Call for Paper - August 2022 Edition
IJCA solicits original research papers for the August 2022 Edition. Last date of manuscript submission is July 20, 2022. Read More

Evaluation of Unified Security, Trust and Privacy Framework (UnifiedSTPF) for Federated Identity and Access Management (FIAM) Mode

Print
PDF
International Journal of Computer Applications
© 2012 by IJCA Journal
Volume 54 - Number 6
Year of Publication: 2012
Authors:
Zubair Ahmad Khattak
Suziah Sulaiman
Jamalul-lail Ab. Manan
10.5120/8569-2290

Zubair Ahmad Khattak, Suziah Sulaiman and Jamalul-lail Ab. Manan. Article: Evaluation of Unified Security, Trust and Privacy Framework (UnifiedSTPF) for Federated Identity and Access Management (FIAM) Mode. International Journal of Computer Applications 54(6):12-19, September 2012. Full text available. BibTeX

@article{key:article,
	author = {Zubair Ahmad Khattak and Suziah Sulaiman and Jamalul-lail Ab. Manan},
	title = {Article: Evaluation of Unified Security, Trust and Privacy Framework (UnifiedSTPF) for Federated Identity and Access Management (FIAM) Mode},
	journal = {International Journal of Computer Applications},
	year = {2012},
	volume = {54},
	number = {6},
	pages = {12-19},
	month = {September},
	note = {Full text available}
}

Abstract

Federated identity and access management systems such as Shibboleth may symbolize a boost: (i) to bring the efficiency and effectiveness in collaboration for governments, enterprises and academia, and (iii) conserve the home domain user's identity privacy in a privacy-enhanced fashion. However, the consternation is about the absence of a trusted computing based mutual trust and security establishment in the Shibboleth infrastructure. The Trusted Computing based mutual attestation notion may assist to add-on the mutual trust and security but raises bidirectional platform privacy concerns. Therefore, to enjoy effectively the federated identity and resource (service) access by the home and foreign domain organizations it is necessary to provide an access control that may coalesced at least some security, trust and privacy aspects in a cohesive fashion. The objective of the work appearing in this paper is to provide a viable and feasible unified security, trust and privacy framework access control solution for federated identity and access management systems by fusing the Shibboleth authentication and authorization access control with the trusted computing based trustworthy mutual attestation.

