Newer
Older
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
\def\babelopt{english,italian}
%% admissible values: bach, mst, phd.
\documentclass[table,target=mst,babel=\babelopt]{thud}
\title{Fenrir: a verified protocol for federated authentication and authorization}
\author{Luca Fulchir}
\date{2014-2015}
\supervisor{Prof.\ Marino Miculan}
%\cosupervisor{}
%% various: \referee, \chair, \address (default:uniud address).
%% use `\and' in \author, \supervisor, \cosupervisor, \referee to put multiple names
%% phd
%\phdnumber{666}
%\rights{Tutti i diritti riservati a me stesso e basta.}
%\homepage{https://www.fenrirproject.org}
%\email{luker@fenrirproject.org}
%\telephone{+39 012 3456789}
\usepackage{tabularx}
\usepackage[utf8]{inputenc}
\usepackage{graphicx}
\usepackage{linkinclude}
\usepackage{hyperref}
\usepackage{listings}
\usepackage{soul}
\usepackage{caption}
\usepackage{mwe}
\usepackage{tikz}
\usetikzlibrary{arrows,shadows,automata,positioning}
\usepackage{amsmath}
\usepackage{framed}
\usepackage{wrapfig}
\makeindex
\begin{document}
\maketitle
%\begin{dedication}random randomness is random..\end{dedication}
\acknowledgements
\begin{figure}[h]
\centering
\includegraphics[width=0.6\textwidth]{xkcd/team_effort.png}
\caption*{[xkcd.org] Given the role they play in every process in my body, really, they deserve this award more than me. Just gotta figure out how to give it to them. Maybe I can cut it into pieces to make it easier to swallow ...}
\label{fig:So standard}
\end{figure}
%Sed vel lorem a arcu faucibus aliquet eu semper tortor. Aliquam dolor lacus, semper vitae ligula sed, blandit iaculis leo. Nam pharetra lobortis leo nec auctor. Pellentesque habitant morbi tristique senectus et netus et malesuada fames ac turpis egestas. Fusce ac risus pulvinar, congue eros non, interdum metus. Mauris tincidunt neque et aliquam imperdiet. Aenean ac tellus id nibh pellentesque pulvinar ut eu lacus. Proin tempor facilisis tortor, et hendrerit purus commodo laoreet. Quisque sed augue id ligula consectetur adipiscing. Vestibulum libero metus, lacinia ac vestibulum eu, varius non arcu. Nam et gravida velit.
\abstract
\begin{figure}[h]
\centering
\includegraphics[width=0.8\textwidth]{xkcd/authorization.png}
\caption*{[xkcd.org] The hard truth...}
\label{fig:So standard}
\end{figure}
When programs needs secure communications they authenticate, then use an encrypted stream on top of an unauthenticated connection.\\
Stacking up protocols can weaken the security properties of the connection, and limit the flexibility of both transmission and authentication.\\
New protocols like Google's QUIC have tried to solve parts of these limitations, but there still are no federated authentication schemes integrated in
any protocol, authorization is almost completely ignored. The result is that both the programmers and the end users have a very limited choice on both the
security and flexibility of the communication.
After analyzing current authentication and encryption solutions, we will construct a formally verified protocol which includes encryption, authentication, authorization
and is aimed at federated environments.
Thanks to handling authorization and authentication together, we will be able to give the user unprecedented control over its accounts and applications.
The federation will grant the user the ability to login everywhere without remembering hundreds of different usernames and passwords, remotely block
lost accounts or whole devices. The programmers will find multiple levels of multiplexing already in place, high flexibility in connection properties (reliability,
priorities, multihoming...). The federation will also split the authentication data, and thus the user database, from the main application, so that compromising the latter will not reveal user data.
\tableofcontents
%\listoftables
%\listoffigures
\mainmatter
\input{Analysis.tex}
\input{Project.tex}
\input{Formal_Verification.tex}
\input{Implementation.tex}
\input{Validation.tex}
\input{Conclusions.tex}
\appendix
\input{Appendix.tex}
%% bibliography, analytical index etc...
\backmatter
%\summary
%\begin{figure}[h]
% \centering
% \includegraphics[width=1\textwidth]{paper.png}
% \caption{so... yeah... this paper is really about...uh...}
% \label{fig:Hope it doesn't happen...}
%\end{figure}
\newpage
\bibliographystyle{plain_\languagename}
%% recommended
% xkcd as bibliography title
\renewcommand{\chapter}[2]{
\begin{figure}[h]
\centering
\includegraphics[width=0.5\textwidth]{xkcd/citogenesis.png}
\caption*{[xkcd.org]}
\label{fig:So standard}
\end{figure}}
\bibliography{thud}
%% use `thebibliography' environment for manual bibliography
\printindex
\end{document}