Abstract
The paper deals with security analysis of target assets protection in IT systems using federated eID technologies.
The main topic of the analysis is asset protection in a target IT system using federated eID system for IAM (Identity and Access Management), particularly for authentication.
The analysis deals with the well-known federated eID technologies i.e. oAuth, OpenId, SAML, SCIM, WS-federation and WS-trust.
The issue of relationship between target system data channel (data channel between authenticated user and target system) and authentication result of federated eID system (assertion) is analysed.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Altman, J., Williams, N., Zhu, L.: RFC 5929, Channel Bindings for TLS, Internet Engineering Task Force (IETF), July 2010
Badra, M.: RFC 5487, Pre-Shared Key Cipher Suites for TLS with SHA-256/384 and AES Galois Counter Mode, IETF Trust, March 2009
Barnes, R.: RFC 6394,..Use Cases and Requirements for DNS-Based Authentication of Named Entities (DANE)", IETF, October 2011
Blumenthal, U., Goel, P.: RFC 4785, Pre-Shared Key (PSK) Ciphersuites with NULL Encryption for Transport Layer Security (TLS), The IETF Trust, January 2007
Brown, M., Housley, R.: RFC 5878, Transport Layer Security (TLS) Authorization Extensions, IETF Trust, May 2010
Dierks, T., Rescorla, E.: RFC 4346, The Transport Layer Security (TLS) Protocol Version 1.1, The Internet Society, April 2006
Dierks, T., Rescorla, E.: RFC 5246, The Transport Layer Security (TLS) Protocol Version 1.2, The IETF Trust, August 2008
D. Hardt, Ed.:..The OAuth 2.0 Authorization Framework", Internet Engineering Task Force (IETF), Request for Comments: 6749, October 2012
Eronen, P., Tschofenig, H.: RFC 4279, Pre-Shared Key Ciphersuites for Transport Layer Security (TLS), The Internet Society, December 2005
Freier, A., Karlton, P., Kocher, P.: RFC 6101, The Secure Sockets Layer (SSL) Protocol Version 3.0, IETF, August 2011
Funk, P., Blake-Wilson, S.: RFC 5281, Extensible Authentication Protocol Tunneled Transport Layer Security Authenticated Protocol Version 0 (EAP-TTLSv0), The IETF Trust , August 2008
Hanna, Steve, Funk, Paul: draft - Key Agility Extensions for EAP-TTLSv0, The IETF Trust, September 24, 2007
Hoffman, P.: RFC 6358,..Additional Master Secret Inputs for TLS", IETF, January 2012
Hodges, J., Jackson, C., Barth, A.: RFC 6797,..HTTP Strict Transport Security (HSTS)", IETF, November 2012
Hoffman, P., Schlyter, J.: RFC 6698,..The DNS-Based Authentication of Named Entities (DANE) Transport Layer Security (TLS) Protocol: TLSA", IETF, August 2012
Josefsson, S.: RFC 6251,.Using Kerberos Version 5 over the Transport Layer Security (TLS) Protocol", IETF, May 2011
Keromytis, A.: RFC 6042, Transport Layer Security (TLS) Authorization Using KeyNote, IETF Trust , October 2010
Mavrogiannopoulos, N., Gillmor, D.: RFC 6091, Using OpenPGP Keys for Transport Layer Security (TLS) Authentication, IETF Trust, February 2011
Medvinsky, A., Hur, M.: RFC 2712, Addition of Kerberos Cipher Suites to Transport Layer Security (TLS), The Internet Society, October 1999
Neumann, Libor: An analysis of e-identity organizational and technological solutions within a single European information space. In: e-Challenges e-2007, The Hague, Netherlands, 2007, pp. 1326-1333.
Neumann, Libor: Anonymous, Liberal, and User-Centric Electronic Identity - A New, Systematic Design of eID Infrastructure, In: e-Challenges e-2008, 22-24 October 2008, Stockholm, Sweden.
