Secure Information Technology Center – Austria

CA-less Authentication of Cloud Services

Recent advances in web technology, such as WebRTC, paved the road for providing short-lived services on end-user devices. Similar to legacy services (static and stationary), short-lived services need to be authenticated as well. This project evaluates and compares different authentication methods which might be suitable for use with for short-lived services without relying on traditional certification authority (CA) structures.

The project discusses approaches which use social networks, CPU extensions which enable hardware-backed access control and therefore allow trusted execution on arbitrary devices, or pure software solutions. A prototype based on the inverted trust model has also been created in order to demonstrate the practicability of the discussed concepts and methods.

Downloads

Titel Version Datum
Report (de) 1.0 2016-12-16

Posted 16.12.2016, Kategorie: IT-Security.