Andres Marin-Lopez scite author profile

et al. 2009

Abstract. Federation in identity management has emerged as a key concept for reducing complexity in the companies and offering an improved user experience when accessing services. In this sense, the process of trust establishment is fundamental to allow rapid and seamless interaction between different trust domains. However, the problem of establishing identity federations in dynamic and open environments that form part of Next Generation Networks (NGNs), where it is desirable to speed up the processes of service provisioning and deprovisioning, has not been fully addressed. This paper analyzes the underlying trust mechanisms of the existing frameworks for federated identity management and its suitability to be applied in the mentioned environments. This analysis is mainly focused on the Single Sign On (SSO) profile. We propose a generic extension for the SAML standard in order to facilitate the creation of federation relationships in a dynamic way between prior unknown parties. Finally, we give some details of implementation and compatibility issues.

TLS/PKI Challenges and Certificate Pinning Techniques for IoT and M2M Secure Communications

Díaz-Sánchez

IEEE Commun. Surv. Tutorials

Almenárez

et al. 2019

Transport Layer Security is becoming the de facto standard to provide end-to-end security in the current Internet. IoT and M2M scenarios are not an exception since TLS is also being adopted there. The ability of TLS for negotiating any security parameter, its flexibility and extensibility are responsible for its wide adoption but also for several attacks. Moreover, as it relies on Public Key Infrastructure (PKI) for authentication, it is also affected by PKI problems. Considering the advent of IoT/M2M scenarios and their particularities, it is necessary to have a closer look at TLS history to evaluate the potential challenges of using TLS and PKI in these scenarios. According to this, the article provides a deep revision of several security aspects of TLS and PKI, with a particular focus on current Certificate Pinning solutions in order to illustrate the potential problems that should be addressed.

A General IMS Registration Protocol for Wireless Networks Interworking

Díaz-Sánchez

Proserpio

et al. 2009

Abstract. One of the most critical tasks when accessing services through the IP Multimedia Subsystem is the registration process. The process involves two registrations, the first with the access network, the second with IMS. This leads to an overhead authentication that introduces a big delay. This article proposes an improvement for IMS registration protocol able to relate IMS registration to an access network registration by cryptographically binding both of them. This approach provides a general solution, saves time during registration and avoids several attacks.

Introducing Infocards in NGN to Enable User-Centric Identity Management

Proserpio

Sanvido

Arias-Cabarcos

et al. 2010

Interoperability of IP Multimedia Subsystems: The NetLab Approach

Díaz-Sánchez

Almenárez

et al. 2009

Abstract. Standardization bodies have spent lots of efforts and have extensively defined IP Multimedia Subsystem interfaces. While Telcos have started its deployment, IMS-based applications boosting user needs are still to come. Such applications must not suffer from interoperability issues caused by different vendors and different administrative domains. NetLab project aims at exploring such interoperability issues by interconnecting together testbeds at three different countries. Use cases will be defined to find out about interoperability, and also to search for a user appealing application in collaboration with the LivingLabs community. This paper introduces the project vision on the architectural, security, QoS, and interoperability issues, together with new services illustrating the interconnection of testbeds.