Neumann, Libor et al.: Strong Authentication of Humans and Machines in Policy Controlled Cloud Computing Environment Using Automatic Cyber Identity, In: ISSE 2012 Securing Electronic Business Processes, Highlights of the Information Security Solutions Europe 2012 Conference, Springer Vieweg, 2012, pp 195-206.
Niemi, A., Arkko, J., Torvinen, V.: RFC 3310, Hypertext Transfer Protocol (HTTP) Digest Authentication Using Authentication and Key Agreement (AKA), The Internet Society, September 2002
OpenID: „OpenID Authentication 2.0 - Final", December 5, 2007
OASIS: „Profiles for the OASIS Security Assertion Markup Language (SAML)V2.0", OASIS Standard, 15 March 2005
OASIS: „Security and Privacy Considerations for the OASIS Security Assertion Markup Language (SAML) V2.0", OASIS Standard, 15 March 2005
OASIS: „WS-Trust 1.3", OASIS Standard, 19 March 2007
OASIS: „Security Assertion Markup Language (SAML) V2.0 Technical Overview", Committee Draft 02, 25 March 2008
OASIS: „Web Services Federation Language (WS-Federation) Version 1.2", OASIS Standard, 22 May 2009
OASIS: „SAML V2.0 Holder-of-Key Web Browser SSO Profile Version 1.0", Committee Specification 02, 10 August 2010
OASIS: „SAML V2.0 Kerberos Web Browser SSO Profile Version 1.0", Committee Specification 01, 07 February 2012
Rescorla, E.: RFC 5705, Keying Material Exporters for Transport Layer Security (TLS), IETF Trust, March 2010
Santesson, S., Medvinsky, A., Ball, J.: RFC 4681, TLS User Mapping Extension, The Internet Society, October 2006
Santesson, S.: RFC 4680, TLS Handshake Message for Supplemental Data, The Internet Society, September 2006
SCIM: „System for Cross-domain Identity Management", http://www.simplecloud.info/
Simon, D., Aboba, B., Hurst, R.: RFC 5216, The EAP-TLS Authentication Protocol, The IETF Trust, March 2008
Torvinen, V., Arkko, J., Naslund, M.: RFC 4169, Hypertext Transfer Protocol (HTTP) Digest Authentication Using Authentication and Key Agreement (AKA) Version-2, The Internet Society, November 2005
Turner, S., Polk, T.: RFC 6176,..Prohibiting Secure Sockets Layer (SSL) Version 2.0", IETF, March 2011
Taylor, D., Wu, T., Mavrogiannopoulos, N., Perrin, T.: RFC 5054, Using the Secure Remote Password (SRP) Protocol for TLS Authentication, The IETF Trust, November 2007
William E. Burr, et al.: „Electronic Authentication Guideline", Special Publication 800-63-1, NIST- National Institute of Standards and Technology, December 2011
Williams N.: - RFC 5056, On the Use of Channel Bindings to Secure Channels, The IETF Trust, November 2007.
Winter, S., McCauley, M., Venaas, S., Wierenga, K.: RFC 6614, „Transport Layer Security (TLS) Encryption for RADIUS",IETF, May 2012
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer Fachmedien Wiesbaden
About this chapter
Cite this chapter
Neumann, L. (2013). Security Challenges of Current Federated eID Architectures. In: Reimer, H., Pohlmann, N., Schneider, W. (eds) ISSE 2013 Securing Electronic Business Processes. Springer Vieweg, Wiesbaden. https://doi.org/10.1007/978-3-658-03371-2_3
Download citation
DOI: https://doi.org/10.1007/978-3-658-03371-2_3
Publisher Name: Springer Vieweg, Wiesbaden
Print ISBN: 978-3-658-03370-5
Online ISBN: 978-3-658-03371-2
eBook Packages: Computer ScienceComputer Science (R0)