Módulos de reautenticación para el servidor de autenticaciones Keycloak

Daicy Patricia  Duarte Paiva

doi:10.70833/rseisa15item289

Reauthentication modules for Keycloak authentication server

Authors

Daicy Patricia Duarte Paiva National University of Itapúa https://orcid.org/0000-0003-0922-1072

DOI:

https://doi.org/10.70833/rseisa15item289

Keywords:

Keycloak, Authentication, Authorization, Access control, Relying party

Abstract

Nowadays, protecting resources from unauthorized access is crucial. Currently, access control to resources is carried out by roles based (RBAC) and permissions granted to the user, which does not guarantee that resources will be accessed only by authorized persons. This work proposes to add one more security layer to the access control, based on the user’s authentication level (based on the authenticator security level defined by the NIST (National Institute of Standards and Technology), that is, a user can have an authentication level to visualize data, but not to edit it, to perform this action a higher level of authentication is required, for example, a hardware-based authenticator. To achieve this, new modules for the Keycloak authentication server were developed, in order to send information to the Relying Party (RP) about the authenticator type used by the user at the login time and thus request the user’s reauthentication in case the authentication level is not enough to access the resource or execute a specific action.

Downloads

Download data is not yet available.

References

Adobe Blog. (2013, Marzo). A. Blog. Retrieved from Important customer security announcement : https://theblog.adobe.com/important-customer- security-announcement

Bonneau, J., Herley, C., Van Oorschot, P. C., & Stajano, F. (2012). “The quest to replace passwords: A framework for comparative evaluation of web authentication schemes,” in Security and Privacy (SP). Symposium on. IEEE, 2012, 553–567.

De Carné de Carnavalet, X., & Mannan, M. (2014). From Very Weak to Very Strong: Analyzing Password-Strength Meters. Network And Distributed System Security Symposium, 23-26.

Equifax. (2017). Consumer Notice. Retrieved from 2017 Cybersecurity Incident & Important Consumer Information: https://www.equifaxsecurity2017.com/consumer-notice/

Grassi, P. A., Fenton Elaine, J., Newton, L. M., Perlner, R. A., Regenscheid, A. R., Burr, W. E., . . . Theofanos, M. F. (2017). Digital identity guidelines: authentication and lifecycle management. Gaithersburg: National Institute of Standards and Technology Special Publication 800-63B. Retrieved from https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-63b.pdf

Grassi, P. A., Garcia, M. E., & Fenton, J. L. (2017 ). Digital identity guidelines: revision 3. Gaithersburg. Retrieved from https://nvlpubs.nist. gov/nistpubs/SpecialPublications/NIST.SP.800-63- 3.pdf

Gressin, S. (2017, setiembre 8). Federal Trade Comission. Consumer Information. Retrieved from The Equifax Data Breach: What to Do, Federal Trade Commission, Washington, DC : www.consumer.ftc.gov/blog/2017/09/equi fax-data-breach-what-do

Grosse, E., & Upadhyay, M. (2013). Authentication at scale. IEEE Security and Privacy, 11(1), 15–22.

ISO/IEC, “. 2. (2013). Information technology — Security techniques — Information security management systems.

Keycloak. (2019a). Keycloak. Retrieved from Open Source Identity and Access Management For Modern Applications and Services: https://www.keycloak.org/

Keycloak. (2019b, Junio 15). Keycloak. Retrieved from documentation: https://www.keycloak.org/documentation.html

McCallister, E., Grance, T., & Ken, K. (2010). “Guide to protecting the confidentiality of personally identifiable information (PII),. Special Publication 800-122 Guide, 1–59.

Risk based Security. (2019). 2019 midyear quickview data breach report. Cyber Risk Analytics, 1-14.

Stamp, M. (2011). Information security: principles and practice. (Second ed.). Wiley.

Trautman, L. J., & Ormerod, P. C. (2016.). Corporate Directors' and Officers' Cybersecurity Standard of Care: The Yahoo Data Breach. American University Law Review, 66(5), 1232-1291. Retrieved from https://digitalcommons.wcl.american.edu/aulr/vol66/iss5/3