B.M.

S College of Engineering
P.O. Box No.: 1908 Bull Temple Road,

Bangalore-560 019

DEPARTMENT OF INFORMATION SCIENCE & ENGINEERING

Course –Cryptography and Network Security

Course Code – 20IS6PCCNS

Final report on Project work

Authentication and Access Management Tools
Submitted to –
Submitted by -
Pranav Deepak-1BM20IS101
R Rohan-1BM20IS107
R Rohith-1BM20IS108

B.M.S College of Engineering

P.O. Box No.: 1908 Bull Temple Road,

Bangalore-560 019
 DEPARTMENT OF INFORMATION SCIENCE & ENGINEERING

CERTIFICATE

Certified that the Project has been successfully presented at B.M.S College of Engineering by
Pranav Deepak, R Rohan and R Rohith, bearing USN: 1BM20IS101, 1BM20IS107 and
1BM20IS108, in partial fulfilment of the requirements for the VI Semester degree in Bachelor of
Engineering in Information Science & Engineering of Visvesvaraya Technological University,
Belgaum as a part of the Cryptography and Network Security(20IS6PCCNS) during academic
year 2022-2023.

Faculty Name
Designation – Associate Professor
Department of ISE, BMSCE
 CONTENTS

1. An Overview of Authentication and Access Management in Cryptography…….......04

2. Public key infrastructure……………………………………………………………..05

3. Need for Authentication and Authorization tools..............................………………..07

4. Authentication and Access Management Tools……………......…………………….08

5. LogMeOnce Features……………………........……………………………………...09

6. GoodAccess Features…………………………......…………………………………11

7. VaultProject Features………………………………,..............……………………..14

8. Conclusion..................................................................................................................16

9. References………………………........……………………………………………..17
An Overview of Authentication and Access Management in Cryptography

Authentication and access management are essential components of cryptography that ensure
the security and privacy of digital resources. Authentication is the process of verifying the
identity of a user or device before granting access to a system or resource. This can be
achieved through various methods such as passwords, smart cards, biometrics, and
cryptographic keys. Access management, on the other hand, is the process of controlling
access to resources based on the authenticated identity. This involves authorization, which
determines what actions a user can perform on a resource after authentication. Encryption is
another critical aspect of cryptography that involves transforming data into an unreadable
format using a cryptographic key. This ensures that the data is protected from unauthorized
access during transmission or storage.

The use of authentication, authorization, and encryption is crucial in everyday life, from
booking an airplane flight to sending sensitive information over the internet.Key-based
authentication is a popular method of authentication that involves the use of cryptographic
keys to verify the identity of a user or device. This method provides a high level of security,
especially when the private keys are stored in a hardware security module (HSM) or secure
key manager. Single-factor authentication (SFA) is the most common form of authentication,
but it is considered low-security and is not recommended for sensitive data. Single sign-on
(SSO) authentication and one-time passwords (OTP) are other methods of authentication that
are commonly used.Identity and access management (IAM) is a framework for managing
user identities and controlling access to resources. IAM provides control over user validation
and resource access, ensuring that the right users have access to the right resources. IAM
involves identity providers, authentication and authorization standards, and access control
mechanisms. IAM industry standards provide guidance on designing IAM systems to manage
identity, moving personal data securely, and deciding who can access resources.In summary,
authentication and access management are critical components of cryptography that ensure
the security and privacy of digital resources. The use of authentication, authorization, and
encryption is crucial in everyday life, and key-based authentication provides a high level of
security. IAM is a framework for managing user identities and controlling access to
resources, and IAM industry standards provide guidance on designing IAM systems.

Public Key Infrastructure

Public Key Infrastructure (PKI) is a framework used in cryptography to provide secure

communication and authentication between entities. It involves the use of public and private
keys, digital certificates, and a set of policies, processes, and procedures to manage and
distribute these keys.

