This thesis will analyse the pros and cons of a module-based approach versus the currently existing certificate schemes and the proposed requirements for a module-based certificate scheme to serve as a plausible identity verification system. We will present a possible model and evaluate it in respect to the existing solutions and our set of identified requirements.
Contents
1 Introduction
1.1 Background
1.2 Challenges of authentication – Research question
1.3 Purpose of the thesis, Restrictions & Audience
1.4 Methodology
1.4.1 Preparatory work
1.4.2 Eliciting the system requirements and specifying system model design
1.4.3 Evaluating the results
1.5 Own results
1.6 Guidance for the reader
2 Identities
2.1 Introduction
2.2 Contextual identities
2.3 Digital identities
2.4 Problems
2.5 Identity and Persona
2.6 Our approach
3 Requirements
3.1 Introduction
3.2 Flexibility of information
3.2.1 Container
3.2.2 Data manipulation
3.2.3 Revocation
3.3 Non-functional requirements
3.3.1 Defined standards
3.3.2 Anonymity
3.3.3 Simplicity
3.3.4 Resource efficiency
4 Existing solutions
4.1 X.509
4.1.1 Introduction
4.1.2 Areas of use
4.1.3 X.509 Certificate Specification
4.2 Liberty Alliance
4.2.1 Introduction
4.2.2 Background
4.2.3 Liberty Alliance Roadmap
4.2.4 Liberty alliance key concepts
ii4.2.5 Usage scenario
4.3 SSL
4.3.1 Introduction
4.3.2 Certificate model
4.3.3 Trust
4.3.4 Areas of use
4.4 PGP
4.4.1 Introduction
4.4.2 Certificate model
4.4.3 Trust
4.4.4 Areas of use
4.4.5 Conclusion
4.5 .Net Passport
4.5.1 .Net passport technical specification
4.5.2 Why it failed
4.6 Kerberos
4.6.1 Introduction
4.6.2 Background
4.6.3 Goals
4.6.4 Kerberos usage scenario
4.6.5 Feature matrix
5 Proposed model
5.1 Introduction
5.2 Protocol & specifications
5.2.1 Certificate envelope
5.2.2 Module Authority
5.2.3 Flexibility
5.2.4 Creation of Modules
5.2.5 Validation of Modules
5.2.6 Module linking
5.2.7 Specifications
5.2.8 Revocation
5.3 Data format
5.3.1 Introduction
5.3.2 BTL
5.4 Validation
5.4.1 Introduction
5.4.2 Authorisation issues
5.4.3 Trust
5.4.4 Responsibility
5.4.5 Session security
5.4.6 Software security
6 Evaluation of model
6.1 Introduction
6.2 Decentralisation
6.2.1 Flexibility
6.2.2 Reliability
6.2.3 Anonymity
6.3 Administration
6.3.1 Recovery & renewal
iii6.4 Resource demanding
6.4.1 Validation
6.4.2 Revocation
6.5 Comparison to existing solutions
7 Conclusion
8 Discussion
8.1 Introduction
8.2 Theory into practise
8.2.1 Introduction
8.2.2 Defined standard
8.2.3 Implementation
8.2.4 Testing & Maintenance
8.2.5 Control contra ease of use
8.3 Gained experiences
8.4 Further work
8.4.1 Module languages for validation sequence
8.4.2 Referential implementation
8.4.3 Revocation schemes
8.4.4 Hardware solutions
9 Acknowledgments
10 Glossary
A BTL Specification
Author: Fredrik Andersson, Stefan Hagström
Source: Blekinge Institute of Technology
Download URL 2: Visit Now