Infraestrutura de Autenticação e Autorização Baseada em SmartCards com Controle de Atributos Centrado no Usuário
Abstract
This paper presents an Authentication and Authorization Infrastructure that extends OpenID protocols in order to accomplish SmartCard based authentication and user-centric attribute release control. An Identity Selector component was designed to mediate the communication between the Identity Provider and the SmartCard, besides presenting a userinterface to allow the user to choose which attributes she wants to release to which Service Provider. A prototype of the infrastructure was developed in order to evaluate its feasibility.References
Ahn, G.-J., Ko, M. and Shehab, M. (2009) Privacy-enhanced User-Centric Identity Management, In Communications, 2009. ICC '09. IEEE International Conference on. IEEE.
Bhargav-Spantzel, A., Camenisch, J., Gross, T., and Sommer, D. (2007). User centricity: a taxonomy and open issues. Journal of Computer Security, 15(5):493-527.
Cameron, K. (2007). Integrating OpenID and Infocard Part 1. http://www.identityblog.com/?p=659.
Chappell, D. (2006). Introducing windows cardspace. Msnd technical articles, Microsoft Corporation. http://msdn.microsoft.com/en-us/library/aa480189.aspx.
Florencio, D. and Herley, C. (2007). A large-scale study of web password habits. In WWW ’07: Proceedings of the 16th International Conference on World Wide Web, pp 657– 666, New York, NY, USA. ACM.
EclipseFoundation (2010). Higgins open source identity framework. http://www.eclipse.org/higgins/.
Jøsang, A. and Pope, S. (2005). User centric identity management. In AusCERT Asia Pacific Information Technology Security Conference. 2005.
Jøsang, A., Fabre, J., Hay, B., Dalziel, J., e Pope, S. (2005). Trust requirements in identity management. In CRPIT ’44: Proceedings of the 2005 Australasian workshop on Grid computing and e-research, pages 99–108, Darlinghurst, Australia. Australian Computer Society, Inc.
Lee, H., Jeun, I., Chun, K. and Song, J. (2008). A New Anti-Phishing Method in OpenID. In: SECURWARE '08. Second International Conference on, pp.243,247, IEEE.
Leicher, A., Schmidt, A. U. and Shah, Y. (2012) Smart OpenID: A Smart Card Based OpenID Protocol, In IFIP Advances in Information and Communication Technology v. 376, pp 75-86, Springer.
Liberty (2003). Introduction to the Liberty Alliance Identity Architecture. Liberty Alliance.
OpenID (2007). Openid authentication 2.0. OPENID. http://openid.net/specs/openidauthentication-2_0.html.
RSA Laboratories (2009). PKCS 11: Cryptographic Token Interface Standard. http://www.rsa.com/rsalabs/node.asp?id=2133
Scavo, T. e Cantor, S. (2005). Shibboleth Architecture. [link].
Urien, P. (2010). An OpenID Provider based on SSL Smart Cards. In Consumer Communications and Networking Conference (CCNC), 2010 7th IEEE. http://dx.doi.org/10.1109/CCNC.2010.5421756.
Vossaert, J., Lapon, J., Decker, B. and Naessens, V. (2011) User-centric identity management using trusted modules. In Lecture Notes in Computer Science, v. 6711, pp 155-170, Springer.
Bhargav-Spantzel, A., Camenisch, J., Gross, T., and Sommer, D. (2007). User centricity: a taxonomy and open issues. Journal of Computer Security, 15(5):493-527.
Cameron, K. (2007). Integrating OpenID and Infocard Part 1. http://www.identityblog.com/?p=659.
Chappell, D. (2006). Introducing windows cardspace. Msnd technical articles, Microsoft Corporation. http://msdn.microsoft.com/en-us/library/aa480189.aspx.
Florencio, D. and Herley, C. (2007). A large-scale study of web password habits. In WWW ’07: Proceedings of the 16th International Conference on World Wide Web, pp 657– 666, New York, NY, USA. ACM.
EclipseFoundation (2010). Higgins open source identity framework. http://www.eclipse.org/higgins/.
Jøsang, A. and Pope, S. (2005). User centric identity management. In AusCERT Asia Pacific Information Technology Security Conference. 2005.
Jøsang, A., Fabre, J., Hay, B., Dalziel, J., e Pope, S. (2005). Trust requirements in identity management. In CRPIT ’44: Proceedings of the 2005 Australasian workshop on Grid computing and e-research, pages 99–108, Darlinghurst, Australia. Australian Computer Society, Inc.
Lee, H., Jeun, I., Chun, K. and Song, J. (2008). A New Anti-Phishing Method in OpenID. In: SECURWARE '08. Second International Conference on, pp.243,247, IEEE.
Leicher, A., Schmidt, A. U. and Shah, Y. (2012) Smart OpenID: A Smart Card Based OpenID Protocol, In IFIP Advances in Information and Communication Technology v. 376, pp 75-86, Springer.
Liberty (2003). Introduction to the Liberty Alliance Identity Architecture. Liberty Alliance.
OpenID (2007). Openid authentication 2.0. OPENID. http://openid.net/specs/openidauthentication-2_0.html.
RSA Laboratories (2009). PKCS 11: Cryptographic Token Interface Standard. http://www.rsa.com/rsalabs/node.asp?id=2133
Scavo, T. e Cantor, S. (2005). Shibboleth Architecture. [link].
Urien, P. (2010). An OpenID Provider based on SSL Smart Cards. In Consumer Communications and Networking Conference (CCNC), 2010 7th IEEE. http://dx.doi.org/10.1109/CCNC.2010.5421756.
Vossaert, J., Lapon, J., Decker, B. and Naessens, V. (2011) User-centric identity management using trusted modules. In Lecture Notes in Computer Science, v. 6711, pp 155-170, Springer.
Published
2013-11-11
How to Cite
BÖGER, Davi da Silva; BARRETO, Luciano; FRAGA, Joni da Silva; SANTOS, André; FRANÇA, Davi Teles.
Infraestrutura de Autenticação e Autorização Baseada em SmartCards com Controle de Atributos Centrado no Usuário. In: BRAZILIAN SYMPOSIUM ON CYBERSECURITY (SBSEG), 13. , 2013, Manaus.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2013
.
p. 2-15.
DOI: https://doi.org/10.5753/sbseg.2013.19532.
