main.bib

@article{Atzori2010,
	title = {The Internet of Things: A survey},
	author = {Luigi Atzori, Antonio Iera, Giacomo Morabito},
	journaltitle = {Elsevier},
	year = {2009},
	url = {http://www.sciencedirect.com/science/article/pii/S1389128610001568}
}

@article{neuman2005kerberos,
	title={The Kerberos network authentication service (V5)},
	author={Neuman, Clifford and Hartman, Sam and Yu, Tom and Raeburn, Kenneth},
	journal={Network},
	volume={6649},
	pages={6806},
	year={2005}
}

@article{hardt2012oauth,
	title={The OAuth 2.0 authorization framework},
	author={Hardt, Dick},
	year={2012}
}

@article{Gong1989,
	author = {Gong Li},
	number = {12},
	pages = {1--4},
	title = {{Using One Way functions for authentication}},
	volume = {21},
	year = {1989}
}


@article{sakimura2014openid,
	title={Openid connect core 1.0},
	author={Sakimura, Natsuhiko and Bradley, J and Jones, M and de Medeiros, B and Mortimore, C},
	journal={The OpenID Foundation},
	pages={S3},
	year={2014}
}

@thesis{reference_thesis,
	author = {Andreas Kliem},
	title = {Cooperative Device Cloud - Provisioning Embedded Devices in Ubiquitous Environments},
	type = {type},
	institution = {CIT - TU Berlin},
	date = {2015},
}

@article{Computer_21Century,
	author = {Mark Weiser},
	title = {The Computer for the 21st Century},
	journaltitle = {Scientific American},
	date = {September 1991},
	url = {http://doi.acm.org/10.1145/329124.329126}
}

@article{Pointcheval2012,
	author = {Pointcheval, David},
	journal = {the 15th International Conference on Practice and Theory of Public-Key Cryptography (PKC 2012)},
	pages = {390--397},
	title = {Password-based Authenticated Key Exchange},
	year = {may 2012}
}

@article{Juang2008,
	abstract = {User authentication and key agreement is an important security primitive for creating a securely distributed information system. Additionally, user authentication and key agreement is very useful for providing identity privacy to users. In this paper, we propose a robust and efficient user authentication and key agreement scheme using smart cards. The main merits include the following: 1) the computation and communication cost is very low; 2) there is no need for any password or verification table in the server; 3) a user can freely choose and change his own password; 4) it is a nonce-based scheme that does not have a serious time-synchronization problem; 5) servers and users can authenticate each other; 6) the server can revoke a lost card and issue a new card for a user without changing his identity; 7) the privacy of users can be protected; 8) it generates a session key agreed upon by the user and the server; and 9) it can prevent the offline dictionary attack even if the secret information stored in a smart card is compromised.},
	author = {Juang, Wen-Shenq Juang Wen-Shenq and Chen, Sian-Teng Chen Sian-Teng and Liaw, Horng-Twu Liaw Horng-Twu},
	doi = {10.1109/TIE.2008.921677},
	isbn = {0278-0046 VO  - 55},
	issn = {0278-0046},
	journal = {IEEE Transactions on Industrial Electronics},
	keywords = {Authentication,elliptic curve cryptosystem,key exchange,offline dictionary attack,smart card},
	number = {6},
	pages = {2551--2556},
	title = {Robust and Efficient Password-Authenticated Key Agreement Using Smart Cards},
	volume = {55},
	year = {2008}
}

@article{Hao2011,
	abstract = {Password-Authenticated Key Exchange (PAKE) studies how to establish secure communication between two remote parties solely based on their shared password, without requiring a Public Key Infrastructure (PKI). Despite extensive research in the past decade, this problem remains unsolved. Patent has been one of the biggest brakes in deploying PAKE solutions in practice. Besides, even for the patented schemes like EKE and SPEKE, their security is only heuristic; researchers have reported some subtle but worrying security issues. In this paper, we propose to tackle this problem using an approach different from all past solutions. Our protocol, Password Authenticated Key Exchange by Juggling (J-PAKE), achieves mutual authentication in two steps: first, two parties send ephemeral public keys to each other; second, they encrypt the shared password by juggling the public keys in a verifiable way. The first use of such a juggling technique was seen in solving the Dining Cryptographers problem in 2006. Here, we apply it to solve the PAKE problem, and show that the protocol is zero-knowledge as it reveals nothing except one-bit information: whether the supplied passwords at two sides are the same. With clear advantages in security, our scheme has comparable efficiency to the EKE and SPEKE protocols.},
	author = {Hao, Feng and Ryan, Peter Y a},
	doi = {10.1007/978-3-642-22137-8\_23},
	isbn = {9783642221361},
	issn = {03029743},
	journal = {Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)},
	keywords = {EKE,Password-Authenticated Key Exchange,SPEKE,key agreement},
	pages = {159--171},
	title = {Password authenticated key exchange by juggling},
	volume = {6615 LNCS},
	year = {2011}
}

