Skip to main content
SpringerLink
Log in

Security Challenges of Current Federated eID Architectures

  • Chapter
Book cover ISSE 2013 Securing Electronic Business Processes

  • 863 Accesses

Abstract

The paper deals with security analysis of target assets protection in IT systems using federated eID technologies.

The main topic of the analysis is asset protection in a target IT system using federated eID system for IAM (Identity and Access Management), particularly for authentication.

The analysis deals with the well-known federated eID technologies i.e. oAuth, OpenId, SAML, SCIM, WS-federation and WS-trust.

The issue of relationship between target system data channel (data channel between authenticated user and target system) and authentication result of federated eID system (assertion) is analysed.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Altman, J., Williams, N., Zhu, L.: RFC 5929, Channel Bindings for TLS, Internet Engineering Task Force (IETF), July 2010

    Google Scholar 

  2. Badra, M.: RFC 5487, Pre-Shared Key Cipher Suites for TLS with SHA-256/384 and AES Galois Counter Mode, IETF Trust, March 2009

    Google Scholar 

  3. Barnes, R.: RFC 6394,..Use Cases and Requirements for DNS-Based Authentication of Named Entities (DANE)", IETF, October 2011

    Google Scholar 

  4. Blumenthal, U., Goel, P.: RFC 4785, Pre-Shared Key (PSK) Ciphersuites with NULL Encryption for Transport Layer Security (TLS), The IETF Trust, January 2007

    Google Scholar 

  5. Brown, M., Housley, R.: RFC 5878, Transport Layer Security (TLS) Authorization Extensions, IETF Trust, May 2010

    Google Scholar 

  6. Dierks, T., Rescorla, E.: RFC 4346, The Transport Layer Security (TLS) Protocol Version 1.1, The Internet Society, April 2006

    Google Scholar 

  7. Dierks, T., Rescorla, E.: RFC 5246, The Transport Layer Security (TLS) Protocol Version 1.2, The IETF Trust, August 2008

    Google Scholar 

  8. D. Hardt, Ed.:..The OAuth 2.0 Authorization Framework", Internet Engineering Task Force (IETF), Request for Comments: 6749, October 2012

    Google Scholar 

  9. Eronen, P., Tschofenig, H.: RFC 4279, Pre-Shared Key Ciphersuites for Transport Layer Security (TLS), The Internet Society, December 2005

    Google Scholar 

  10. Freier, A., Karlton, P., Kocher, P.: RFC 6101, The Secure Sockets Layer (SSL) Protocol Version 3.0, IETF, August 2011

    Google Scholar 

  11. Funk, P., Blake-Wilson, S.: RFC 5281, Extensible Authentication Protocol Tunneled Transport Layer Security Authenticated Protocol Version 0 (EAP-TTLSv0), The IETF Trust , August 2008

    Google Scholar 

  12. Hanna, Steve, Funk, Paul: draft - Key Agility Extensions for EAP-TTLSv0, The IETF Trust, September 24, 2007

    Google Scholar 

  13. Hoffman, P.: RFC 6358,..Additional Master Secret Inputs for TLS", IETF, January 2012

    Google Scholar 

  14. Hodges, J., Jackson, C., Barth, A.: RFC 6797,..HTTP Strict Transport Security (HSTS)", IETF, November 2012

    Google Scholar 

  15. Hoffman, P., Schlyter, J.: RFC 6698,..The DNS-Based Authentication of Named Entities (DANE) Transport Layer Security (TLS) Protocol: TLSA", IETF, August 2012

    Google Scholar 

  16. Josefsson, S.: RFC 6251,.Using Kerberos Version 5 over the Transport Layer Security (TLS) Protocol", IETF, May 2011

    Google Scholar 

  17. Keromytis, A.: RFC 6042, Transport Layer Security (TLS) Authorization Using KeyNote, IETF Trust , October 2010

    Google Scholar 

  18. Mavrogiannopoulos, N., Gillmor, D.: RFC 6091, Using OpenPGP Keys for Transport Layer Security (TLS) Authentication, IETF Trust, February 2011

    Google Scholar 

  19. Medvinsky, A., Hur, M.: RFC 2712, Addition of Kerberos Cipher Suites to Transport Layer Security (TLS), The Internet Society, October 1999

    Google Scholar 

  20. Neumann, Libor: An analysis of e-identity organizational and technological solutions within a single European information space. In: e-Challenges e-2007, The Hague, Netherlands, 2007, pp. 1326-1333.

    Google Scholar 

  21. Neumann, Libor: Anonymous, Liberal, and User-Centric Electronic Identity - A New, Systematic Design of eID Infrastructure, In: e-Challenges e-2008, 22-24 October 2008, Stockholm, Sweden.

