2-clickAuth

2011 ◽  
Vol 3 (2) ◽  
pp. 1-18
Author(s):  
Anna Vapen ◽  
Nahid Shahmehri
Keyword(s):  
Web Sites ◽  
Identity Management ◽  
Ease Of Use ◽  
Internet Users ◽  
Short Period ◽  
Web Camera ◽  
Single Identity ◽  
Federated Identity Management ◽  
Federated Identity ◽  
Identity Provider

Internet users often have usernames and passwords at multiple web sites. To simplify things, many sites support federated identity management, which enables users to have a single account allowing them to log on to different sites by authenticating to a single identity provider. Most identity providers perform authentication using a username and password. Should these credentials be compromised, all of the user’s accounts become compromised. Therefore a more secure authentication method is desirable. This paper implements 2-clickAuth, a multimedia-based challenge-response solution which uses a web camera and a camera phone for authentication. Two-dimensional barcodes are used for the communication between phone and computer, which allows 2-clickAuth to transfer relatively large amounts of data in a short period of time. 2-clickAuth is more secure than passwords while easy to use and distribute. 2-clickAuth is a viable alternative to passwords in systems where enhanced security is desired, but availability, ease-of-use, and cost cannot be compromised. This paper implements an identity provider in the OpenID federated identity management system that uses 2-clickAuth for authentication, making 2-clickAuth available to all users of sites that support OpenID, including Facebook, Sourceforge, and MySpace.

2-ClickAuth

2012 ◽  
pp. 70-88
Author(s):  
Anna Vapen ◽  
Nahid Shahmehri
Keyword(s):  
Web Sites ◽  
Identity Management ◽  
Ease Of Use ◽  
Internet Users ◽  
Web Camera ◽  
Single Identity ◽  
Federated Identity Management ◽  
Federated Identity ◽  
Secure Authentication ◽  
Identity Provider

Internet users often have usernames and passwords at multiple web sites. To simplify things, many sites support federated identity management, which enables users to have a single account allowing them to log on to different sites by authenticating to a single identity provider. Most identity providers perform authentication using a username and password. Should these credentials be compromised, all of the user’s accounts become compromised. Therefore a more secure authentication method is desirable. This paper implements 2-clickAuth, a multimedia-based challenge-response solution which uses a web camera and a camera phone for authentication. Two-dimensional barcodes are used for the communication between phone and computer, which allows 2-clickAuth to transfer relatively large amounts of data in a short period of time. 2-clickAuth is more secure than passwords while easy to use and distribute. 2-clickAuth is a viable alternative to passwords in systems where enhanced security is desired, but availability, ease-of-use, and cost cannot be compromised. This paper implements an identity provider in the OpenID federated identity management system that uses 2-clickAuth for authentication, making 2-clickAuth available to all users of sites that support OpenID, including Facebook, Sourceforge, and MySpace.

FedCohesion: Federated Identity Management in the Marche Region

2012 ◽  
pp. 112-124 ◽  
Author(s):  
Serenella Carota ◽  
Flavio Corradini ◽  
Damiano Falcioni ◽  
Maria Laura Maggiulli ◽  
Fausto Marcantoni ◽  
...  
Keyword(s):  
Identity Management ◽  
Marche Region ◽  
Federated Identity Management ◽  
Federated Identity

On Cryptographically Strong Bindings of SAML Assertions to Transport Layer Security

2011 ◽  
Vol 3 (4) ◽  
pp. 20-35
Author(s):  
Florian Kohlar ◽  
Jörg Schwenk ◽  
Meiko Jensen ◽  
Sebastian Gajek
Keyword(s):  
Identity Management ◽  
Transport Layer ◽  
The Public ◽  
Web Technologies ◽  
Transport Layer Security ◽  
Man In The Middle ◽  
Federated Identity Management ◽  
Same Origin Policy ◽  
Security Guarantees ◽  
Federated Identity

In recent research, two approaches to protect SAML based Federated Identity Management (FIM) against man-in-the-middle attacks have been proposed. One approach is to bind the SAML assertion and the SAML artifact to the public key contained in a TLS client certificate. Another approach is to strengthen the Same Origin Policy of the browser by taking into account the security guarantees TLS gives. This work presents a third approach which is of further interest beyond IDM protocols, especially for mobile devices relying heavily on the security offered by web technologies. By binding the SAML assertion to cryptographically derived values of the TLS session that has been agreed upon between client and the service provider, this approach provides anonymity of the (mobile) browser while allowing Relying Party and Identity Provider to detect the presence of a man-in-the-middle attack.

Sign in / Sign up

Export Citation Format

Share Document