@article{Woo1997,
	author = {Woo, Thomas Y C and Lam, Simon S},
	issn = {0018-9162},
	journal = {25},
	mendeley-groups = {related work},
	number = {1},
	pages = {10},
	title = {Correction: Authentication for distributed systems},
	volume = {25},
	year = {1997}
}

@article{Mackay2012,
	abstract = {The rise of virtualisation and cloud computing is one of the most significant features of computing in the last 10 years. However, despite its popularity, there are still a number of technical barriers that prevent it from becoming the truly ubiquitous service it has the potential to be. Central to this are the issues of data security and the lack of trust that users have in relying on cloud services to provide the foundation of their IT infrastructure. This is a highly complex issue, which covers multiple inter-related factors such as platform integrity, robust service guarantees, data and network security, and many others that have yet to be overcome in a meaningful way. This paper presents a concept for an innovative integrated platform to reinforce the integrity and security of cloud services and we apply this in the context of Critical Infrastructures to identify the core requirements, components and features of this infrastructure.},
	author = {Mackay, M. and Baker, T. and Al-Yasiri, a.},
	doi = {10.1016/j.clsr.2012.07.007},
	isbn = {0267-3649},
	issn = {02673649},
	journal = {Computer Law \& Security Review},
	keywords = {Cloud computing,Critical infrastructures,Trust},
	number = {6},
	pages = {679--686},
	publisher = {Elsevier Ltd},
	title = {Security-oriented cloud computing platform for critical infrastructures},
	URL = {http://www.sciencedirect.com/science/article/pii/S0267364912001434;http://linkinghub.elsevier.com/retrieve/pii/S0267364912001434},
	volume = {28},
	year = {2012}
}

@article{Schultz2002,
	author = {Schultz, E Eugene},
	keywords = {attack indicators,attack prediction,insider,insider attack detection,insider attacks,insider threat,perplexing than insider attacks,substantial},
	pages = {526--531},
	title = {Predicting Insider Attacks},
	year = {2002}
}

@article{Sundareswaran,
	author = {Sundareswaran, Smitha and Su, Chi Tsong},
	title = {Kerberos: An Authentication Service for Computer}
}

@book{Denning1982,
	author = {Denning, Dorothy Elizabeth},
	isbn = {0201101505},
	title = {Cryptography and Data Security},
	url = {http://hdl.handle.net/10945/37163},
	year = {1982}
}

@article{Ghazizadeh,
	author = {Ghazizadeh, E and Dolatabadi, Z S Shams and Khaleghparast, R and Zamani, M and Manaf, A A and Abdullah, M S},
	file = {:C$\backslash$:/Users/Guillaume/Documents/work/Master Arbeit/Secure OpenID Authentication Model by.pdf:pdf},
	title = {Secure OpenID Authentication Model by Using Trusted Computing},
	volume = {2014}
}

@article{Tardo1991,
	abstract = {SPX, a reference implementation of an open distributed
	authentication service architecture based on ISO Standard 9594-9/CCITT
	X.509 directory public key certificates and hierarchically organized
	certification authorities, is described. SPX manages the end system
	state and provides the run-time environment enabling applications to
	mutually authenticate on the basis of a global principal identity. SPX
	scales well in that it does not require online trusted components, and
	permits management of global trust relationship policy in arbitrarily
	large distributed environments. Conceptual, component, and protocol
	descriptions are provided},
	author = {Tardo, J.J. and Alagappan, K.},
	doi = {10.1109/RISP.1991.130791},
	isbn = {0-8186-2168-0},
	journal = {Proceedings. 1991 IEEE Computer Society Symposium on Research in Security and Privacy},
	title = {{SPX: global authentication using public key certificates}},
	year = {1991}
}

@article{Liebl1993,
	author = {Liebl, Armin},
	doi = {10.1145/163640.163643},
	issn = {01635980},
	journal = {ACM SIGOPS Operating Systems Review},
	number = {3},
	pages = {31--41},
	title = {Authentication in distributed systems},
	volume = {27},
	year = {1993}
}

@article{Krikke2005,
	abstract = { Japan is quietly positioning itself for the next phase in digital technology: ubiquitous computing. A sign of things to come is T-Engine, arguably the most advanced ubiquitous computing platform in the world. T-Engine enables the distribution of software resources, including middleware developed on T-Kernel, its compact, real-time operating system. The platform also features standardized hardware and tamper-resistant network security. T-Engine enables developers to rapidly build ubiquitous computing solutions by using off-the-shelf components. Among them are four standard T-Engine boards of varying dimensions for different application areas: Standard T-Engine, Micro T-Engine, Nano T-Engine, and Pico T-Engine.},
	author = {Krikke, J.},
	doi = {10.1109/MPRV.2005.40},
	issn = {1536-1268},
	journal = {IEEE Pervasive Computing},
	keywords = {RFID tags,real-time operating system,ubiquitous computing},
	title = {T-Engine: Japan's ubiquitous computing architecture is ready for prime time},
	volume = {4},
	year = {2005}
}

