TaxIdMA: Towards a Taxonomy for Attacks related to Identities

Identity management refers to the technology and policies for the identification, authentication, and authorization of users in computer networks. Identity management is therefore fundamental to today's IT ecosystem. At the same time, identity management systems, where digital identities are managed, pose an attractive target for attacks. With the heterogeneity of identity management systems, every type (i.e., models, protocols, implementations) has different requirements, typical problems, and hence attack vectors. In order to provide a systematic and categorized overview, the framework Taxonomy for Identity Management Attacks (TaxIdMA) for attacks related to identities is proposed. The purpose of this framework is to classify existing attacks associated with system identities, identity management systems, and end-user identities as well as the background using an extensible structure from a scientific perspective. The taxonomy is then evaluated with eight real-world attacks resp. vulnerabilities. This analysis shows the capability of the proposed taxonomy framework TaxIdMA in describing and categorizing these attacks.