Trusted Computing based Open Environment User Authentication Model
In federated identity management systems identity providers authenticate users of its realm via single sign-on and forward authentication assertion as a response to the service provider’s requests. Secure single sign-on authentication is always a challenging task in an open environment such as in Internet. The risk associated with an open environment authentication and authorization are user credentials stealing via man-in-the-middle attack, user platform infected with virus or Trojan horse, identity provider and service provider collude with each others. We reviewed current technologies’ Kerberos, Liberty Alliance, OpenID and Windows Live ID. However, the existing systems have limitations and weaknesses such as presence of third parties, no platform trust, and a weak authentication mechanism. In this paper, we propose a single-sign- on authentication model for an open environment to combine the trusted module security and platform trust in federated user systems. This model excludes third party involvement in every transaction such as identity or authentication service provider. The user platform in this model plays a role of an identity provider or authentication service. The security and privacy analysis of the proposed model shows our model can achieve strong security, platform trust and enhanced privacy.
autehntication federated identity management system single sign-on trusted platform module
Zubair Ahmad Jamalul-Lail Ab Manan Suziah Sulaiman
Cyber Security ClusterMIMOS BerhadTechnology Park Malaysia, Kuala Lumpur, Malaysia Cyber Security Cluster MIMOS Berhad Technology Park Malaysia, Kuala Lumpur, Malaysia Department of Computer and Information Sciences Universiti Teknologi PETRONAS Bandar Seri Iskandar,
国际会议
成都
英文
1-5
2010-08-20(万方平台首次上网日期,不代表论文的发表时间)