Here is a detailed explanation of PKI in cryptography:

1. Key Management: The security of any cryptosystem depends on how securely its keys
are managed. Cryptographic schemes are rarely compromised through weaknesses in
their design, but rather through poor key management. Key management refers to the
secure administration of cryptographic keys. It involves the entire lifecycle of a key,
including generation, distribution, storage, usage, and revocation.

2. Public and Private Keys: PKI uses a pair of keys to achieve security. The key pair
consists of a private key and a public key. The private key is kept secret and is used
for encryption and digital signing. The public key, on the other hand, is freely
distributed and can be used by anyone to encrypt data or verify digital signatures.

3. Assurance of Public Keys: In public key cryptography, public keys are in the open
domain and are seen as public pieces of data. By default, there are no assurances of
whether a public key is correct, whom it can be associated with, or what it can be used
for. To address this, key management of public keys needs to focus on the assurance
of the purpose of public keys. This assurance can be achieved through a public key
infrastructure (PKI).

4. PKI Components:

The components of a PKI include:

● Public Key Certificate: Also known as a digital certificate, it is used to bind a public
key to a specific entity, such as an individual or an organization. It provides assurance
of the public key's identity and is issued by a certificate authority (CA).

● Certificate Authority (CA): A CA is responsible for issuing and signing digital

certificates. It verifies the identity of the certificate holder and signs the certificate to
provide assurance of its authenticity. CAs form the trust anchor in a PKI.

● Registration Authority (RA): An RA is responsible for accepting requests for digital

certificates and authenticating the entity making the request. It assists the CA in the
registration and issuance of certificates.
 ● Central Directory: A secure location where keys and certificates are stored and
indexed.

● Certificate Management System: A system that manages the access to stored

certificates and handles the delivery of certificates to be issued.

● Certificate Policy: A document that defines the requirements and procedures of the
PKI. It allows outsiders to analyze the trustworthiness of the PKI.

5. PKI and Encryption: PKI plays a crucial role in encryption. It enables secure
communication by providing a mechanism for generating and managing the necessary
encryption keys. Through the use of digital certificates, PKI ensures the integrity and
authenticity of the encrypted data. It allows entities to securely exchange sensitive
information over an insecure network.

In summary, PKI is a framework used in cryptography to establish secure communication and

authentication. It involves the use of public and private keys, digital certificates, and a set of
policies and procedures. PKI ensures the secrecy of private keys and provides assurance of
public keys. It is essential for secure online communication, e-commerce, internet banking,
and other activities that require strong authentication and data protection.
 Need for Authentication and Authorization tools

Authentication and authorization are essential tools in cryptography that work together to
ensure secure access control and protect sensitive information. Here's a detailed explanation
of their significance:

1. Authentication: Authentication is the process of verifying the identity of a user or

process before granting access to protected networks, systems, or resources. It ensures
that only authorized individuals or processes can gain access. Authentication can be
achieved through various methods, such as:

● Passwords: Users provide a secret password that is compared to the stored password
to authenticate their identity.
● Biometrics: Physical or behavioral characteristics, such as fingerprints or voice
patterns, are used to authenticate individuals.
● Multi-factor authentication (MFA): This method combines multiple authentication
factors, such as something the user knows (password), something the user has (smart
card), or something the user is (biometric), for stronger authentication.

Authentication is crucial in cybersecurity as it prevents unauthorized access and helps

maintain the confidentiality and integrity of sensitive data.

2. Authorization: Authorization is the process of granting or denying access to specific

resources or functionalities based on the authenticated identity. Once a user or process
is authenticated, authorization determines what actions or data they are authorized to
access. It ensures that users have appropriate privileges and permissions to perform
specific operations. Authorization can be implemented using:

● Access Control Lists (ACL): ACLs define permissions and access rights for users or
groups at the individual resource level.
● Role-Based Access Control (RBAC): RBAC assigns permissions to roles, and users
are assigned to specific roles based on their responsibilities.
● Attribute-Based Access Control (ABAC): ABAC uses attributes and policies to
determine access rights based on user attributes, resource attributes, and
environmental conditions.
Authorization works in conjunction with authentication to enforce access control and protect
sensitive resources from unauthorized access or misuse.

