A Universal System for OpenID Connect Sign-ins with Verifiable
Credentials and Cross-Device Flow
- URL: http://arxiv.org/abs/2401.09488v1
- Date: Tue, 16 Jan 2024 16:44:30 GMT
- Title: A Universal System for OpenID Connect Sign-ins with Verifiable
Credentials and Cross-Device Flow
- Authors: Felix Hoops, Florian Matthes
- Abstract summary: Self-Sovereign Identity (SSI) is a new and promising identity management paradigm.
We propose a comparatively simple system that enables SSI-based sign-ins for services that support the widespread OpenID Connect or OAuth 2.0 protocols.
- Score: 4.006745047019997
- License: http://creativecommons.org/licenses/by-nc-sa/4.0/
- Abstract: Self-Sovereign Identity (SSI), as a new and promising identity management
paradigm, needs mechanisms that can ease a gradual transition of existing
services and developers towards it. Systems that bridge the gap between SSI and
established identity and access management have been proposed but still lack
adoption. We argue that they are all some combination of too complex, locked
into specific ecosystems, have no source code available, or are not
sufficiently documented. We propose a comparatively simple system that enables
SSI-based sign-ins for services that support the widespread OpenID Connect or
OAuth 2.0 protocols. Its handling of claims is highly configurable through a
single policy and designed for cross-device authentication flows involving a
smartphone identity wallet. For external interfaces, we solely rely on open
standards, such as the recent OpenID for Verifiable Credentials standards. We
provide our implementation as open-source software intended for prototyping and
as a reference. Also, we contribute a detailed technical discussion of our
particular sign-in flow. To prove its feasibility, we have successfully tested
it with existing software and realistic hardware.
Related papers
- Securing Legacy Communication Networks via Authenticated Cyclic Redundancy Integrity Check [98.34702864029796]
We propose Authenticated Cyclic Redundancy Integrity Check (ACRIC)
ACRIC preserves backward compatibility without requiring additional hardware and is protocol agnostic.
We show that ACRIC offers robust security with minimal transmission overhead ( 1 ms)
arXiv Detail & Related papers (2024-11-21T18:26:05Z) - AEAKA: An Adaptive and Efficient Authentication and Key Agreement Scheme for IoT in Cloud-Edge-Device Collaborative Environments [7.106119177152857]
We propose an adaptive and efficient authentication and key agreement scheme (AEAKA) for Cloud-Edge-Device IoT environments.
AEAKA is highly adaptive and scalable, capable of automatically and dynamically initiating different authentication methods based on device requirements.
It employs an edge-assisted authentication approach to reduce the load on third-party trust authorities.
arXiv Detail & Related papers (2024-11-14T06:55:27Z) - Towards Credential-based Device Registration in DApps for DePINs with ZKPs [46.08150780379237]
We propose a credential-based device registration (CDR) mechanism that verifies device credentials on the blockchain.
We present a general system model, and technically evaluate CDR using zkSNARKs with Groth16 and Marlin.
arXiv Detail & Related papers (2024-06-27T09:50:10Z) - A Survey and Comparative Analysis of Security Properties of CAN Authentication Protocols [92.81385447582882]
The Controller Area Network (CAN) bus leaves in-vehicle communications inherently non-secure.
This paper reviews and compares the 15 most prominent authentication protocols for the CAN bus.
We evaluate protocols based on essential operational criteria that contribute to ease of implementation.
arXiv Detail & Related papers (2024-01-19T14:52:04Z) - HasTEE+ : Confidential Cloud Computing and Analytics with Haskell [50.994023665559496]
Confidential computing enables the protection of confidential code and data in a co-tenanted cloud deployment using specialized hardware isolation units called Trusted Execution Environments (TEEs)
TEEs offer low-level C/C++-based toolchains that are susceptible to inherent memory safety vulnerabilities and lack language constructs to monitor explicit and implicit information-flow leaks.
We address the above with HasTEE+, a domain-specific language (cla) embedded in Haskell that enables programming TEEs in a high-level language with strong type-safety.
arXiv Detail & Related papers (2024-01-17T00:56:23Z) - Leveraging Machine Learning for Wi-Fi-based Environmental Continuous Two-Factor Authentication [0.44998333629984877]
We present a novel 2FA approach replacing the user's input with decisions made by Machine Learning (ML)
Our system exploits unique environmental features associated with the user, such as beacon frame characteristics and Received Signal Strength Indicator ( RSSI) values from Wi-Fi Access Points (APs)
For enhanced security, our system mandates that the user's two devices (i.e., a login device and a mobile device) be situated within a predetermined proximity before granting access.
arXiv Detail & Related papers (2024-01-12T14:58:15Z) - A Holistic Approach for Trustworthy Distributed Systems with WebAssembly and TEEs [2.0198678236144474]
This paper introduces a novel approach using WebAssembly to address these issues.
We present the design of a portable and fully attested publish/subscribe system as a holistic approach.
Our experimental results showcase most overheads, revealing a 1.55x decrease in message throughput when using a trusted broker.
arXiv Detail & Related papers (2023-12-01T16:37:48Z) - Blockchain-based Zero Trust on the Edge [5.323279718522213]
This paper proposes a novel approach based on Zero Trust Architecture (ZTA) extended with blockchain to further enhance security.
The blockchain component serves as an immutable database for storing users' requests and is used to verify trustworthiness by analyzing and identifying potentially malicious user activities.
We discuss the framework, processes of the approach, and the experiments carried out on a testbed to validate its feasibility and applicability in the smart city context.
arXiv Detail & Related papers (2023-11-28T12:43:21Z) - A Lightweight and Secure PUF-Based Authentication and Key-exchange Protocol for IoT Devices [0.0]
Device Authentication and Key exchange are major challenges for the Internet of Things.
PUF appears to offer a practical and economical security mechanism in place of typically sophisticated cryptosystems like PKI and IBE.
We present a system in which the IoT device does not require a continuous active internet connection to communicate with the server in order to Authenticate itself.
arXiv Detail & Related papers (2023-11-07T15:42:14Z) - A General Framework for Verification and Control of Dynamical Models via Certificate Synthesis [54.959571890098786]
We provide a framework to encode system specifications and define corresponding certificates.
We present an automated approach to formally synthesise controllers and certificates.
Our approach contributes to the broad field of safe learning for control, exploiting the flexibility of neural networks.
arXiv Detail & Related papers (2023-09-12T09:37:26Z) - Secure access system using signature verification over tablet PC [62.21072852729544]
We describe a highly versatile and scalable prototype for Web-based secure access using signature verification.
The proposed architecture can be easily extended to work with different kinds of sensors and large-scale databases.
arXiv Detail & Related papers (2023-01-11T11:05:47Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.