Towards Secure and Dependable Authentication and Authorization Infrastructures

Abstract—We propose a resilience architecture for improving the security and dependability of authentication and au-thorization infrastructures, in particular the ones based on RADIUS and OpenID. This architecture employs intrusion-tolerant replication, trusted components and untrusted gate-ways to provide survivable services ensuring compatibility with standard protocols. The architecture was instantiated in two prototypes, one implementing RADIUS and another implementing OpenID. These prototypes were evaluated in fault-free executions, under faults, under attack, and in diverse computing environments. The results show that, beyond being more secure and dependable, our prototypes are capable of achieving the performance requirements of enterprise environ-ments, such as IT infrastructures with more than 400k users. Keywords-authentication and authorization services, security, dependability, intrusion tolerance, RADIUS, OpenID. I.