User requirement model for federated identities threats

Abstract

Federated identity management system interconnects distributed island of identity management systems with federated identity standards with single sign-on facility. In an open environment, such as those of a federated identity management system a user single sign-on credentials, can easily fall prey to identity theft, or unlawful information gathering. It may use either existing account or new account fraud. In this paper, we present scenarios related to identity theft, unlawful information gathering and tracking. We show the main issue of lack of platform trust in platforms involve in federated systems and discussed the consequences of respective threats on them. In an effort to present a holistic approach to handle security, trust and privacy, we propose a user requirement model involving these core issues for federated identities. These requirements include system trustworthiness, hardware protected key generations, usability, efficiency, identity information validity, privacy, accountability and system robustness. In our proposed model, Trusted Platform Module (TPM), is the fundamental component which ties and binds all communicating platforms together in authentication, verification and trustworthiness of the platform.