{"title":"通过联邦身份管理框架实现可扩展的、保护隐私的远程认证","authors":"T. Ali, M. Nauman, M. Amin, Masoom Alam","doi":"10.1109/ICISA.2010.5480294","DOIUrl":null,"url":null,"abstract":"Creating trustworthy online computing is an important open issue in security research. Trusted Computing aims to address this problem through the use of remote attestation but comes with its own baggage in the form of privacy concerns. Federated Identity Management Systems (FIDMSs), on the other hand, provide another form of trust but lack the ability to measure the integrity of platforms that they vouch for. We note that these two security architectures have reciprocal strengths and weaknesses and can be combined to create an architecture that addresses the concerns of both. In this paper, we propose an extended FIDMS in which the identity provider not only vouches for the identity of a user but also for her platform's integrity. In this way, we (a) allow a service provider to establish trust on a client platform's integrity without sacrificing privacy; and (b) create a feasible and scalable architecture for remote attestation. We describe our proposed architecture in the context of Shibboleth FIDMS and provide the details of the implementation of this system.","PeriodicalId":313762,"journal":{"name":"2010 International Conference on Information Science and Applications","volume":"29 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2010-04-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"8","resultStr":"{\"title\":\"Scalable, Privacy-Preserving Remote Attestation in and through Federated Identity Management Frameworks\",\"authors\":\"T. Ali, M. Nauman, M. Amin, Masoom Alam\",\"doi\":\"10.1109/ICISA.2010.5480294\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Creating trustworthy online computing is an important open issue in security research. Trusted Computing aims to address this problem through the use of remote attestation but comes with its own baggage in the form of privacy concerns. Federated Identity Management Systems (FIDMSs), on the other hand, provide another form of trust but lack the ability to measure the integrity of platforms that they vouch for. We note that these two security architectures have reciprocal strengths and weaknesses and can be combined to create an architecture that addresses the concerns of both. In this paper, we propose an extended FIDMS in which the identity provider not only vouches for the identity of a user but also for her platform's integrity. In this way, we (a) allow a service provider to establish trust on a client platform's integrity without sacrificing privacy; and (b) create a feasible and scalable architecture for remote attestation. We describe our proposed architecture in the context of Shibboleth FIDMS and provide the details of the implementation of this system.\",\"PeriodicalId\":313762,\"journal\":{\"name\":\"2010 International Conference on Information Science and Applications\",\"volume\":\"29 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2010-04-21\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"8\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2010 International Conference on Information Science and Applications\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ICISA.2010.5480294\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2010 International Conference on Information Science and Applications","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICISA.2010.5480294","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Scalable, Privacy-Preserving Remote Attestation in and through Federated Identity Management Frameworks
Creating trustworthy online computing is an important open issue in security research. Trusted Computing aims to address this problem through the use of remote attestation but comes with its own baggage in the form of privacy concerns. Federated Identity Management Systems (FIDMSs), on the other hand, provide another form of trust but lack the ability to measure the integrity of platforms that they vouch for. We note that these two security architectures have reciprocal strengths and weaknesses and can be combined to create an architecture that addresses the concerns of both. In this paper, we propose an extended FIDMS in which the identity provider not only vouches for the identity of a user but also for her platform's integrity. In this way, we (a) allow a service provider to establish trust on a client platform's integrity without sacrificing privacy; and (b) create a feasible and scalable architecture for remote attestation. We describe our proposed architecture in the context of Shibboleth FIDMS and provide the details of the implementation of this system.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
