Choice of suitable Identity and Access Management standards for mobile computing and communication

Proceedings of the 24th International Conference on Telecommunications: Intelligence in Every Form, ICT 2017

Volumn , Issue , 2017, Pages

  Naik, Nitin ^a   Jenkins, Paul ^a   Newell, David ^b  

^a MINISTRY OF DEFENCE   (United Kingdom)

^b BOURNEMOUTH UNIVERSITY   (United Kingdom)

Author keywords

IAM; Identity and Access Management; Mobile Computing and Communication; OAuth; OpenID Connect; SAML; SSO

Indexed keywords

MARKUP LANGUAGES; MOBILE SECURITY; STANDARDS;

CONFIDENTIAL INFORMATION; IDENTITY AND ACCESS MANAGEMENTS; OAUTH; OPENID CONNECT; PERSONAL MOBILE DEVICES; SAML; SECURITY ASSERTION MARKUP LANGUAGES; SECURITY VULNERABILITY ANALYSIS;

MOBILE COMPUTING;

EID: 85028533582     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/ICT.2017.7998280     Document Type: Conference Paper

References (27)

1. N. Naik, and P. Jenkins, "A secure mobile cloud identity: Criteria for effective identity and access management standards, " in 2016 4th IEEE International Conference on Mobile Cloud Computing, Services, and Engineering (MobileCloud 2016). IEEE, 2016.
2. N. Naik, and P. Jenkins, "An analysis of open standard identity protocols in cloud computing security paradigm, " in 14th IEEE International Conference on Dependable, Autonomic and Secure Computing (DASC 2016). IEEE, 2016.
3. N. Naik, "Connecting Google cloud system with organizational systems for effortless data analysis by anyone, anytime, anywhere, " in IEEE International Symposium on Systems Engineering (ISSE ). IEEE, 2016.
4. D. Boneh, and M. Franklin, "Identity-based encryption from the weil pairing, " SIAM Journal on Computing, vol. 32, no. 3, pp. 586-615, 2003.
5. I. Stojmenovic, Handbook of wireless networks and mobile computing. John Wiley & Sons, 2003, vol. 27.
6. M. R. Momeni, "A lightweight authentication scheme for mobile cloud computing, " International Journal of Computer Science and Business Informatics, vol. 14, no. 2, 2014.
7. Pingidentity.com. (2011) A standards-based mobile application idm architecture. [Online]. Available: http://www:enterprisemanagement360:com/wp-content/files mf/white paper/exp final wp mobile-Application-idm-Arch-8-11-v4:pdf
8. N. Klingenstein, T. Hardjono, H. Lockhart, and S. Cantor. (2012) OASIS Security Services (SAML) TC. [Online]. Available: https://www:oasis-open:org/committees/tc home:php?wg abbrev=security
9. N. Ranjbar, and M. Abdinejadi, "Authentication and Authorization for Mobile Devices, " B. Sc. Dissertation, Department of Computer Science and and Engineering Goteborg, Sweden, 2012.
10. N. Naik, "Migrating from virtualization to dockerization in the cloud: Simulation and evaluation of distributed systems, " in IEEE 10th International Symposium on the Maintenance and Evolution of Service-Oriented and Cloud-Based Environments, (MESOCA). IEEE, 2016, pp. 1-8.
11. JWT.io. (2015) Introduction to JSON web tokens. [Online]. Available: https://jwt:io/introduction/
12. N. Naik, "Building a virtual system of systems using Docker Swarm in multiple clouds, " in IEEE International Symposium on Systems Engineering (ISSE 2016). IEEE, 2016.
13. A. Gunawardana. (2014, July 18) SSO for native mobile applications with WSO2 identity server. [Online]. Available: http://wso2:com/library/articles/2014/07/sso-for-native-mobile-Applicationswith-wso2-identity-server/?gclid=CKje4-3P1skCFdRuGwod2qYGhw
14. N. Alsulami, and M. M. Monowar, "Data confidentiality and integrity in mobile cloud computing, " Journal of Emerging Trends in Computing and Information Sciences, vol. 6, no. 3, pp. 138-143, 2015.
15. W3.org. (2015) XML security ? issues and requirements. [Online]. Available: http://www:w3:org/2007/xmlsec/ws/papers/09-lockhart-bea/
16. T. McLean. (2015) Critical vulnerabilities in JSON web token libraries. [Online]. Available: https://auth0:com/blog/2015/03/31/critical-vulnerabilities-in-json-web-Token-libraries/
17. Oasis-open.org. (2008, March 25) Security Assertion Markup Language (SAML) v2.0 technical Overview. [Online]. Available: http://docs:oasisopen :org/security/saml/Post2:0/sstc-saml-Tech-overview-2:0:html
18. N. Naik, P. Jenkins, P. Davies, and D. Newell, "Native web communication protocols and their effects on the performance of web services and systems, " in Computer and Information Technology (CIT), 2016 IEEE International Conference on. IEEE, 2016, pp. 219-225.
19. N. Naik, and P. Jenkins, "Web protocols and challenges of web latency in the web of things, " in Ubiquitous and Future Networks (ICUFN), 2016 Eighth International Conference on. IEEE, 2016, pp. 845-850.
20. J. Somorovsky, A. Mayer, J. Schwenk, M. Kampmann, and M. Jensen, "On breaking saml: Be whoever you want to be." in USENIX Security Symposium, 2012, pp. 397-412.
21. J. Naithan, "SAML proposal for securing XML web services.Project paper, " University of St. Thomas, Saint Paul, 2008.
22. V. Mladenov, C. Mainka, and J. Schwenk, "On the security of modern single sign-on protocols: Second-order vulnerabilities in openid connect, " arXiv preprint arXiv:1508.04324, 2015.
23. T. Groß, "Security analysis of the saml single sign-on browser/artifact profile, " in Computer Security Applications Conference, 2003. Proceedings. 19th Annual. IEEE, 2003, pp. 298-307.
24. SANS. (2003) Global information assurance certification paper. [Online]. Available: https://www:giac:org/paper/gsec/2876/saml-commonsecurity-language-web-services/104846
25. D. Fett, R. Küsters, and G. Schmitz, "A comprehensive formal security analysis of oauth 2.0, " in Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security. ACM, 2016, pp. 1204-1215.
26. R. Millman. (2016, January 11) Researchers find two flaws in OAuth 2.0. [Online]. Available: https://www:scmagazine:com/researchers-findtwo-flaws-in-oauth-20/article/530038/
27. G. Curtis. (2016, July 16) Preventing mix-up attacks with OpenID Connect. [Online]. Available: http://openid:net/2016/07/16/preventingmix-up-Attacks-with-openid-connect/