Title :
Towards Secure and Dependable Authentication and Authorization Infrastructures
Author :
Kreutz, Diego ; Bessani, Alysson ; Feitosa, Eduardo ; Cunha, Hugo
Author_Institution :
Fac. de Cienc., Univ. de Lisboa, Lisbon, Portugal
Abstract :
We propose a resilience architecture for improving the security and dependability of authentication and authorization infrastructures, in particular the ones based on RADIUS and OpenID. This architecture employs intrusion-tolerant replication, trusted components and entrusted gateways to provide survivable services ensuring compatibility with standard protocols. The architecture was instantiated in two prototypes, one implementing RADIUS and another implementing OpenID. These prototypes were evaluated in fault-free executions, under faults, under attack, and in diverse computing environments. The results show that, beyond being more secure and dependable, our prototypes are capable of achieving the performance requirements of enterprise environments, such as IT infrastructures with more than 400k users.
Keywords :
authorisation; software fault tolerance; IT infrastructures; OpenID; RADIUS; authentication dependability; authentication infrastructures; authentication security; authorization infrastructures; diverse computing environments; enterprise environments; fault-free executions; intrusion-tolerant replication; resilience architecture; trusted components; untrusted gateways; Authentication; Logic gates; Protocols; Public key; Servers; OpenID; RADIUS; authentication and authorization services; dependability; intrusion tolerance; security;
Conference_Titel :
Dependable Computing (PRDC), 2014 IEEE 20th Pacific Rim International Symposium on
Conference_Location :
Singapore
Print_ISBN :
978-1-4799-6473-4
DOI :
10.1109/PRDC.2014.14
