Trusted Computing based open environment user authentication model
作者: Zubair Ahmad , Jamalul-Lail Ab Manan , Suziah Sulaiman
DOI: 10.1109/ICACTE.2010.5579171
关键词:
摘要: In federated identity management systems providers authenticate users of its realm via single sign-on and forward authentication assertion as a response to the service provider's requests. Secure is always challenging task in an open environment such Internet. The risk associated with authorization are user credentials stealing man-in-the-middle attack, platform infected virus or Trojan horse, provider collude each others. We reviewed current technologies' Kerberos, Liberty Alliance, OpenID Windows Live ID. However, existing have limitations weaknesses presence third parties, no trust, weak mechanism. this paper, we propose single-sign-on model for combine trusted module security trust systems. This excludes party involvement every transaction provider. plays role service. privacy analysis proposed shows our can achieve strong security, enhanced privacy.
sci-hub.se 参考文章(10)
Michael Fleming Grubb, Rob Carter, Single Sign-On and the System Administrator usenix large installation systems administration conference. pp. 63- 86 ,(1998)
Birgit Pfitzmann, Privacy in enterprise identity federation: Policies for Liberty single signon - privacy enhancing technologies. pp. 189- 204 ,(2003)
David W. Chadwick, Federated Identity Management Foundations of Security Analysis and Design V. pp. 96- 120 ,(2009) , 10.1007/978-3-642-03829-7_3
Yvo Desmedt, Man-in-the-Middle Attack. In: Tilborg, HCAV and Jajodia, S, (eds.) Encyclopedia of Cryptography and Security (2nd Ed.). (p. 759). Springer (2011). pp. 759- ,(2005)
Birgit Pfitzmann, Privacy in enterprise identity federation – policies for Liberty 2 single sign on Information Security Technical Report. ,vol. 9, pp. 45- 58 ,(2004) , 10.1016/S1363-4127(04)00015-9
Paul Stephenson, Ensuring consistent security implementation within a distributed and federated environment Computer Fraud & Security. ,vol. 2006, pp. 12- 14 ,(2006) , 10.1016/S1361-3723(06)70441-9
Siani Pearson, Trusted Computing Platforms: TCPA Technology in Context Prentice Hall PTR. ,(2002)
B. Pfitzmann, M. Waidner, Analysis of liberty single-sign-on with enabled clients IEEE Internet Computing. ,vol. 7, pp. 38- 44 ,(2003) , 10.1109/MIC.2003.1250582
B.C. Neuman, T. Ts'o, Kerberos: an authentication service for computer networks IEEE Communications Magazine. ,vol. 32, pp. 33- 38 ,(1994) , 10.1109/35.312841
Clifford Neuman, Jennifer G. Steiner, Athena, Jeffrey I. Schiller, Kerberos: An Authentication Service for Open Network Systems USENIX Winter. pp. 191- 202 ,(1988)