A Survey of Security Analysis in Federated Identity Management

Simpson, Sean; Groß, Thomas

doi:10.1007/978-3-319-55783-0_16

Cited by 4 publications

(4 citation statements)

References 29 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…OAuth is widely used in the current internet environment since its usability and performance are improved. However, OAuth still suffers from some security vulnerabilities [7]. Another disadvantage of the OAuth framework is that the IdP serves as a centralized identity provider, which in some situations may yield data loss.…”

Section: Identity Provider Based Platformmentioning

confidence: 99%

ADPP: A Novel Anomaly Detection and Privacy-Preserving Framework using Blockchain and Neural Networks in Tokenomics

Yao¹,

Gu²,

Du³

et al. 2022

IJAIA

View full text Add to dashboard Cite

The increasing popularity of crypto assets has resulted in greater cryptocurrency investor interest and more exposure in both industry and academia. Despite the substantial socioeconomic benefits, the anonymous character of cryptocurrency trading makes it prone to abuse and a magnet for illicit purposes, which cause monetary losses for individual traders and erosion in the standing of the tokenomics industry. To regulate the illicit behavior and secure users' privacy for cryptocurrency trading, we present an Anomaly Detection and Privacy-Preserving (ADPP) Framework integrating blockchain and deep learning technologies. Specifically, ADPP leverages blockchain technologies to build a user management platform that ensures anonymity and enhances the privacy-preservation of user information. Atop the user management system, an Anomaly Detection System adapts neural networks and imbalanced learning on topological cryptocurrency flow among users to identify anomalous addresses and maintain a sanction list repository. The experiments on the real-world dataset demonstrate the effectiveness and superior performance of ADPP. The flexible framework can be easily generalized to the crypto assets with public real-time transaction (e.g., Non-fungible Token), which takes up a significant proportion of market capitalization in the domain of tokenomics.

show abstract

Section: Identity Provider Based Platformmentioning

confidence: 99%

ADPP: A Novel Anomaly Detection and Privacy-Preserving Framework using Blockchain and Neural Networks in Tokenomics

Yao¹,

Gu²,

Du³

et al. 2022

IJAIA

View full text Add to dashboard Cite

show abstract

“…Thomas Groß performed a detailed protocol-level analysis of Security Assertion Markup Language (SAML) based Single-Sign on [20]. In a survey, Simpson and Groß categorized malicious and accidental security issues in Federated Identity Management (FIM) frameworks and presented solutions to those security incidents that have been recommended by others [35].…”

Section: Related Work and Scope Of The Proposed Work A Related Workmentioning

confidence: 99%

Single Sign-On: A Solution Approach to Address Inefficiencies During Sign-Out Process

Ramamoorthi

Sarkar

2020

IEEE Access

View full text Add to dashboard Cite

In a Single Sign-on (SSO) environment, an Identity Provider (IDP) authenticates a user for the first Service Provider (SP). The IDP creates an active IDP session and stores its information in the user's web browser. Each SP also creates and maintains one active service session. Using state-transition diagrams, we illustrate sign-in and sign-out processes. An information security vulnerability situation is created because users are unaware of an active IDP session in the user's browser and signs-out only from SP sessions. One solution to this problem is educating users. Another solution is to implement the SSO that ensures the termination of the IDP session as soon as user signs-out from all services that the IDP authenticated. The first solution appears to be simple, but practically an impossible task to educate millions of web based SSO users worldwide. The second solution is better because one good implementation solves the problem for all users. In this paper, we propose several solutions for terminating the hidden active IDP session. Also, we review the data storage-methods commonly used for storing information of SP and IDP sessions in the browsers. Moreover, we propose a browser extension for conveniently and efficiently managing active SP and IDP sessions. In our proposed browser extension, we have recommended IndexedDB browser storage for storing active session information. We believe our proposed browser extension is simple, but efficient solution for eliminating hidden active IDP session.

show abstract

“…There are several works dealing with threat modeling and attack surface analysis for FIDM and SSI systems. Simpson (2016) conducted a systematic FIDM security analysis survey, which categorizes security incidents that occur in FIM protocols to specify the FIDM problem landscape. Aldosary and Norah (2021) provided a comparison between FIdM architectures such as liberty alliance, security assertion markup language SAML v2.0, WS-Federation, Shibboleth, and so forth to summarize the FIDM limitations based on how it affects the user.…”

Section: Introductionmentioning

confidence: 99%

“…Aldosary and Norah (2021) provided a comparison between FIdM architectures such as liberty alliance, security assertion markup language SAML v2.0, WS-Federation, Shibboleth, and so forth to summarize the FIDM limitations based on how it affects the user. In Simpson (2016), the author not only reviews a comprehensive attack surface of attacks in FIDM, but also models the escalation of attacks, that is, how attacks on one stakeholder can cause possible attacks on other stakeholders. There is less significant work on SSI threat modeling, security analysis, and risk assessment.…”

Section: Introductionmentioning

confidence: 99%

A comparative cyber risk analysis between federated and self-sovereign identity management systems

Le,

Epiphaniou,

Maple

2023

Data & Policy

View full text Add to dashboard Cite

Self-sovereign identity (SSI) is an emerging and promising concept that enables users to control their identity while enhancing security and privacy compared to other identity management (IDM) approaches. Despite the recent advancements in SSI technologies, federated identity management (FIDM) systems continue to dominate the IDM market. Selecting an IDM to implement for a specific application is a complex task that requires a thorough understanding of the potential external cyber risks. However, existing research scarcely compares SSI and FIDM from the perspective of these external threats. In response to this gap, our article provides an attack surface analysis focused solely on external threats for both systems. This analysis can serve as a reference to compare the relevant security and privacy risks associated with these external threats. The threat landscapes of external attackers were systematically synthesized from the main components and functionalities of the common standards and designs. We further present a use case analysis that applies this attack surface analysis to compare the external cyber risks of the two systems in detail when managing cross-border identity between European countries. This work can be particularly useful for considering a more secure design for future IDM applications, taking into account the landscape of external threats.

show abstract

A Survey of Security Analysis in Federated Identity Management

Cited by 4 publications

References 29 publications

ADPP: A Novel Anomaly Detection and Privacy-Preserving Framework using Blockchain and Neural Networks in Tokenomics

ADPP: A Novel Anomaly Detection and Privacy-Preserving Framework using Blockchain and Neural Networks in Tokenomics

Single Sign-On: A Solution Approach to Address Inefficiencies During Sign-Out Process

A comparative cyber risk analysis between federated and self-sovereign identity management systems

Contact Info

Product

Resources

About