Secure authentication services and systems typically are based on two main approaches:
the first one seeks to defend itself of all kind of attack. Actually, the
major current services use this approach, which is known for present failures
as well as being completely infeasible. Our proposal uses the second approach,
which seeks to defend itself of some specific attacks, and assumes that eventually
the system may suffer an intrusion or fault. Hence, the system does not try
avoiding the problems, but tolerate them by using intelligent mechanisms which
allow the system keep executing in a trustworthy and safe state. This research
presents a resilient architecture to authentication services based on OpenID by
the use of fault and intrusion tolerance protocols, as well as a functional prototype.
Through the several performed tests, it was possible to note that our
system presents a better performance than a standard OpenID service, but with
additional resilience, high availability, protection of the sensitive data, beyond
fault and intrusion tolerance, always keeping the compatibility with the current
OpenID clients.
|
