Implementing zero trust in federated identity systems using hardware attestation and adaptive multi-factor authentication (MFA)

Abstract

In an era defined by dynamic cyber threats, old perimeter-style security models are becoming increasingly obsolete. Federated Identity Systems (FIS), where users au thenticate across multiple domains based on a single identity provider (IdP), offer convenience but are accompanied by significant security threats, including token theft, IdP compromise, and static session validation. At the same time, Zero Trust Architecture (ZTA) has emerged as a strong framework that applies continuous ver ification and least-privilege access regardless of user location or network trust. This research proposes a comprehensive solution for deploying the Zero Trust approach to Federated Identity Systems, which adjusts authentication needs based on real-time risk evaluations. It integrates Adaptive Multi-Factor Authentication (MFA) and hardware attestation, like TPM (Trusted Platform Module), to detect and register devices that establish trust, ensuring that compromised and untrusted devices do not enter the federation. The system designs and deploys a safe, privacy-preserving federated identity system utilizing OpenID Connect and dynamic policy verifica tion. After threat modeling, requirements analysis, and performance testing, the proposed system demonstrates increased protection against identity-based attacks and remains user-friendly and interoperable. Combining device trust, which is sup ported by hardware and adaptive authentication with contextual risk assessment, this architecture provides a comprehensive trust model that helps to mitigate threats of credential abuse, device spoofing, and token misuse. The approach increases se curity in federated environments and minimizes friction among users to provide an effective, scalable secure digital identity solution.

Description

Cataloged from PDF version of thesis.
Includes bibliographical references (pages 60-63).
This thesis is submitted in partial fulfillment of the requirements for the degree of Bachelor of Science in Computer Science, 2026.

Keywords

Zero trust architecture, Federated identity system, Federated identity system, Multi-factor authentication, Trusted Platform Module, Performance evaluation

Citation

Endorsement

Review

Supplemented By

Referenced By