Security, trust and privacy (STP) framework for federated single sign-on environment

Abstract

Trust and privacy are hot and open concerns in Open Environment (OE). The Conventional Computing Platform (CCP) is deficient of platform trust that raises security concerns such as ‘phishing’ attacks. The Trusted Computing Group (TCG) took an initiative to tackle security and trust anxieties in OE via Trusted Platform Module (TPM) and Remote Attestation (RA). However, the current RA technique has its own limitation i.e. missing of Mutual Attestation (MA) and platform privacy fears in OE. The Federated Single Sign-on (FSSO) scheme such as Shibboleth allows its users to access a resource across domains in a privacy preserving manner but what is still missing; it is the mutual platform trust establishment among client and Identity Provider (IdP) platforms in OE. In this paper, we embrace MA technique and integrated in Shibboleth with UserName (UN) to guarantee user is a legitimate owner of UN but also his/her and home domain IdP platform mutually authenticated. Hence, we achieves (a) strong security with two factor authentication i.e. UN and mutual attestation, (b) mutual platform trust establishment between the client and IdP machines, and (c) resource access in privacy protecting manner. We practicality demonstrate unified STP Framework notion for FSSO environment by Testbed prototype implementation that confirms productivity and scalability of our approach.