@article{roman2011securing,
	title={Securing the internet of things},
	author={Roman, Rodrigo and Najera, Pablo and Lopez, Javier},
	journal={Computer},
	volume={44},
	number={9},
	pages={51--58},
	year={2011},
	publisher={IEEE}
}

@article{weber2010internet,
	title={Internet of Things--New security and privacy challenges},
	author={Weber, Rolf H},
	journal={Computer Law \& Security Review},
	volume={26},
	number={1},
	pages={23--30},
	year={2010},
	publisher={Elsevier}
}

@article{freier2011secure,
	title={The secure sockets layer (SSL) protocol version 3.0},
	author={Freier, Alan and Karlton, Philip and Kocher, Paul},
	year={2011}
}
@book{patel2008information,
	title={INFORMATION SECURITY: Theory and Practice},
	author={PATEL, D.R.},
	isbn={9788120333512},
	url={https://books.google.de/books?id=FFPzGN8Uk9cC},
	year={2008},
	publisher={PHI Learning}
}

@article{needham1978using,
	title={Using encryption for authentication in large networks of computers},
	author={Needham, Roger M and Schroeder, Michael D},
	journal={Communications of the ACM},
	volume={21},
	number={12},
	pages={993--999},
	year={1978},
	publisher={ACM}
}

@article{denning1981timestamps,
	title={Timestamps in key distribution protocols},
	author={Denning, Dorothy E and Sacco, Giovanni Maria},
	journal={Communications of the ACM},
	volume={24},
	number={8},
	pages={533--536},
	year={1981},
	publisher={ACM}
}

@book{robling1982cryptography,
	title={Cryptography and data security},
	author={Robling Denning, Dorothy Elizabeth},
	year={1982},
	publisher={Addison-Wesley Longman Publishing Co., Inc.}
}

@article{Bellovin1990,
	abstract = {The Kerberos authentication system, a part of MIT’s Project Athena, has been adopted by other organizations. Despite Kerberos’s many strengths, it has a number of limitations and some weaknesses. Some are due to specifics of the MIT environment; others represent failures in the protocol design. We discuss a number of such problems, and present solutions to some of them. We also demonstrate how special-purpose cryptographic hardware may be needed in some cases.},
	author = {Bellovin, S. M. and Merritt, M.},
	doi = {10.1145/381906.381946},
	issn = {01464833},
	journal = {ACM SIGCOMM Computer Communication Review},
	pages = {119--132},
	title = {Limitations of the Kerberos authentication system},
	volume = {20},
	year = {1990}
}

@article{Consultant,
	author = {Brad Hill},
	title = {Weaknesses and Best Practices of Public Key Kerberos with Smart Cards},
	publisher={ISEC Partners, Inc.}
}

@misc{kim2009survey,
	title={A survey of Kerberos V and public-key Kerberos security},
	author={Kim, Minkyu},
	year={2009}
}

@article{Wang2004,
	author = {Wang, Shuhong and Wang, Jie and Xu, Maozhi},
	issn = {03029743},
	keywords = {cross-realm setting,dictionary attacks,password-authenticated key exchange,security},
	pages = {414--425},
	title = {Weaknesses of a Password-Authenticated Key Exchange Protocol between Clients with Different Passwords},
	year = {2004}
}

@article{Bellovin1992,
	abstract = {Classic cryptographic protocols based on user-chosen keys allow an attacker to mount password-guessing attacks. A combination of asymmetric (public-key) and symmetric (secret-key) cryptography that allow two parties sharing a common password to exchange confidential and authenticated information over an insecure network is introduced. In particular, a protocol relying on the counter-intuitive motion of using a secret key to encrypt a public key is presented. Such protocols are secure against active attacks, and have the property that the password is protected against offline dictionary attacks},
	author = {Bellovin, S.M. and Merritt, M.},
	doi = {10.1109/RISP.1992.213269},
	isbn = {0-8186-2825-1},
	journal = {Proceedings 1992 IEEE Computer Society Symposium on Research in Security and Privacy},
	title = {Encrypted key exchange: password-based protocols secure against dictionary attacks},
	year = {1992}
}

@misc{bellovin1993cryptographic,
	title={Cryptographic protocol for secure communications},
	author={Bellovin, Steven M and Merritt, Michael},
	year={1993},
	month=aug # "~31",
	publisher={Google Patents},
	note={US Patent 5,241,599}
}

