Abstract
Federated environment application running on cost-effective federated identity management system has been more widely adopted, and would potentially attract more organizations to adopt and invest if we enhance with security and trust mechanisms. The traditional certificate based authentication raises various issues such as firstly, the case when public portion of the key pair can be guessed or calculated by the attacker, it can further be used to masquerade against resource access, and secondly, when the storing of private key on user system can be compromised by viruses, Trojan horses etc. Also current computer platforms are lacking in platform trust establishment which makes it hard to trust remote platforms. In this paper, we discuss concerns related to federated services user authentication, authorization, and trust establishment in Federated Open Systems Interconnection and proposed trusted platform module protected storage to protect private keys, and platform attestation mechanisms to establish inter platform (and hence inter system) trust among interacting systems in open environment to overcome these issues. To assess our work we compared trusted platform module with existing authentication types and shows that trusted platform module provides better temper-resistance protection against attacks such as replay, Trojan horse’s, and fake anti viruses’ attacks etc.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Chadwick, D.W.: Federated Identity Management. In: Aldini, A., Barthe, G., Gorrieri, R. (eds.) FOSAD 2007. LNCS, vol. 5705, pp. 96–120. Springer, Heidelberg (2009)
Pashalidis, A., Mitchell, C.J.: Taxonomy of Single Sign-On Systems. In: Safavi-Naini, R., Seberry, J. (eds.) ACISP 2003. LNCS, vol. 2727, pp. 249–264. Springer, Heidelberg (2003)
Lutz, D.: Federation Payments using SAML Tokens with Trusted Platform Modules. In: Proceedings of the IEEE Symposium on Computers and Communications, pp. 363–368 (2007)
Vijayan, J.: Wells fargo discloses another data breach. Computer World (2006), http://www.computerworld.com/s/article/9002944/Wells_Fargodisclo_nother_data_breach
Lemos, R.: Reported data leaks reach high in 2007. Security Focus (2007), http://www.securityfocus.com/brief/652
Trusted Computing, http://www.trustedcomputinggroup.org/
Trusted Computing Platform Alliance (TCPA), http://mako.cc/talks/20030416-politics_and_tech_of_control/trustedcomputing.html
Balacheff, B., Chen, L., Pearson, S., Plaquin, D., Proudler, G.: Trusted Computing Platforms: TCPA Technology in Context. Prentice-Hall, Englewood Cliffs (2003)
Khattak, Z.A., Sulaiman, S., Manan, J.A.: A Study on Threat Model for Federated Identities in Federated Identity Management System. In: Proceeding 4th International Symposium on Information Technology of IEEE Symposium, pp. 618–623 (2010)
Ahn, G.-J., Shin, D., Hong, S.-P.: Information Assurance in Federated Identity Management: Experimentations and Issues. In: Zhou, X., Su, S., Papazoglou, M.P., Orlowska, M.E., Jeffery, K. (eds.) WISE 2004. LNCS, vol. 3306, pp. 78–89. Springer, Heidelberg (2004)
Stephenson, P.: Ensuring Consistent Security Implementation within a Distributed and Federated Environment, pp. 12–14 (2006)
Hommel, W., Reiser, H.: Federated Identity Management: Shortcomings of Existing Standards. In: Proceedings of 9th IFIP/IEEE International Symposium on Integrated Management (2005)
Smedinghoff, T.J.: Federated Identity Management: Balancing Privacy Rights, Liability Risks, and the Duty to Authenticate (2009)
Jøsang, A., Fabre, J., Hay, B., Dalziel, J., Pope, S.: Trust Requirements in Identity Management. In: Australasian Information Security Workshop (2005)
Maler, E., Reed, D.: The Venn of Identity: Options and Issues in Federated Identity Management. IEEE Security and Privacy 6(2), 16–23 (2008)
Madsen, P., Koga, Y., Takahashi, K.: Federated Identity Management For Protecting Users from ID Theft. In: Proceedings of the 2005 ACM Workshop on Digital Identity Management, pp. 77–83. ACM Press, New York (2005)
Mills, E.: Report: ID fraud malware infecting PCs at increasing rates, Security (2009), http://news.cnet.com/8301-1009_3-10193025-83.html?tag=mncol;title
Shin, D., Ahn, G.-J., Shenoy, P.: Ensuring Information Assurance in Federated Identity Management. In: Proceedings of the 23rd IEEE International Performance Computing and Communications Conference, pp. 821–826 (2004)
Sailer, R., Zhang, X., Jaeger, T., van Doorn, L.: Design and Implementation of a TCG-based Integrity Measurement Architecture. In: Proceedings of the 13th USENIX Security Symposium Conference, Berkeley, CA, USA, pp. 223–238 (2004)
Khattak, Z.A., Manan, J.A., Sulaiman, S.: Analysis of Open Environment Sign-in Schemes-Privacy Enhanced & Trustworthy Approach. J. Adv. in Info. Tech. 2(2), 109–121 (2011), doi:10.4304/jait.2.2.109-121
Trusted Computing Group, Trusted Computing Group Specification Architecture Overview v1.2. Technical Report. Portland, Oregon, USA (2003)
Bakhsh, S.: Protecting your data with on-disk encryption, Business Intelligence Solutions, http://www.trustyourtechnologist.com/index.php/2010/07/07/protecting-your-data-with-on-disk-encryption/
O’Gorman, L.: Comparing passwords, tokens, and biometrics for user authentication. Proceedings of the IEEE 91(12), 2021–2040 (2003)
Shibboleth, http://shibboleth.internet2.edu/
Liberty Alliance, http://projectliberty.org/
OpenID, http://openid.net/
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Khattak, Z.A., Manan, Jl.A., Sulaiman, S. (2011). Finding New Solutions for Services in Federated Open Systems Interconnection. In: Abraham, A., Mauri, J.L., Buford, J.F., Suzuki, J., Thampi, S.M. (eds) Advances in Computing and Communications. ACC 2011. Communications in Computer and Information Science, vol 193. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-22726-4_27
Download citation
DOI: https://doi.org/10.1007/978-3-642-22726-4_27
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-22725-7
Online ISBN: 978-3-642-22726-4
eBook Packages: Computer ScienceComputer Science (R0)