Angelos Barmpoutis angelbar@csd.auth.gr

1

Web-based Authentication Technique for Systems

without database Server

Angelos BarmpoutisAristotle University of Thessaloniki

Angelos Barmpoutis angelbar@csd.auth.gr

2

Introduction

We would like to: Control software access Know the users of a product

• Communication• Commerce

Angelos Barmpoutis angelbar@csd.auth.gr

3

Techniques

Algorithmic techniques Database server techniques Web-based technique

Angelos Barmpoutis angelbar@csd.auth.gr

4

Algorithmic technique There is an algorithm that produces

access passwords

• Every user sets a username• A unique registry code is required

Angelos Barmpoutis angelbar@csd.auth.gr

5

Algorithmic technique Server is not required Network is not required

Algorithm can’t be changed Distance System - User

Angelos Barmpoutis angelbar@csd.auth.gr

6

Server technique There is a server and a database

with the data of the users

Every user opens an account Users set a password Users can update their data

Angelos Barmpoutis angelbar@csd.auth.gr

7

Server technique Small distance System-User Real-time procedures

Database server cost Network required

Angelos Barmpoutis angelbar@csd.auth.gr

8

Web-based technique It is a combination of the algorithmic

and database server techniques

Every user opens an account Small distance System - User There isn’t any database server No database server cost

Angelos Barmpoutis angelbar@csd.auth.gr

9

Features We don’t want to have a database

server

but… We want every user to open an

account Every user can open an account and

have access every time!

Angelos Barmpoutis angelbar@csd.auth.gr

10

New user

1. Every new user fills a registry form2. There is a PIN generator algorithm3. Then the user receives an e-mail

with a password

So, every time somebody can open an account

Angelos Barmpoutis angelbar@csd.auth.gr

11

PIN Generator The algorithm remains stable But input can be changed So we use variable web-file input

We can “change” the algorithm Safer technique

PIN Generator(username string, variables from web-file)

Angelos Barmpoutis angelbar@csd.auth.gr

12

Entrance algorithm1. A user gives his username-PIN combination. Set

FLAG=false.2. Set this username as input to the Generator algorithm

and generate a temporary PIN. 3. If user PIN = temporary PIN then set FLAG=true and go

to step 6. Else go to step 4. 4. Search a web-placed database file, for a record with the

username-PIN combination. 5. If username-PIN was found then set FLAG=true. 6. Result = FLAG.

Angelos Barmpoutis angelbar@csd.auth.gr

13

Entrance algorithm

• There is a database web-file• Personal data of users are stored

How? Remember…1. Every new user fills a form2. Receives a password form PINGen.3. Access with username and the PIN

Angelos Barmpoutis angelbar@csd.auth.gr

14

Update personal data Every user can update his data This isn’t a real-time procedure

Updated data are send by e-mail to the system administrator

Administrator uses an e-mail data collector and updates the database web-files

He is the only person, who changes the database web-files

Angelos Barmpoutis angelbar@csd.auth.gr

15

Web-based technique An e-mail account is used Few MB space in the web

Users have their account New accounts can be opened and

accessed every time Accounts can be updated Database server isn’t required

Angelos Barmpoutis angelbar@csd.auth.gr

16

Diagram of technique

Registration form

Username: … Email: …

Submit

Software product

Username: … PIN: …

Enter

Database control

Update web files

User

Administrator

PIN

Form's data

PIN Generator web-file

Database web-file

System Users Software System Web-placed files

Angelos Barmpoutis angelbar@csd.auth.gr

17

Advantages Small System-User distance Because of account opening Real-time account opening Because of PIN Generator Users can update their personal data Because of using e-mail protocol But… this isn’t a real-time procedure

Angelos Barmpoutis angelbar@csd.auth.gr

18

Combination of features

Features Algorithmic Database Server

Web-based

User accounts

No Yes Yes

Database server

No Yes No

PIN Generator

Yes No Yes

Web required

No Yes Yes

Angelos Barmpoutis angelbar@csd.auth.gr

19

Database length / Users

0 Users

Database length

Users Users

Database length

Database length

0 0

a) Algorithmic b) With database c) Web-based

Angelos Barmpoutis angelbar@csd.auth.gr

20

Uses

Web-based authentication and usercontrolling technique is useful to: Web services e-learning e-commerce Advertising methods Small companies Personal Pages etc

Angelos Barmpoutis angelbar@csd.auth.gr

21

Example Free music catalog software This software is a multimedia

application with texts, photos, sounds, videos etc

Users are controlled by this web-based technique

Angelos Barmpoutis angelbar@csd.auth.gr

22

Example

1. A new user sets a username and he fills the registration form

2. He receives an e-mail with a PIN3. He uses the username and PIN to

have access to the system4. He changes his password5. Administrator updates the

database files

Angelos Barmpoutis angelbar@csd.auth.gr

23

Diagram of technique

Registration form

Username: … Email: …

Submit

Software product

Username: … PIN: …

Enter

Database control

Update web files

User

Administrator

PIN

Form's data

PIN Generator web-file

Database web-file

System Users Software System Web-placed files

Angelos Barmpoutis angelbar@csd.auth.gr

24

Implementation

PSIFIAK Digital Circuit Designer & Simulatorwww.psifiak.8m.com

Informatics Department of Aristotle University of Thessaloniki uses Psifiak-Digital Circuit Designer and Simulator, for academic purpose, during Digital Circuit Design and Digital Electronics courses.

Angelos Barmpoutis angelbar@csd.auth.gr

25

Implementation

Angelos Barmpoutis angelbar@csd.auth.gr

26

Summary Web-based authentication technique

is a combination of the algorithmic and the database server techniques.

There isn’t a database server, we use the e-mail protocol

Many advantages Is useful to free web services, e-

commerce, e-learning, etc.

Angelos Barmpoutis angelbar@csd.auth.gr

27

References

1. Andrew S. Tanembaum, Computer Networks, 3rd Edition, Prentice-Hall Inc, 1996

2. Raghu Ramakrishnan, Johannes Gehrke, Database Management Systems, The McGraw-Hill Companies Inc, 1998

3. Stallings W., Network and Internetwork Security, Engelwood Cliffs, Prentice-Hall, 1995b

4. Merkle R.C, Fast Software Encryption Functions, Advances in Cryptology-CRYPTO '90 Proceedings, New York, Springer-Verlag, 1991

5. Van Der Linden P, Just Java, Engelwood Cliffs, Prentice-Hall, 1996

Angelos Barmpoutis angelbar@csd.auth.gr

28

Web-based Authentication Technique for Systems without database Server

Angelos BarmpoutisInformatics Department, School of Science Aristotle University of Thessaloniki

e-mail: angelbar@csd.auth.grURL: http://users.auth.gr/angelbarVoice: +30 – 6972686728

Psifiak: http://www.psifiak.8m.com

Angelos Barmpoutis angelbar@csd.auth.gr

29

Web-based Authentication Technique for Systems without database Server

Thank you!