A survey on security issues of federated identity in the cloud computing

CloudCom 2012 - Proceedings: 2012 4th IEEE International Conference on Cloud Computing Technology and Science

Volumn , Issue , 2012, Pages 562-565

  Ghazizadeh, Eghbal ^a   Zamani, Mazdak ^a   Ab Manan, Jamalul Lail ^b   Pashang, Abolghasem ^a  

^a MALAYSIA JAPAN INTERNATIONAL INSTITUTE OF TECHNOLOGY   (Malaysia)

^b Technology Park Malaysia   (Malaysia)

Author keywords

Cloud computing; Federated Identity; Identity Theft; OpenID; SSO; Trusted computing

Indexed keywords

FEDERATED IDENTITY; IDENTITY THEFT; OPENID; SSO; TRUSTED COMPUTING;

AUTHENTICATION; CRIME; NETWORK SECURITY;

CLOUD COMPUTING;

EID: 84874277109     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/CloudCom.2012.6427513     Document Type: Conference Paper

References (21)

1. L. Badger, T. Grance, R. Patt-Corner, and J. Voas, "Draft cloud computing synopsis and recommendations," NIST Special Publication, vol. 800, p. 146, 2011.
2. S. T. Sun, E. Pospisil, I. Muslukhov, N. Dindar, K. Hawkey, and K. Beznosov, "What makes users refuse web single sign-on?: an empirical investigation of OpenID," 2011, p. 4.
3. M. Gharooni, M. Zamani, M. Mansourizadeh, and S. Abdullah, "A confidential RFID model to prevent unauthorized access," 2011, pp. 1-5.
4. M. ALIZADEH, M. SALLEH, M. ZAMANI, J. SHAYAN, and S. KARAMIZADEH, "Security and Performance Evaluation of Lightweight Cryptographic Algorithms in RFID."
5. A. C. Armando, R. Compagna, L. Cuellar, J. Tobarra, L., "Formal analysis of SAML 2.0 web browser single sign-on: breaking the SAML-based single sign-on for google apps," 2008, pp. 1-10.
6. R. Wang, S. Chen, and X. F. Wang, "Signing Me onto Your Accounts through Facebook and Google: a Traffic-Guided Security Study of Commercially Deployed Single-Sign-On Web Services," 2012.
7. H. Y. Huang, B. Wang, X. X. Liu, and J. M. Xu, "Identity federation broker for service cloud," in 2010 International Conference on Service Sciences, ICSS 2010, May 12, 2010-May 14, 2010, Hangzhou, China, 2010, pp. 115-120.
8. U. F. Rodriguez, M. Laurent-Maknavicius, and J. Incera-Dieguez, "Federated identity architectures," 2006.
9. D. C. J. Archer, Nils Puhlmann, Alan Boehme, Paul Kurtz, and J. Reavis, "Security guidance for critical areas of focus in cloud computing v3.0," Cloud Security Alliance, 2011.
10. J. Somorovsky, A. Mayer, J. Schwenk, M. Kampmann, and M. Jensen, "On breaking saml: Be whoever you want to be," 2012.
11. Wang, "An Analysis of Web Single Sign-On," 2011.
12. L. Yan, C. Rong, and G. Zhao, "Strengthen cloud computing security with federal identity management using hierarchical identitybased cryptography," in 1st International Conference on Cloud Computing, CloudCom 2009, December 1, 2009-December 4, 2009, Beijing, China, 2009, pp. 167-177.
13. J. H. You and M. S. Jun, "A Mechanism to Prevent RP Phishing in OpenID System," 2010, pp. 876-880.
14. S. T. Sun, "Simple But Not Secure: An Empirical Security Analysis of OAuth 2.0-Based Single Sign-On Systems," 2012.
15. C. Kim. (2007). Integrating OpenID and Infocard Available: http://www.identityblog.com/?p=659
16. P. Madsen, Y. Koga, and K. Takahashi, "Federated identity management for protecting users from ID theft," 2005, pp. 77-83.
17. M. A. P. Leandro, T. J. Nascimento, D. R. dos Santos, C. M. Westphall, and C. B. Westphall, "Multi-Tenancy Authorization System with Federated Identity for Cloud-Based Environments Using Shibboleth," 2012, pp. 88-93.
18. Z. Khattak, S. Sulaiman, and J. Manan, "A study on threat model for federated identities in federated identity management system," 2010, pp. 618-623.
19. Z. Ahmad, J. L. Ab Manan, and S. Sulaiman, "User Requirement Model for Federated Identities Threats," 2010.
20. S. Suriadi, E. Foo, and A. Jøsang, "A user-centric federated single sign-on system," Journal of Network and Computer Applications, vol. 32, pp. 388-401, 2009.
21. S. Zarandioon, D. Yao, and V. Ganapathy, "Privacy-aware identity management for client-side mashup applications," 2009, pp. 21-30.