Scalable, Privacy-Preserving Remote Attestation in and through Federated Identity Management Frameworks

2010 International Conference on Information Science and Applications Pub Date : 2010-04-21 DOI:10.1109/ICISA.2010.5480294

T. Ali, M. Nauman, M. Amin, Masoom Alam

{"title":"Scalable, Privacy-Preserving Remote Attestation in and through Federated Identity Management Frameworks","authors":"T. Ali, M. Nauman, M. Amin, Masoom Alam","doi":"10.1109/ICISA.2010.5480294","DOIUrl":null,"url":null,"abstract":"Creating trustworthy online computing is an important open issue in security research. Trusted Computing aims to address this problem through the use of remote attestation but comes with its own baggage in the form of privacy concerns. Federated Identity Management Systems (FIDMSs), on the other hand, provide another form of trust but lack the ability to measure the integrity of platforms that they vouch for. We note that these two security architectures have reciprocal strengths and weaknesses and can be combined to create an architecture that addresses the concerns of both. In this paper, we propose an extended FIDMS in which the identity provider not only vouches for the identity of a user but also for her platform's integrity. In this way, we (a) allow a service provider to establish trust on a client platform's integrity without sacrificing privacy; and (b) create a feasible and scalable architecture for remote attestation. We describe our proposed architecture in the context of Shibboleth FIDMS and provide the details of the implementation of this system.","PeriodicalId":313762,"journal":{"name":"2010 International Conference on Information Science and Applications","volume":"29 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2010-04-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"8","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2010 International Conference on Information Science and Applications","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICISA.2010.5480294","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 8

Abstract

Creating trustworthy online computing is an important open issue in security research. Trusted Computing aims to address this problem through the use of remote attestation but comes with its own baggage in the form of privacy concerns. Federated Identity Management Systems (FIDMSs), on the other hand, provide another form of trust but lack the ability to measure the integrity of platforms that they vouch for. We note that these two security architectures have reciprocal strengths and weaknesses and can be combined to create an architecture that addresses the concerns of both. In this paper, we propose an extended FIDMS in which the identity provider not only vouches for the identity of a user but also for her platform's integrity. In this way, we (a) allow a service provider to establish trust on a client platform's integrity without sacrificing privacy; and (b) create a feasible and scalable architecture for remote attestation. We describe our proposed architecture in the context of Shibboleth FIDMS and provide the details of the implementation of this system.

查看原文本刊更多论文

通过联邦身份管理框架实现可扩展的、保护隐私的远程认证

创建可信的在线计算是安全研究中的一个重要开放性问题。可信计算旨在通过使用远程认证来解决这个问题，但它也有自己的包袱，即隐私问题。另一方面，联邦身份管理系统(FIDMSs)提供了另一种形式的信任，但缺乏衡量它们所担保的平台完整性的能力。我们注意到，这两种安全体系具有相互的优势和弱点，可以结合起来创建一个解决双方关切的体系。在本文中，我们提出了一种扩展的FIDMS，其中身份提供者不仅为用户的身份担保，而且为其平台的完整性担保。通过这种方式，我们(a)允许服务提供商在不牺牲隐私的情况下建立对客户端平台完整性的信任;(b)为远程认证创建可行且可扩展的架构。我们在Shibboleth FIDMS上下文中描述了我们提出的体系结构，并提供了该系统实现的细节。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2010 International Conference on Information Science and Applications

自引率

0.00%

发文量