Secure Information Technology Center – Austria

CA-less Authentication of Cloud Services

Recent advances in web technology, such as WebRTC, paved the road for providing short-lived services on end-user devices. Similar to legacy services (static and stationary), short-lived services need to be authenticated as well. This project evaluates and compares different authentication methods which might be suitable for use with for short-lived services without relying on traditional certification authority (CA) structures.

The project discusses approaches which use social networks, CPU extensions which enable hardware-backed access control and therefore allow trusted execution on arbitrary devices, or pure software solutions. A prototype based on the inverted trust model has also been created in order to demonstrate the practicability of the discussed concepts and methods.


Titel Version Datum
Report (de) 1.0 2016-12-16

Posted 16.12.2016, Kategorie: IT-Security.