Implementing zero trust in federated identity systems using hardware attestation and adaptive multi-factor authentication (MFA)
Date
2026-01
Journal Title
Journal ISSN
Volume Title
Publisher
BRAC University
Abstract
In an era defined by dynamic cyber threats, old perimeter-style security models are
becoming increasingly obsolete. Federated Identity Systems (FIS), where users au
thenticate across multiple domains based on a single identity provider (IdP), offer
convenience but are accompanied by significant security threats, including token
theft, IdP compromise, and static session validation. At the same time, Zero Trust
Architecture (ZTA) has emerged as a strong framework that applies continuous ver
ification and least-privilege access regardless of user location or network trust. This
research proposes a comprehensive solution for deploying the Zero Trust approach to
Federated Identity Systems, which adjusts authentication needs based on real-time
risk evaluations. It integrates Adaptive Multi-Factor Authentication (MFA) and
hardware attestation, like TPM (Trusted Platform Module), to detect and register
devices that establish trust, ensuring that compromised and untrusted devices do
not enter the federation. The system designs and deploys a safe, privacy-preserving
federated identity system utilizing OpenID Connect and dynamic policy verifica
tion. After threat modeling, requirements analysis, and performance testing, the
proposed system demonstrates increased protection against identity-based attacks
and remains user-friendly and interoperable. Combining device trust, which is sup
ported by hardware and adaptive authentication with contextual risk assessment,
this architecture provides a comprehensive trust model that helps to mitigate threats
of credential abuse, device spoofing, and token misuse. The approach increases se
curity in federated environments and minimizes friction among users to provide an
effective, scalable secure digital identity solution.
Description
Cataloged from PDF version of thesis.
Includes bibliographical references (pages 60-63).
This thesis is submitted in partial fulfillment of the requirements for the degree of Bachelor of Science in Computer Science, 2026.
Includes bibliographical references (pages 60-63).
This thesis is submitted in partial fulfillment of the requirements for the degree of Bachelor of Science in Computer Science, 2026.
Keywords
Zero trust architecture, Federated identity system, Federated identity system, Multi-factor authentication, Trusted Platform Module, Performance evaluation
