Single Sign-On (SSO) allows the client to access multiple partner e-services through a single login session. SSO is convenient for the users as the user neither needs to set multiple login credentials nor login separately for individual services every time. SSO (single sign-on) authentication is a password-authentication approach that permits end users to login into multiple systems and websites with a single set of login credentials. SSO authentication is mainly useful for IT organizations that consist of many different commercial applications. The outstanding feature of SSO is that it gives organizations centralized control of their systems by giving different levels of access to each individual. It reduces password fatigue and increases security because users only need to remember a single username/password that grants them access to multiple systems. However, the Single Sign-on poses risks related to a single point of attack which may lead to a path for cybercrimes. This paper proposes a trust model to increase the security of Single Sign-on systems against the vulnerabilities discussed in the subsequent sections. The proposed Trust model is named as DANE-based Trust Plugin (DTP) which acts as an added security layer over DNS Based Authentication of Named entities(DANE). The DTP proposes the modified SAML XML schema which enables the DTP to counter the attacks.

DNS is responsible for the hostname to IP address translation. It is an open resolver that's why vulnerable to different kinds of attacks such as cache poisoning, man-in-the-middle, DOS and DDOS, etc. DNS is responsible for the hostname to IP address translation. To protect DNS IETF added a layer of security to it known as Domain Name System Security Extensions (DNSSEC). DNSSEC is also vulnerable to phishing, spoofing, and MITM attacks. To protect DNS, along with DNSSEC we require certifying authorities to authenticate the communicating parties. DNSSEC combined with an SSL certificate issued by Certifying Authorities (CA's) can protect the DNS from various attacks. The main weakness of this system is there are too many CA's and It is not feasible to trust all of them. Any breached CA can issue a certificate for any domain name. A certificate issued from a compromised CA's is valid. In this scenario, it is necessary for the organization to limit the number of CAs and to check whether the server is signed by a trusted CA's or not. DNS Based Authentication of Named Entities (DANE) permits a domain possessor to stipulate specific CA's issue certificates for a specific resource. DANE will not allow any CA to issue certificates for any domain. It limits the number of CA's used by the client. As there were still some security issues left in it that can be resolved using a mechanism called D-TS. It is a DANE-based trusted server that acts as a third party and validates the certificates of all the entities of the network. D-TS will be a proof-of-concept for enhancing the security in communications between Internet applications by using information available in DNS. The system attempts to solve the shortcomings of DANE by establishing a trust zone between the clients and the services. By adding multiple levels of validations, it aims to provide improved authenticity of services to clients, thereby mitigating attacks like phishing, Spoofing, Dos, and man-in-the-middle attack. In this paper, we will discuss the detailed working of our proposed solution D-TS.

With the increase in the number of e-services, there is a sharp increase in online financial transactions these days. These services require a strong authentication scheme to validate the users of these services and allow access to the resources for strong security. Since two-factor authentication ensures the required security strength, various organizations employ biometric-based or Smart Card or Cryptographic Token-based methods to ensure the safety of user accounts. But most of these methods require a verifier table for validating users at a server. This poses a security threat of stolen-verifier attack. To address this issue, there is a strong need for authentication schemes for e-services that do not require a verifier table at the server. Therefore, this paper proposes the design of an authentication scheme for e-services which should be resistant to various attacks including a stolen verifier attack. The paper will also discuss: 1) The proposed scheme analyzed for security provided against the known authentication attacks 2) The concept implementation of the proposed scheme.

The authentication is used to ensure the authentication of the owner of the data. Currently, the data is available in multimedia format viz., audio, video, image and text. The present paper focuses on the image authentication. The watermarking methods are used for the image authentication. The present paper proposes a novel method of Kurtosis based Watermarking by using Wavelet Transformation (KWWT). The proposed method uses wavelet transformation. Further, the bands or the coefficients are divided into various non overlapped windows. For each of the approximation band windows, the kurtosis value will be estimated. Then the windows in all bands will be selected based on their kurtosis value. Then, the watermark image will be embedded into the selected windows of the bands. Finally, inverse wavelet transformation will be applied to get the resultant watermarked image. The proposed KWWT method is evaluated with 14 input images and 3 watermark images. Various performance measures are estimated and the results show the efficacy of the proposed method.