Choice of suitable Identity and Access Management standards for mobile computing and communication

Enterprises have recognised the importance of personal mobile devices for business and official use. Employees and consumers have been freely accessing resources and services from their principal organisation and partners' businesses on their mobile devices, to improve the efficiency and productivity of their businesses. This mobile computing-based business model has one major challenge, that of ascertaining and linking users' identities and access rights across business partners. The parent organisation owns all the confidential information about users but the collaborative organisation has to verify users' identities and access rights to allow access to their services and resources. This challenge involves resolving how to communicate users' identities to collaborative organisations without sending their confidential information. Several generic Identity and Access Management (IAM) standards have been proposed, and three have become established standards: Security Assertion Markup Language (SAML), Open Authentication (OAuth), and OpenID Connect (OIDC). Mobile computing and communication have some specific requirements and limitations; therefore, this paper evaluates these IAM standards to ascertain suitable IAM to protect mobile computing and communication. This evaluation is based on the three types of analyses: comparative analysis, suitability analysis and security vulnerability analysis of SAML, OAuth and OIDC.

[1]  Naik Nitin,et al.  Web protocols and challenges of Web latency in the Web of Things , 2016 .

[2]  Nitin Naik,et al.  Native Web Communication Protocols and Their Effects on the Performance of Web Services and Systems , 2016, 2016 IEEE International Conference on Computer and Information Technology (CIT).

[3]  Nitin Naik,et al.  Migrating from Virtualization to Dockerization in the Cloud: Simulation and Evaluation of Distributed Systems , 2016, 2016 IEEE 10th International Symposium on the Maintenance and Evolution of Service-Oriented and Cloud-Based Environments (MESOCA).

[4]  Mohammad Rasoul Momeni,et al.  A lightweight authentication scheme for mobile cloud computing , 2014 .

[5]  Navid Ranjbar,et al.  Authentication and Authorization for Mobile Devices , 2012 .

[6]  Ralf Küsters,et al.  A Comprehensive Formal Security Analysis of OAuth 2.0 , 2016, CCS.

[7]  Muhammad Mostafa Monowar,et al.  Data Confidentiality and Integrity in Mobile Cloud Computing , 2015 .

[8]  Thomas Groß,et al.  Security analysis of the SAML single sign-on browser/artifact profile , 2003, 19th Annual Computer Security Applications Conference, 2003. Proceedings..

[9]  Nitin Naik,et al.  A Secure Mobile Cloud Identity: Criteria for Effective Identity and Access Management Standards , 2016, 2016 4th IEEE International Conference on Mobile Cloud Computing, Services, and Engineering (MobileCloud).

[10]  Nitin Naik Building a virtual system of systems using docker swarm in multiple clouds , 2016, 2016 IEEE International Symposium on Systems Engineering (ISSE).

[11]  Ivan Stojmenovic,et al.  Handbook of Wireless Networks and Mobile Computing , 2002 .

[12]  P. Herman,et al.  Eighth International Conference on Laser Ablation , 2007 .

[13]  Jörg Schwenk,et al.  On Breaking SAML: Be Whoever You Want to Be , 2012, USENIX Security Symposium.

[14]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[15]  Chris J. Mitchell,et al.  Analysing the Security of Google's Implementation of OpenID Connect , 2015, DIMVA.

[16]  Andreas Möller,et al.  User-Friendly Authentication and Authorization Using a Smartphone Proxy , 2013, EUROCAST.

[17]  Vladislav Mladenov,et al.  On the security of modern Single Sign-On Protocols: Second-Order Vulnerabilities in OpenID Connect , 2015, 1508.04324.

[18]  Nitin Naik Connecting google cloud system with organizational systems for effortless data analysis by anyone, anytime, anywhere , 2016, 2016 IEEE International Symposium on Systems Engineering (ISSE).

[19]  Nitin Naik,et al.  Applying Computational Intelligence for enhancing the dependability of multi-cloud systems using Docker Swarm , 2016, 2016 IEEE Symposium Series on Computational Intelligence (SSCI).

[20]  Nitin Naik,et al.  An Analysis of Open Standard Identity Protocols in Cloud Computing Security Paradigm , 2016, 2016 IEEE 14th Intl Conf on Dependable, Autonomic and Secure Computing, 14th Intl Conf on Pervasive Intelligence and Computing, 2nd Intl Conf on Big Data Intelligence and Computing and Cyber Science and Technology Congress(DASC/PiCom/DataCom/CyberSciTech).