The aim of this paper is to propose the use of a cloud-based integrity management service coupled with a\r\ntrustworthy client component ââ?¬â?? in the form of the Trust Extension Device (TED) platform ââ?¬â?? as a means to to increase the\r\nquality of the security evaluation of a client. Thus, in addition to performing authentication of the client (e.g. as part of\r\nSingle Sign-On), the Identity Provider asks that the integrity of the client platform be computed and then be\r\nevaluated by a trustworthy and independent Cloud-based Integrity Measurement Service (cIMS). The TED platform has\r\nbeen previously developed based on the Trusted Platform Module (TPM), and allows the integrity measurement of\r\nthe client environment to be conducted and reported in a secure manner. Within the SSO flow, the portable TED\r\ndevice performs an integrity measurement of the client platform, and sends an integrity report to the cIMS as part of\r\nthe client authentication process. The cIMS validates the measurements performed by the TED device, and reports a\r\ntrust score to the Identity Provider (IdP). The IdP takes into account the reported trust score when the IdP computes\r\nand issues a Level of Assurance (LOA) value to the client platform. In this way the Service Provider obtains a greater\r\ndegree of assurance that the clientââ?¬â?¢s computing environment is relatively free of unrecognized and/or unauthorized\r\ncomponents.
Loading....