@misc{jablon2001cryptographic,
	title={Cryptographic methods for remote authentication},
	author={Jablon, David P},
	year={2001},
	month=may # "~1",
	publisher={Google Patents},
	note={US Patent 6,226,383}
}

@incollection{hao2010j,
	title={J-PAKE: authenticated key exchange without PKI},
	author={Hao, Feng and Ryan, Peter},
	booktitle={Transactions on computational science XI},
	pages={192--206},
	year={2010},
	publisher={Springer}
}

@inproceedings{gong1995optimal,
	title={Optimal authentification protocols resistant to password guessing attacks},
	author={Gong, Li},
	booktitle={Computer Security Foundations Workshop, 1995. Proceedings., Eighth IEEE},
	pages={24--29},
	year={1995},
	organization={IEEE}
}

@article{gong1993protecting,
	title={Protecting poorly chosen secrets from guessing attacks},
	author={Gong, Li and Lomas, Mark A and Needham, Roger M and Saltzer, Jerome H},
	journal={Selected Areas in Communications, IEEE Journal on},
	volume={11},
	number={5},
	pages={648--656},
	year={1993},
	publisher={IEEE}
}

@incollection{byun2002password,
	title={Password-authenticated key exchange between clients with different passwords},
	author={Byun, Jin Wook and Jeong, Ik Rae and Lee, Dong Hoon and Park, Chang-Seop},
	booktitle={Information and Communications Security},
	pages={134--146},
	year={2002},
	publisher={Springer}
}

@techreport{kaufman1991distributed,
	title={‘Distributed Authentication Security Service},
	author={Kaufman, Charles},
	year={1991},
	institution={Internet RFC 1507}
}

@inproceedings{gasser1989digital,
	title={The Digital distributed system security architecture},
	author={Gasser, Morrie and Goldstein, Andy and Kaufman, Charlie and Lampson, Butler},
	booktitle={Proceedings of the 12th National Computer Security Conference},
	pages={305--319},
	year={1989}
}

@article{erdos2002shibboleth,
	title={Shibboleth architecture draft v05},
	author={Erdos, Marlena and Cantor, Scott},
	journal={Internet2/MACE, May},
	volume={2},
	pages={33},
	year={2002}
}

@article{hughes2005security,
	title={Security Assertion Markup Language (SAML) V2. 0 Technical Overview},
	author={Hughes, John and Maler, Eve},
	journal={OASIS SSTC Working Draft sstc-saml-tech-overview-2.0-draft-08},
	pages={29--38},
	year={2005}
}

@article{Armando2008,
	author = {Armando, Alessandro and Carbone, Roberto and Compagna, Luca and Cuellar, Jorge and Tobarra, Llanos},
	doi = {10.1145/1456396.1456397},
	isbn = {978-1-60558-288-7},
	issn = {15437221},
	journal = {Proceedings of the 6th ACM Workshop on Formal Methods in Security Engineering},
	keywords = {bounded model checking,saml single sign-on,sat-based model checking,security protocols},
	pages = {1--10},
	title = {Formal Analysis of SAML 2.0 Web Browser Single Sign-on: Breaking the SAML-based Single Sign-on for Google Apps},
	url = {http://doi.acm.org/10.1145/1456396.1456397},
	year = {2008}
}

@article{armando2013authentication,
	title={An authentication flaw in browser-based single sign-on protocols: Impact and remediations},
	author={Armando, Alessandro and Carbone, Roberto and Compagna, Luca and Cu{\'e}llar, Jorge and Pellegrino, Giancarlo and Sorniotti, Alessandro},
	journal={Computers \& Security},
	volume={33},
	pages={41--58},
	year={2013},
	publisher={Elsevier}
}


@inproceedings{somorovsky2012breaking,
	title={On Breaking SAML: Be Whoever You Want to Be.},
	author={Somorovsky, Juraj and Mayer, Andreas and Schwenk, J{\"o}rg and Kampmann, Marco and Jensen, Meiko},
	booktitle={USENIX Security Symposium},
	pages={397--412},
	year={2012}
}

@article{Jeng2012,
	author = {Jeng, Yu-lin},
	number = {3},
	pages = {250--252},
	title = {An OpenID Based Authentication Mechanism in a Distributed System Environment},
	volume = {1},
	year = {2012}
}

@article{Sun2012,
	author = {Sun, San-Tsai},
	title = {Simple But Not Secure: An Empirical Security Analysis of OAuth 2.0-Based Single Sign-On Systems},
	year = {2012}
}

@article{Hodge2008,
	author = {J, Hodges},
	title = {Technical Comparison: OpenID and SAML - Draft 07a},
	year = {2008}
}