3. Authentication and Authorization in Cryptography: In the context of cryptography,

authentication and authorization play crucial roles in ensuring the security and
integrity of data. Cryptographic authentication provides two main services:

● Integrity Authentication: This service verifies that the data has not been modified
during transmission or storage. It ensures the integrity of the data and protects against
unauthorized modifications.
● Source Authentication: This service verifies the identity of the entity that created the
information. It ensures that the data originates from a trusted source and has not been
tampered with.

Authentication and Access Management Tools

Authentication and access management tools are crucial components of identity and access
management (IAM) systems. These tools provide organizations with the means to manage
and control user access to resources securely. Here's a detailed explanation of authentication
and access management tools:

Authentication Tools:

User Provisioning: Authentication tools streamline the user onboarding process by

automating the creation of user accounts and assigning authorization roles. These roles define
the resources and functionalities that the user can access.

Single Sign-On (SSO): SSO enables users to authenticate once through a centralized portal
and then access multiple applications or resources without the need for additional
authentication steps. It improves user experience and reduces the burden of remembering
multiple passwords.

Multifactor Authentication (MFA): MFA enhances security by requiring users to authenticate

using multiple factors, such as passwords, biometrics, or hardware tokens. It provides better
assurance that the authenticators are who they claim to be, reducing the risk of unauthorized
access.

User Activity Compliance/Compliance Control: These tools help organizations protect

sensitive data and comply with regulatory requirements by monitoring and controlling user
activity. They identify and mitigate potential risks related to data privacy and protection.

Access Management Tools:

Centralized Access Management: IAM tools centralize the management of access and
authorization controls across the entire infrastructure, regardless of where applications and
data reside. Admins can uniformly manage access rights, permissions, and roles from a
centralized platform.
Identity Governance: Identity governance tools enforce policies mandated by regulatory
compliance rules. They ensure that the IAM platform handles identity and access
management appropriately according to specific compliance requirements.

Access Portal Service: Large organizations can benefit from self-service portals that allow
employees and customers to perform tasks like self-registration, password resets, profile
management, and access requests. These portals save time and reduce administrative
overhead.

API Integration: IAM platforms typically provide pre-built integrations with many third-party
applications. However, for legacy or custom-built applications, API integration enables these
applications to authenticate and control access using IAM. The API gateway funnels API
calls to the IAM system for proper user identification and access control.

IAM tools offer several advantages:

● Customizable access privileges and permissions for users.

● Enhanced security through features like SSO and MFA, reducing the risk of data
breaches.
● Control over data access and sharing.

● Simplified management and scalability of authentication and access control

frameworks.
● Compliance with regulatory requirements for user activity monitoring and access
control.

In summary, authentication and access management tools are essential for managing user
access to resources securely. Authentication tools verify user identities, while access
management tools control the level of access and permissions granted to authenticated users.
These tools enhance security, streamline access management processes, and ensure
compliance with regulatory requirements.
 LogMeOnce Features

LogMeOnce is a password manager that offers a range of features to enhance security and
protect sensitive information. Here are the features of LogMeOnce in detail:

● Security Features: LogMeOnce employs robust security measures to safeguard user

data. It utilizes AES-256 bit encryption, which is compliant with NIST guidelines,
ensuring that data is securely encrypted. The communication between the
LogMeOnce client and server is protected via SSL/TLS encrypted tunnel
communication.

● Two-Factor Authentication (2FA): LogMeOnce provides powerful two-factor

authentication options to add an extra layer of security. Users can choose from various
authentication methods, including biometrics, PIN codes, secure devices, and even the
option to login with a selfie. This helps ensure that only authorized individuals can
access the password manager.

