Client Authentication in Federations Using a Security Mode
نویسنده
چکیده
Nowadays, identity-based client authentication (e.g., by username/ password) over SSL is the standard for user authentication on the Web. In particular, browser-based federated identity management (FIM) protocols prefer this technique to authenticate customers due to its user-convenience and lightweight access management. However, recent attacks known as phishing provide evidence that this authentication scheme is vulnerable to identity theft. As a consequence, FIM-protocols are likewise threatened by online-fraud. More dramatically, since FIM-protocols grant access to a federation of services with solely a single identity, a misuse affects many services equally. Therefore, we propose to define a secure mode (FIM-M), which downgrades malicious features of web browsers in the case of FIM and let us more concisely reason about the security of FIM-protocols.
منابع مشابه
Man-in-the-Middle in Tunneled Authentication Protocols
Recently new protocols have been proposed in the IETF for protecting remote client authentication protocols by running them within a secure tunnel. Examples of such protocols are PIC, PEAP and EAP-TTLS. One goal of these new protocols is to enable the migration from legacy client authentication protocols to more secure protocols, e.g., from plain EAP type to, say, PEAP. In these protocols, the ...
متن کاملTowards Secure XML Federations
The integration of isolated XML repositories has drawn more and more interest recently. In this paper, we propose XML federations to provide global e-services while preserving the necessary autonomy and security of each individual repository. First we show a logical architecture of XML federations, which is adapted from the common architecture of traditional federated databases according to the...
متن کاملSecurity Analysis of Lightweight Authentication Scheme with Key Agreement using Wireless Sensor Network for Agricultural Monitoring System
Wireless sensor networks have many applications in the real world and have been developed in various environments. But the limitations of these networks, including the limitations on the energy and processing power of the sensors, have posed many challenges to researchers. One of the major challenges is the security of these networks, and in particular the issue of authentication in the wireles...
متن کاملMan-in-the-Middle in Tunnelled Authentication
Recently new protocols have been proposed in IETF for protecting remote client authentication protoocols by running them within a secure tunnel. Examples of such protocols are PIC, PEAP and EAP-TTLS. One goal of these new protocols is to enable the migration from legacy client authentication protocols to more secure protocols, e.g., from plain EAP type to, say, PEAP. In these protocols, the sec...
متن کاملA Federated Authorization and Authentication Infrastructure for Unified Single Sign On
Currently federated authorization and authentication infrastructures are deployed to offer services to large groups of users while increasing the usability and scalability of the security architecture. Connection of domains using a variety of technologies brings new challenges and requires the utilization of standardized communication languages between these components. The presented architectu...
متن کامل