramo sve ostale servise koji se oslanjanju na
njega pri autentifikaciji korisnika. Ovaj pristup ima prednosti i mana, ali je svejedno
iznimno koristan u ovom trenutku, koriste ga velike svjetske kompanije kao što su
Google i Facebook te ce se zadržati sigurno još neko vrijeme
Abstract (english) Wherever we turn we cleary see connections between computer systems. Systems
are connected in all sorts of ways, and all of those ways are created to fulfill some
user request. One great example of such connection between multiple systems is the
Internet. Internet in it’s core is connection between systems and connection between
different systems between different users. User autentificates and introduces himself
to some service by using his username and password, or some other form of identification.
Since there are a number of services and users memory is limited and not perfect,
users tend to reuse their usernames, and sometimes even passwords across multiple different
services. That kind of approach to user security creates a big security problem:
problem where compromitation of username and/or password on one service can enable
an evil attacker to authentificate with the users identity over the whole range of
services that are frequently used by the user, e.g. Facebook, Google, Twitter...
Because of that reason security experts devised a principle of authentification of
users over the whole range of platforms using a single username and password, moreover
a unique system which allows access to all those other services. The most famous
implementation of such a system in the Republic of Croatia is NIAS (National identifi-
cation and authentification system), specifically a system called e-Gradani ¯ which is the
main system for user access to a range of services. That system is used so that citizens
could have easier and more secure access to services such as e-Policija and e-Porezna,
etc. With such an implementation it’s more secure and easier to manage electronic
identites of citizens and their authentification so that they could communicate with the
State on matters of vehicle registration, health insurance, etc.
20
One secure system which guards electronic identitetes allows us to close the problem
of compromised identitet by a computer attack over an insufficientlly protected
service on which we were using the same username and password as somewhere else,
but we opened a possibility of attack on this new secure system which manages all
the identitetes. In case this system is successfully attacked all of the services which
rely on this system to authentificate users are compromised. As such this approch has
merrits and faults, but still it’s quite useful at this moment in time, it’s being used by
all the major IT companies such as Google and Facebook, and will surely stick around
for quite some time, at least till we figure out a new way to protect our electronic
identitets.
Keywords
NIAS
sigurnost
identitet
e-Gradani
Keywords (english)
NIAS
security
identity
e-Gradani
Language croatian URN:NBN urn:nbn:hr:168:394832 Study programme Title: Computing Type of resource Text File origin Born digital Access conditions Closed access Terms of use Public note Created on 2019-03-13 20:28:19
