Increasing the Resilience and Trustworthiness of OpenID Identity Providers for Future Networks and Services

摘要

We introduce a set of tools and techniques for increasing the resilience and trustworthiness of identity providers (IdPs) based on OpenID. To this purpose we propose an architecture of specialized components capable of fulfilling the essential requirements for ensuring high availability, integrity and higher confidentiality guarantees for sensitive data and operations. Additionally, we also discuss how trusted components (e.g., TPMs, smart cards) can be used to provide remote attestation on the client and server side, i.e., how to measure the trustworthiness of the system. The proposed solution outperforms related work in different aspects, such as countermeasures for solving different security issues, throughput, and by tolerating arbitrary faults without compromising the system operations. We evaluate the system behavior under different circumstances, such as continuous faults and attacks. Furthermore, the first performance evaluations show that the system is capable of supporting environments with thousands of users.