dc.description.abstract | An isolated Identity Management System (IMS) requires a separate unique identifier for each
specific Service Provider (SP). This model occurs to be problematic for users as there are a huge
number of digital services utilize it, and the tendency is that people reuse passwords to cope
with the overload of different login systems. This problem can be more or less solved in Single
Sign-On (SSO) identity models, where the IMS provides SSO capability to its users. At the
same time, the SSO introduce new security risks that are important to have knowledge about
in order to perform correct mitigating measures. This thesis uses ID-porten as a reference to
a practical Identity Management System (IMS) which is similar to the generic centralized SSO
identity model.
The focus of the semi-structured interview with one of the SPs utilizing ID-porten for authentication
was general information security in their use of ID-porten. The SSO introduce new security
risks, and the concern for identity theft was revealed in the interview. The thesis performs a
literature review on the potential risk of identity theft in centralized and federated SSO identity
models. The findings from the literature review are that there exists a risk of identity theft
through unauthorized access to a user account due to the domino effect, weakest link, single
layer of authentication, central point of attack, disseminated identity information, dependability
to trust, and naive user trust in the SSO identity model. Further, a more detailed interview
was performed with The Agency for Public Management and eGovernment (Difi) with the focus
on the risk of identity theft in ID-porten. Altogether, several of the security issues regarding
identity theft in SSO identity models where found to have mitigation measures in ID-porten.
The thesis compares the SSO identity model with the isolated IMS, and the problem with the
domino effect, weakest link, and naive user trust are present in the isolated IMS as well.
Further, the interview with the SP it was explained that integrity and mutual trust constitute
two of the security priorities in ID-porten. Generally, these properties are important prerequisites
for a secure SSO identity model and prevent against potential unauthorized access to one of the
user accounts. In ID-porten these properties are obtained through signed data, where SHA-1 is
used in digital signatures for message security between the SP and ID-porten. In this thesis, the
security of SHA-1 in digital signatures is investigated. SHA-1 was deprecated by NIST in 2011
and exposed to a practical collision attack in 2017. The use of SHA-1 for digital signature in
SSO identity model is not considered to be secure. Furthermore, in the semi-structured interview
performed with Difi, the focus was also to see how the hash function is used in their system,
in addition, to gain knowledge about eventual further security mechanisms used to obtain the
security priorities integrity and mutual trust. Difi explains that further security mechanisms for
providing integrity and mutual trust are performed in order to mitigate the risk of using SHA-
1. The messages using SHA-1 has a short lifetime, in addition to that the messages are protected
against replay attack with session IDs and using updated transport security.
The thesis performs a workshop with the SP to study the data flow propagating between the end
user, Identity Provider (IdP), and SP. The result of this are diagrams showing what messages
are sent, and how they are sent between the entities during authentication, authorization, SSO,
and Single Log-Out (SLO). These diagrams were further used when studying the use of SHA-1
in ID-porten. | en |