● Passwordless Login: LogMeOnce offers a Passwordless login feature, allowing users

to access their accounts without the need to remember and enter a master password.
This feature can streamline the login process while maintaining security through
alternative authentication methods.

● Anti-Theft Tools: LogMeOnce includes anti-theft tools to protect user data in case of
device loss or theft. These tools enable users to remotely wipe their devices, ensuring
that sensitive information does not fall into the wrong hands.

● Secure Browsing and Document Storage: LogMeOnce provides secure browsing

capabilities to protect users from online threats. It also offers document storage
features, allowing users to securely store and access their important files.
 ● Auto-Login and Single Sign-On: LogMeOnce supports auto-login and single sign-on
(SSO) functionality, making it convenient for users to access their accounts across
multiple websites and applications without the need to remember multiple passwords.

● Secure Sharing: LogMeOnce offers secure sharing options, allowing users to share
passwords and sensitive information with others while maintaining control and
ensuring the security of the shared data.

● Backup and Recovery: LogMeOnce provides secure backup modules to ensure that
users' data is backed up and can be recovered in case of accidental loss or deletion.

While LogMeOnce offers a range of features, some reviews mention that it falls short in
terms of user experience, design, and interface. However, it is still considered a feature-rich
password manager that may be well-appreciated by power users and business users who
require advanced security and customization options.
 Good Access Features

GoodAccess is a cybersecurity platform that provides secure access to digital resources for
work-from-anywhere businesses. It offers various features and benefits, as mentioned in the
search results:

1. Free Plan and Paid Plans: GoodAccess offers a free plan called Starter, which
provides access to a shared VPN infrastructure for encrypting and protecting company
traffic. The paid plans, Essential, Premium, and Enterprise, offer additional
networking and security features such as static IP, two-factor authentication (2FA),
single sign-on (SSO), access control, and more .

2. Branch and Cloud Connector: GoodAccess Premium and Enterprise plans include a
built-in Branch and Cloud Connector. This feature allows you to securely connect
multiple private clouds, datacenters, and private LANs to the GoodAccess network
via a secure tunnel based on IPsec, IKEv2, or OpenVPN. It enables you to
interconnect all your geographical locations into a single software-defined perimeter
and securely access local resources from anywhere in the world .

3. Access Cards: GoodAccess Premium and Enterprise plans offer the feature of access
cards. These access cards determine which user can access which system. Access
 cards make it easy to bundle access to systems based on user roles. This feature is not
available in the Starter and Essential subscriptions.

4. Two-Factor Authentication (2FA): GoodAccess provides the option to enforce two-

factor authentication for login to the management interface, client apps, and
optionally for each connection. 2FA adds an extra layer of security to protect against
unauthorized access.

5. MSI Deployment: GoodAccess allows centralized distribution of client apps to team

members. This feature simplifies the deployment process and ensures that all team
members have the necessary client apps installed.

6. Mobile and Desktop Apps: GoodAccess offers one-click applications for iOS,
macOS, Android, Windows, and ChromeOS. These apps make it easy for users to
access the GoodAccess platform from any device without the need for manual
configuration.

7. Secure Access to IT Resources: GoodAccess enables secure access to IT resources for

remote and hybrid work scenarios. It provides the benefits of a zero-trust model,
allowing users to securely access digital resources anytime, anywhere

8. Security Features: GoodAccess offers robust security features, including two-factor

and multi-factor authentication (2FA/MFA), single sign-on (SSO) compatibility with
various providers, encryption protocols (IKEv2 and OpenVPN) for secure
connections, and employee monitoring and access logging. These features enhance
the security of the platform and protect against potential risks .

9. Management Features: GoodAccess provides management tools for gateways, access

control, and application integrations. Users can deploy private gateways with static
IPs, manage access through access cards, and integrate with various applications.
These features enhance the user-friendliness and accessibility of the platform
.

