Abstract

With the convergence of fixed and mobile networks, heterogeneous networks are becoming ubiquitous. Internet giants are seeing the plight of identity authentication. To address this issue, unified access management (UAM) was conceived. This paper provides a novel unified access management scheme, named SGX-UAM, with one-time passwords (OTPs) based on Intel software guard extensions (SGX). SGX-UAM outperforms generic UAM for providing resistance to most client attacks, man-in-the-middle (MITM) attacks, phishing attacks, most replay attacks and most denial of service (DoS) attacks to which generic UAM implementaions are vulnerable. Specifically, client attacks are prevented by ensuring input security and memory security, where the former is achieved through shuffle mapping and “periodic hooking” strategy, the latter is mainly guaranteed by Intel SGX; MITM attacks are prevented by transferring ciphertext rather than plaintext; phishing attacks are avoided by authorization control; replay attacks cannot succeed because we adopts OTPs, which contain time-related dynamic factors that expire in a few seconds; as for DoS attack, we blunted its edge by blocking-invocation for identical user connection. SGX-UAM also differs from generic UAM in that it relieves the security concerns of sevice providers (SPs) and protects users' privacy at little cost of performance. An exceptional value of SGX-UAM is that it brings a lightweight OTP solution that eliminates the need of additional hardware devices, thus reducing the costs. The experimental results show that SGX-UAM consumes almost the same time with OpenID and OAuth2.0 for one login request and performs steadily when handling sequential login requests. Furthermore, the resource usage for SGX-UAM is acceptable.

Highlights

  • Traditional identity and access management tools work well for addressing specific portions of an enterprise on their own

  • Unified access management (UAM) is an evolution of identity and access management (IAM) systems that provides unified login and identity information sharing services for different networks and business systems [1], and the idea originates from single sign-on (SSO) [2]

  • EXPERIMENTS In what follows, we evaluate the performance of software guard extensions (SGX)-UAM from the aspects of one-time passwords (OTPs) authentication time, response time, throughput, and resource depletion, and evaluate the security of SGX-UAM by seeing system behaviour under client attacks, MITM attacks, phishing attacks, replay attacks and denial of service (DoS) attacks

Read more

Summary

INTRODUCTION

Traditional identity and access management tools work well for addressing specific portions of an enterprise (specific app environments, as in on-premises or in the cloud; or specific users, as in employees vs. external partners) on their own. The main contributions of this paper include the following: 1) It proposes a highly secure unified access management scheme that resists most client attacks, MITM attacks, phishing attacks, most replay attacks and most DoS attacks to which generic UAM implementations are vulnerable. Considering that the user is often the resource-constrained entity out of the two, it is a tough decision that the system has to sacrifice a little performance to accommodate the commercial concerns of SPs. influential SPs. usually have established mature authentication mechanisms, so there is no need to resort to third-party authentication services; and SGX-UAM scheme can preserve users’ privacy because all login credentials are stored in ciphertext form in IDP.

SECURITY ANALYSIS
VIII. CONCLUSION
Full Text
Paper version not known

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Similar Papers

Paper Title
Journal
Date
Author
SGXKernel
Hongliang Tian ... Chunxiao Xing
-
Hongliang Tian, et. al.Hongliang Tian ... Chunxiao Xing
15 May 2017
Secure Software Defined Networks Controller Storage using Intel Software Guard Extensions
Qasmaoui Youssef ... Abdelkrim Haqiq
International Journal of Advanced Computer Science and Applications | VOL. 11
Qasmaoui Youssef, et. al.Qasmaoui Youssef ... Abdelkrim Haqiq
01 Jan 2020
SGXPy: Protecting Integrity of Python Applications with Intel SGX
Denghui Zhang ... Guosai Wang
-
Denghui Zhang, et. al.Denghui Zhang ... Guosai Wang
01 Dec 2019
Cloud-Based Secure Logger for Medical Devices
Hung Nguyen ... Bipeen Acharya
-
Hung Nguyen, et. al.Hung Nguyen ... Bipeen Acharya
01 Jun 2016
View more papers

More From: IEEE Access

Paper Title
Journal
Date
Author
Design of a Compact Power Splitter With Improved Performance for Wireless Applications Using Recurrent and Feed Forward Neural Networks Inverted Models
Salah I Yahya ... Sobhan Roshani
IEEE Access | VOL. 12
Salah I Yahya, et. al.Salah I Yahya ... Sobhan Roshani
01 Jan 2024
DeepTextMark: A Deep Learning-Driven Text Watermarking Approach for Identifying Large Language Model Generated Text
Travis Munyer ... Arjon Das
IEEE Access | VOL. 12
Travis Munyer, et. al.Travis Munyer ... Arjon Das
01 Jan 2024
Joint Learning of Spectral Clustering and Low-Rank Representation Based on Precise Segmentation Cost for Cancer Subtype Identification
Yanming Cao ... Jia Wang
IEEE Access | VOL. 12
Yanming Cao, et. al.Yanming Cao ... Jia Wang
01 Jan 2024
An Improved Artificial Potential Field Path Planning Based on Gradient Statistical Mutation Quantum Genetic Algorithm
Zhenguo Yuan ... Hui Li
IEEE Access | VOL. 12
Zhenguo Yuan, et. al.Zhenguo Yuan ... Hui Li
01 Jan 2024
View more papers

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.