By Topic

Design and Evaluation of an Architecture for Ubiquitous User Authentication Based on Identity Management Systems

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$33 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

1 Author(s)
Marc Barisch ; Inst. of Commun. Networks & Comput. Eng., Univ. of Stuttgart, Stuttgart, Germany

Nowadays, users consume digital services with their digital identities on a multitude of different devices, e.g. notebooks, smartphones or even TV sets. Hereby, users are faced with additional challenges, i.e., devices have different security levels and not all digital identities must be used on all devices. Identities used for home banking should not be used on an insecure device and business identities should only be used on business devices. Moreover, it should be possible to switch between devices in a seamless way without the need to reauthenticate again on each device. Therefore, we propose an architecture that integrates all user devices and exploits identity management systems for ubiquitous user authentication. The proposed architecture improves usability by reducing the number of manual authentication procedures, by relaying authentication to devices with appropriate input capabilities and by supporting the user in identity selection. Security is improved by the possibility to perform authentication on secure devices, the provisioning of short-lived tokens to in secure devices and the opportunity to perform multifactor authentication across devices. Our implementation is based on the Shibboleth IdM system and serves as proof-of-concept of our architecture. The conducted security evaluation confirms that our concept does not introduce additional security threats.

Published in:

2011IEEE 10th International Conference on Trust, Security and Privacy in Computing and Communications

Date of Conference:

16-18 Nov. 2011