VaultProject Features
Vault Project is an open-source secrets management and secure data storage solution
developed by HashiCorp. It provides a way to store, manage, and tightly control access to
sensitive information such as passwords, API keys, and encryption keys. Vault Project aims
to address the challenges of securely managing secrets in modern, dynamic environments.

One of the key features of Vault Project is its authentication framework. It supports various
authentication methods, allowing users and applications to securely authenticate and access
the secrets stored within Vault. Some common authentication methods supported by Vault
Project include:

● Tokens: Vault generates tokens that can be used for authentication and authorization.
Tokens can have different scopes and expiration times, providing flexibility in
managing access.
● Username/Password: Users can authenticate with Vault using their credentials, which
are securely stored and validated.
● LDAP/Active Directory: Vault can integrate with existing LDAP or Active Directory
systems for user authentication, enabling centralized access control.
● GitHub/GitLab Authentication: Vault can leverage the identity and access
management capabilities of GitHub or GitLab, allowing users to authenticate using
their accounts on these platforms.
● Kubernetes Authentication: For Kubernetes environments, Vault can authenticate
users based on their Kubernetes service account credentials, ensuring seamless
integration with containerized applications.

Apart from authentication, Vault Project offers several other features, including:

● Secrets Management: Vault allows you to store and manage secrets securely, ensuring
sensitive information is encrypted at rest and in transit.
● Dynamic Secrets: It can generate dynamic secrets on-demand for various systems,
reducing the exposure of long-lived credentials and improving security.
● Encryption as a Service: Vault provides encryption and decryption services, enabling
you to encrypt data at rest or transit using various encryption algorithms and key
management options.
● Auditing and Access Control: Vault offers auditing capabilities to track who accessed
secrets and when. It also provides fine-grained access control policies, allowing you
to define granular permissions for different users and applications.
● High Availability and Scalability: Vault supports clustering and can be deployed in a
highly available manner, ensuring reliability and scalability for enterprise
deployments.
These are just some of the features and capabilities offered by Vault Project. The tool is
highly flexible and extensible, providing a robust foundation for managing secrets and
securing access in modern IT environments.
 CONCLUSION

Identity and Access Management (IAM) tools are designed to manage identities and access to
digital resources. These tools provide a secure way to identify people or devices and then
provide them with the appropriate access to digital resources. IAM tools offer a range of
features, including authentication, authorization, single sign-on access, user authorization,
user authentication, user permissions provisioning, managed security, log, audit, and report,
cross-application and cross-network authentication, enforce password and use policies,
interface with Active Directory or LDAP implementations, analyzing device permissions, and
privileged access management. IAM tools are essential for businesses that prioritize IT asset
security over anything else. They help IT security professionals centrally manage access to all
applications and files for employees, customers, partners, and other authorized groups. IAM
tools are scalable across the entire corporate infrastructure, including the corporate LAN,
wireless LAN, WAN, and even into public and private clouds and edge computing points of
presence. IAM tools are a must-have for resources that fall under regulatory compliance
rules. IAM tools proved invaluable during the COVID-19 pandemic as employees operated
either in a permanent work-from-home or hybrid work environment.

REFERENCES

[1] https://www.goodaccess.com/

[2] https://logmeonce.com/

[3] https://www.vaultproject.io/

[4]https://www.ibm.com/qradar/network-security

[5] https://www.geeksforgeeks.org/authentication-in-computer-network/
[6] https://www.hidglobal.com/solutions/access-control-systems?ls=PPC&utm_detail=2022-
pacs-apac-11-nxtgenaccess-dig-ads-adw-hidweb-ac-website-generic-PACS-APAC-EN-
321&gclid=CjwKCAjwkeqkBhAnEiwA5U-
uMzAPycphT4TjJi3ws8mabSUjG7_5Gv2l6zDpnTG7Lw6AsQxBHUmWNxoCF2oQAvD_
BwE