eprintid: 1771 rev_number: 2 eprint_status: archive userid: 1 dir: disk0/00/00/17/71 datestamp: 2023-11-09 15:49:56 lastmod: 2023-11-09 15:49:56 status_changed: 2023-11-09 15:41:19 type: conference_item metadata_visibility: show creators_name: Khattak, Z.A. creators_name: Sulaiman, S. creators_name: Manan, J.-L.A. title: Security, Trust and Privacy (STP) framework for federated single sign-on environment ispublished: pub keywords: Integrity measurement; Remote attestation; Single sign on; trust; Trusted computing; Trusted platform module, Data privacy; Sustainable development, Information technology note: cited By 3; Conference of 2011 International Conference on Information Technology and Multimedia: ""Ubiquitous ICT for Sustainable and Green Living"", ICIM 2011 ; Conference Date: 14 November 2011 Through 16 November 2011; Conference Code:88267 abstract: Trust and privacy are hot and open concerns in Open Environment (OE). The Conventional Computing Platform (CCP) is deficient of platform trust that raises security concerns such as 'phishing' attacks. The Trusted Computing Group (TCG) took an initiative to tackle security and trust anxieties in OE via Trusted Platform Module (TPM) and Remote Attestation (RA). However, the current RA technique has its own limitation i.e. missing of Mutual Attestation (MA) and platform privacy fears in OE. The Federated Single Sign-on (FSSO) scheme such as Shibboleth allows its users to access a resource across domains in a privacy preserving manner but what is still missing; it is the mutual platform trust establishment among client and Identity Provider (IdP) platforms in OE. In this paper, we embrace MA technique and integrated in Shibboleth with UserName (UN) to guarantee user is a legitimate owner of UN but also his/her and home domain IdP platform mutually authenticated. Hence, we achieves (a) strong security with two factor authentication i.e. UN and mutual attestation, (b) mutual platform trust establishment between the client and IdP machines, and (c) resource access in privacy protecting manner. We practicality demonstrate unified STP Framework notion for FSSO environment by Testbed prototype implementation that confirms productivity and scalability of our approach. © 2011 IEEE. date: 2011 official_url: https://www.scopus.com/inward/record.uri?eid=2-s2.0-84856425660&doi=10.1109%2fICIMU.2011.6122770&partnerID=40&md5=39317c3921e10ef65a7c1c518edac144 id_number: 10.1109/ICIMU.2011.6122770 full_text_status: none publication: 2011 International Conference on Information Technology and Multimedia: "Ubiquitous ICT for Sustainable and Green Living", ICIM 2011 place_of_pub: Kajang refereed: TRUE isbn: 9781457709890 citation: Khattak, Z.A. and Sulaiman, S. and Manan, J.-L.A. (2011) Security, Trust and Privacy (STP) framework for federated single sign-on environment. In: UNSPECIFIED.