    Google Scholar 

  22. Neumann, Libor et al.: Strong Authentication of Humans and Machines in Policy Controlled Cloud Computing Environment Using Automatic Cyber Identity, In: ISSE 2012 Securing Electronic Business Processes, Highlights of the Information Security Solutions Europe 2012 Conference, Springer Vieweg, 2012, pp 195-206.

    Google Scholar 

  23. Niemi, A., Arkko, J., Torvinen, V.: RFC 3310, Hypertext Transfer Protocol (HTTP) Digest Authentication Using Authentication and Key Agreement (AKA), The Internet Society, September 2002

    Google Scholar 

  24. OpenID: „OpenID Authentication 2.0 - Final", December 5, 2007

    Google Scholar 

  25. OASIS: „Profiles for the OASIS Security Assertion Markup Language (SAML)V2.0", OASIS Standard, 15 March 2005

    Google Scholar 

  26. OASIS: „Security and Privacy Considerations for the OASIS Security Assertion Markup Language (SAML) V2.0", OASIS Standard, 15 March 2005

    Google Scholar 

  27. OASIS: „WS-Trust 1.3", OASIS Standard, 19 March 2007

    Google Scholar 

  28. OASIS: „Security Assertion Markup Language (SAML) V2.0 Technical Overview", Committee Draft 02, 25 March 2008

    Google Scholar 

  29. OASIS: „Web Services Federation Language (WS-Federation) Version 1.2", OASIS Standard, 22 May 2009

    Google Scholar 

  30. OASIS: „SAML V2.0 Holder-of-Key Web Browser SSO Profile Version 1.0", Committee Specification 02, 10 August 2010

    Google Scholar 

  31. OASIS: „SAML V2.0 Kerberos Web Browser SSO Profile Version 1.0", Committee Specification 01, 07 February 2012

    Google Scholar 

  32. Rescorla, E.: RFC 5705, Keying Material Exporters for Transport Layer Security (TLS), IETF Trust, March 2010

    Google Scholar 

  33. Santesson, S., Medvinsky, A., Ball, J.: RFC 4681, TLS User Mapping Extension, The Internet Society, October 2006

    Google Scholar 

  34. Santesson, S.: RFC 4680, TLS Handshake Message for Supplemental Data, The Internet Society, September 2006

    Google Scholar 

  35. SCIM: „System for Cross-domain Identity Management", http://www.simplecloud.info/

  36. Simon, D., Aboba, B., Hurst, R.: RFC 5216, The EAP-TLS Authentication Protocol, The IETF Trust, March 2008

    Google Scholar 

  37. Torvinen, V., Arkko, J., Naslund, M.: RFC 4169, Hypertext Transfer Protocol (HTTP) Digest Authentication Using Authentication and Key Agreement (AKA) Version-2, The Internet Society, November 2005

    Google Scholar 

  38. Turner, S., Polk, T.: RFC 6176,..Prohibiting Secure Sockets Layer (SSL) Version 2.0", IETF, March 2011

    Google Scholar 

  39. Taylor, D., Wu, T., Mavrogiannopoulos, N., Perrin, T.: RFC 5054, Using the Secure Remote Password (SRP) Protocol for TLS Authentication, The IETF Trust, November 2007

    Google Scholar 

  40. William E. Burr, et al.: „Electronic Authentication Guideline", Special Publication 800-63-1, NIST- National Institute of Standards and Technology, December 2011

    Google Scholar 

  41. Williams N.: - RFC 5056, On the Use of Channel Bindings to Secure Channels, The IETF Trust, November 2007.

    Google Scholar 

  42. Winter, S., McCauley, M., Venaas, S., Wierenga, K.: RFC 6614, „Transport Layer Security (TLS) Encryption for RADIUS",IETF, May 2012

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. ANECT a.s, Vídeňská 125, 619 00, Brno, Czech Republic

    Libor Neumann

Authors
  1. Libor Neumann
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. TeleTrusT – Bundesverband IT-Sicherheit e.V., Erfurt, Germany

    Helmut Reimer

  2. Gelsenkirchen, Germany

    Norbert Pohlmann

  3. Darmstadt, Germany

    Wolfgang Schneider

Rights and permissions

Reprints and permissions

Copyright information

© 2013 Springer Fachmedien Wiesbaden

About this chapter

Cite this chapter

Neumann, L. (2013). Security Challenges of Current Federated eID Architectures. In: Reimer, H., Pohlmann, N., Schneider, W. (eds) ISSE 2013 Securing Electronic Business Processes. Springer Vieweg, Wiesbaden. https://doi.org/10.1007/978-3-658-03371-2_3

Download citation

  • DOI: https://doi.org/10.1007/978-3-658-03371-2_3

  • Publisher Name: Springer Vieweg, Wiesbaden

  • Print ISBN: 978-3-658-03370-5

  • Online ISBN: 978-3-658-03371-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation