Single sign-on using trusted platforms

Network users today have to remember one username/password pair for every service they are registered with. One solution to the security and usability implications of this situation is Single Sign-On, a mechanism by which the user authenticates only once to an entity termed the ‘Authentication Service Provider’ (ASP) and subsequently uses disparate Service Providers (SPs) without necessarily re-authenticating. The information about the user’s authentication status is handled between the ASP and the desired SP in a manner transparent to the user. This paper demonstrates a method by which the end-user’s computing platform itself plays the role of the ASP. The platform has to be a Trusted Platform conforming to the Trusted Computing Platform Alliance (TCPA) specifications. The relevant TCPA architectural components and security services are described and associated threats are analysed

Interdomain User Authentication and Privacy

This thesis looks at the issue of interdomain user authentication, i.e. user authentication in systems that extend over more than one administrative domain. It is divided into three parts. After a brief overview of related literature, the first part provides a taxonomy of current approaches to the problem. The taxonomy is first used to identify the relative strengths and weaknesses of each approach, and then employed as the basis for putting into context four concrete and novel schemes that are subsequently proposed in this part of the thesis. Three of these schemes build on existing technology; the first on 2nd and 3rd-generation cellular (mobile) telephony, the second on credit/debit smartcards, and the third on Trusted Computing. The fourth scheme is, in certain ways, different from the others. Most notably, unlike the other three schemes, it does not require the user to possess tamper-resistant hardware, and it is suitable for use from an untrusted access device. An implementation of the latter scheme (which works as a web proxy) is also described in this part of the thesis. As the need to preserve one’s privacy continues to gain importance in the digital world, it is important to enhance user authentication schemes with properties that enable users to remain anonymous (yet authenticated). In the second part of the thesis, anonymous credential systems are identified as a tool that can be used to achieve this goal. A formal model that captures relevant security and privacy notions for such systems is proposed. From this model, it is evident that there exist certain inherent limits to the privacy that such systems can offer. These are examined in more detail, and a scheme is proposed that mitigates the exposure to certain attacks that exploit these limits in order to compromise user privacy. The second part of the thesis also shows how to use an anonymous credential system in order to facilitate what we call ‘privacy-aware single sign-on’ in an open environment. The scheme enables the user to authenticate himself to service providers under separate identifier, where these identifiers cannot be linked to each other, even if all service providers collude. It is demonstrated that the anonymity enhancement scheme proposed earlier is particularly suited in this special application of anonymous credential systems. Finally, the third part of the thesis concludes with some open research questions

My Private Cloud Overview: A Trust, Privacy and Security Infrastructure for the Cloud

Based on the assumption that cloud providers can be trusted (to a certain extent) we define a trust, security and privacy preserving infrastructure that relies on trusted cloud providers to operate properly. Working in tandem with legal agreements, our open source software supports: trust and reputation management, sticky policies with fine grained access controls, privacy preserving delegation of authority, federated identity management, different levels of assurance and configurable audit trails. Armed with these tools, cloud service providers are then able to offer a reliable privacy preserving infrastructure-as-a-service to their clients

Using GSM/UMTS for single sign-on

At present, network users have to remember a username and a corresponding password for every service with which they are registered. Single Sign-On (SSO) has been proposed as a solution to the usability, security and management implications of this situation. Under SSO, users authenticate themselves only once to an entity termed the ‘Authentication Service Provider ’ (ASP) and subsequently use disparate Service Providers (SPs) without reauthenticating. The information about the user’s authentication status is handled between the ASP and the desired SP in a manner transparent to the user. In this paper we propose a SSO protocol where a GSM or UMTS operator plays the role of the ASP and by which its subscribers can be authenticated to SPs without any user interaction and in a way that preserves the user’s privacy and mobility. The protocol only requires minimal changes to the deployed GSM infrastructure

Single sign-on using trusted platforms

At present, network users have to remember a username and a corresponding password for every service with which they are registered

A Cautionary Note on Automatic Proxy Configuration

Web proxies can be used for a variety of services. Web browsers typically offer the option not only to statically configure a web proxy, but also to download proxy settings dynamically from the Internet. Unfortunately, the supporting infrastructure does not enable the browsers to properly authenticate the origin of these proxy settings. This inadequacy provides an opportunity for an attacker to interpose his own proxy between a client device and the web. The scope of potential harm includes wholesale or selective interception of web traffic, and web spoofing. In a practical setting the attack works even in the presence of SSL/TLS channels that are supposed to protect against interception and modification. Depending on the presence and configuration of a firewall, attacks can be launched by outsiders as well as by insiders. This paper examines various attack scenarios and proposes countermeasures to these attacks