Trustworthy Mutual Attestation Protocol for Local True Single Sign-On System: Proof of Concept and Performance Evaluation

• Zubair Ahmad Khattak,
• Jamalul-lail Ab Manan,
• Suziah Sulaiman,

Vol. 6, No. 9, September 25, 2012
10.3837/tiis.2012.09.025, Download Paper (Free):

• Remote attestation
• mutual attestation
• local true SSO
• TC
• TPM
• IMA

Abstract

In a traditional Single Sign-On (SSO) scheme, the user and the Service Providers (SPs) have given their trust to the Identity Provider (IdP) or Authentication Service Provider (ASP) for the authentication and correct assertion. However, we still need a better solution for the local/ native true SSO to gain user confidence, whereby the trusted entity must play the role of the ASP between distinct SPs. This technical gap has been filled by Trusted Computing (TC), where the remote attestation approach introduced by the Trusted Computing Group (TCG) is to attest whether the remote platform integrity is indeed trusted or not. In this paper, we demonstrate a Trustworthy Mutual Attestation (TMutualA) protocol as a proof of concept implementation for a local true SSO using the Integrity Measurement Architecture (IMA) with the Trusted Platform Module (TPM). In our proposed protocol, firstly, the user and SP platform integrity are checked (i.e., hardware and software integrity state verification) before allowing access to a protected resource sited at the SP and releasing a user authentication token to the SP. We evaluated the performance of the proposed TMutualA protocol, in particular, the client and server attestation time and the round trip of the mutual attestation time.

Statistics

Cite this article