References

  • Zissis, D. , Papadopoulou, A-E. , and Lekkas, D. 2008. Enhancing security in the integration of e-Government: The e-School initiative. In Proceedings of the 4th International Conference on Web Information Systems and Technologies, vol. 2, 495-502.
  • Nuxeo-Shibboleth ® Integration.
  • SAGE Library News. 2012.
  • Trusted Computing Group (TCG). https://www. trustedcomputinggroup. org
  • TCG. 2007 Trusted Computing Group (TCG) Specification Architecture Overview revision 1. 4, Technical Report. 11-12.
  • Alam, M. , Zhang, X. , Nauman, M. , Ali, T. , Seifert, J-P. 2008. Model-based behavioral attestation. In Proceeding of the 13th ACM symposium on Access Control Models and Technologies. ACM Press, New York. pp. 175-184.
  • Bajikar, S. 2002 Trusted Platform Module based Security on Notebooks PCs. White Paper. Mobile Platforms Group Intel Corporation.
  • Cantor, S. 2005 Shibboleth architecture, protocols and profiles. Technical Report.
  • Morgan, B et al. , "Federated security: The shibboleth approach," Journal of Educause Quarterly, vol. 27, 2004.
  • TCPA. 2002 Trusted Computing Platform Alliance (TCPA): TPMe protection profile ver. 1. 9. 7
  • Pearson, S. 2002 Trusted Computing Platforms: TCPA Technology in Context. Prentice-Hall.
  • Eastlake, D. , Jones, P. 2001 US secure hash algorithm-1 (SHA-1). RFC 3174 (2001).
  • Sailer, R. , Zhang, X. , Jaeger, T. , Doorn, L. 2004. Design and implementation of a TCG-based Integrity Measurement Architecture (IMA). In Proceedings of the 13th Conference on USENIX Security Symposium, vol. 13, pp. 223-238.
  • Cantor, S et al. 2005 Liberty identity Federation Framework (ID-FF) architecture overview v1. 2. Technical Report.
  • Fragoso-Rodrigu, U et al. 2006. Federated identity architectures. In Proceedings of 1st Mexican Conference on Informatics Security.
  • Helenius, K. 209 OpenID and identity management in consumer services on the Internet. Presented at the Current Internet Trends Seminar on Internetworking.
  • Culloch, F. 2008. OpenID and SAML. Technical Report.
  • Chadwick, D. W. 2009. Federated identity management. In Foundations of Security Analysis and Design V, vol. 5705, Springer-Verlag, pp. 96-120.
  • Lutz. D. J. , Campo, R. 2006. Bridging the gap between privacy and security in multi-domain federations with identity tokens. In Proceeding of 3rd Annual International Conference on Mobile and Ubiquitous Systems: Networking and Services, pp. 1-3.
  • Dey, A. , Weis, S. 2010. PseudoID: Enhancing privacy for federated Login. In Proceedings of 3rd Symposium on Hot Topics in Privacy Enhancing Technologies, Berlin, Germany, pp. 95-107.
  • Chaum, D. 1982. Blind signature for untraceable payments. In Proceedings of Advances in Cryptography, pp. 199-203.
  • Watanabe, R. , Tanaka, T. 2009. Federated authentication mechanism using cellular phone - collaboration with OpenID. In Proceedings of 6th International Conference on Information Technology: New Generations, Las Vegas, USA, pp. 435-442.
  • Klenk, A. , et al. 2009. Preventing identity theft with electronic identity cards and the trusted platform module. In Proceedings of the 2nd Workshop on System Security, New York, USA, pp. 44-51.
  • Leicher, A. , et al. 2010. Trusted computing enhanced OpenID. In Proceedings of International Conference on Internet Technology and Secured Transaction, London, UK, pp. 1-8.
  • Pashalidis, A. , Mitchell, C. 2011. Privacy in identity and access management. In Digital Identity and Access Management: Technologies and Frameworks, IGI Global, pp. 316-328.
  • Ali, T. , et al. 2010. Scalable, privacy-preserving remote attestation in and through federated identity management frameworks. In Proceedings of International Conference on Information Science and Application, Seoul, South Korea, pp. 1-8.
  • Khattak, Z. A. , et al. 2010. A study on threat model for federated identities in federated identity management system. In Proceedings of International Symposium on Information Technology, KL, Malaysia, pp. 618-623.
  • Khattak, Z. A. , et al. , "Analysis of open environment sign-in schemes: privacy-enhanced and trustworthy approach", Journal of Advances in Information Technology, vol. 2, 2011, pp. 109-121.
  • Khattak,Z. A. , et al. , 2011. Proof of concept implementation of trustworthy mutual attestation architecture for true single sign-on. In Proceedings of the 10th Int. Conference on Security and Management, Las Vegas, Nevada, USA, pp. 721-724.
  • Khattak, Z. A. , et al. , 2011. Security, Trust and Privacy (STP) framework for federated single sign-on environment. In Proceedings of the 5th International Conference on Information Technology and Multimedia, Kuala Lumpur, Malaysia, November 2011, pp. 1- 6.
  • Jager, E T. , Sailer, R. , Shankar, U. 2006. Policy-Reduced Integrity Measurement Architecture (PRIMA). In Proceedings of 11th ACM Symposium on Access Control Models and Technologies, pp. 19-28.
  • Sadeghi, A-R. , Stuble, C. 2004. Property based attestation for computing platforms: Caring about properties, not mechanisms. In Proceedings 4th Workshop on New Security Paradigms.