Identity Management

Through a series of projects funded by the Department of Energy, the Department of Homeland Security, and the Air Force Research Laboratory, Galois' team of identity, authentication, and authorization experts have developed a set of technologies that alleviate the problems and risks associated with password overwhelm.

Organizations and their users are drowning in usernames and passwords. Attacks against large password databases are becoming more common, putting user privacy and corporate or government assets at risk. When separate organizations collaborate by integrating their IT systems, the problem only gets worse. Technologies like OpenID, OAuth, and SAML might one day evolve into a solution that alleviates the very real inconvenience and risk, but in the meantime, how can your organization navigate the identity management problem and solution spaces?

Mobile authentication using QR codes: Tozny

Tozny replaces passwords with mobile phones and typing passwords with scanning a barcode on that phone. Our approach links user and browser session with the phone’s Internet connection to send a long and complex shared secret to the website, proving the user’s identity.

Building identity systems through account linking: Open Science Grid

Galois collaborated with Open Science Grid to provide authentication and authorization management and integration to science experiments that interact with multiple, incompatible identity systems.

Anonymity in service-oriented architectures for potentially compromised environments: Federated Search Manager

In service-oriented architectures (SOAs), components are eventually compromised, so levels of trust are set appropriately. Advanced attacks often gain access to a trusted component, and that infiltration is used as a launching point to escalate privileges. Anonymous authorization is a design principle that can be used to decrease the level of trust required and reduce the attack surface of SOAs. Our Federated Search Manager is a prototype implementation of a cross-organizational and anonymous authorization system.

Securely federate user identities across state and federal infrastructures: Identity Federation

In a project for the Department of Homeland Security, Galois developed an architecture to securely federate user identities across state and federal infrastructures. The work integrated technologies like SAML 2.0, PIV cards, and the InfoCard standard to provide state and local first responders authorized access to federal information resources.