Increasing the Resilience and Trustworthiness of OpenID Identity Providers for Future Networks and Services

Abstract: We introduce a set of tools and techniques for increasing the resilience and trustworthiness of identity providers (IdPs) based on OpenID. To this purpose we propose an architecture of specialized components capable of fulfilling the essential requirements for ensuring high availability, integrity and higher confidentiality guarantees for sensitive data and operations. Additionally, we also discuss how trusted components (e.g., TPMs, smart cards) can be used to provide remote attestation on the client and serv… Show more

“…Previously, we depicted a functional model, system design artifacts and essential techniques required for developing and deploying more secure and dependable identity providers for future IT infrastructures [18], [19], [20]. Furthermore, we analyzed some of the main trade offs of deploying robust and resilient services on a single physical machine or on multiple physical infrastructures.…”

“…However, it fails at addressing several security and dependability issues of current identity providers, as we have further depicted in our previous work [18], [19], [20]. Moreover, it uses only a single cloud, based on OpenStack, to scale the OpenID service, which is susceptible to several threats and performance issues [7], [8], [22].…”

“…To tackle with some of those issues regarding security and dependability of critical services, we have proposed and evaluated the feasibility of resilient and trustworthy IdP services [18], [19], [20], [30]. While these system designs and implementations solve different of the afore mentioned issues of OpenID and RADIUS-like services, they pose also additional challenges for small and medium enterprise.…”

“…This can be achieved by combining different advanced techniques from distributed systems, dependability and security. Furthermore, we have already shown how it is possible to take advantage of multi-infrastructures (e.g., data centers) to increase the robustness of the system for tolerating different types of faults and attacks [18], [19], [20].…”

“…RADIUS and OpenID are examples of services with different weakness regarding security and dependability [17], [18], [19], [20], as summarized in Table I. Current implementations and deployments are highly susceptible to: (i) common vulnerabilities in different parts of the IT stack; (ii) sensitive data leakage due to the fact that keys and certificates are commonly stored in the operating system's file system; and (iii) resource depletion attacks when deployed on the same physical server with current virtualization technologies (e.g., Xen hypervisor).…”

Identity Providers-as-a-Service built as Cloud-of-Clouds: challenges and opportunities

“…Previously, we depicted a functional model, system design artifacts and essential techniques required for developing and deploying more secure and dependable identity providers for future IT infrastructures [18], [19], [20]. Furthermore, we analyzed some of the main trade offs of deploying robust and resilient services on a single physical machine or on multiple physical infrastructures.…”

“…However, it fails at addressing several security and dependability issues of current identity providers, as we have further depicted in our previous work [18], [19], [20]. Moreover, it uses only a single cloud, based on OpenStack, to scale the OpenID service, which is susceptible to several threats and performance issues [7], [8], [22].…”

“…To tackle with some of those issues regarding security and dependability of critical services, we have proposed and evaluated the feasibility of resilient and trustworthy IdP services [18], [19], [20], [30]. While these system designs and implementations solve different of the afore mentioned issues of OpenID and RADIUS-like services, they pose also additional challenges for small and medium enterprise.…”

“…This can be achieved by combining different advanced techniques from distributed systems, dependability and security. Furthermore, we have already shown how it is possible to take advantage of multi-infrastructures (e.g., data centers) to increase the robustness of the system for tolerating different types of faults and attacks [18], [19], [20].…”

“…RADIUS and OpenID are examples of services with different weakness regarding security and dependability [17], [18], [19], [20], as summarized in Table I. Current implementations and deployments are highly susceptible to: (i) common vulnerabilities in different parts of the IT stack; (ii) sensitive data leakage due to the fact that keys and certificates are commonly stored in the operating system's file system; and (iii) resource depletion attacks when deployed on the same physical server with current virtualization technologies (e.g., Xen hypervisor).…”

Identity Providers-as-a-Service built as Cloud-of-Clouds: challenges and opportunities

On the Use of Quality Models to Characterize Trustworthiness Properties

A cyber-resilient architecture for critical security services