cloud based secure and privacy enhanced authentication & authorization protocol
DESCRIPTION
Cloud based Secure and Privacy Enhanced Authentication & Authorization Protocol. Umer Khalid Dr. Abdul Ghafoor Abbasi Misbah Irum Dr. Awais Shibli. Outline. Introduction Problems with existing security mechanisms Selection of components Modifications Workflow Conclusion. - PowerPoint PPT PresentationTRANSCRIPT
Department of Computing, School of Electrical Engineering and Computer
Sciences, NUST - Islamabad
KTH Applied
Information Security
Lab
Cloud based Secure and Privacy Enhanced Authentication &Authorization Protocol
Umer Khalid
Dr. Abdul Ghafoor Abbasi
Misbah Irum
Dr. Awais Shibli
Department of Computing, School of Electrical Engineering and Computer
Sciences, NUST - Islamabad
KTH Applied
Information Security
Lab
Outline
1. Introduction 2. Problems with existing security
mechanisms3. Selection of components4. Modifications5. Workflow6. Conclusion
Department of Computing, School of Electrical Engineering and Computer
Sciences, NUST - Islamabad
KTH Applied
Information Security
Lab
1. Introduction1. Introduction
Traditional Security Mechanisms– Authentication System
• Password Based Authentication• Kerberos • Zero knowledge Proofs
– Authorization • Access control• OTP
Department of Computing, School of Electrical Engineering and Computer
Sciences, NUST - Islamabad
KTH Applied
Information Security
Lab
2.Problems
Easily compromised– Lengthy passwords – Leakage risks– Based on a single factor– No anonymity
Solution – Multi factor authentication – Access control
Department of Computing, School of Electrical Engineering and Computer
Sciences, NUST - Islamabad
KTH Applied
Information Security
Lab
3. Solution Multi-factor authentication
– Based on what you have and what you posses:
• Certificates• PINs• Smart cards• Biometrics
Flexible Authorization– Access Control based on:
• Roles• Attributes• Combination of multiple conditions
Department of Computing, School of Electrical Engineering and Computer
Sciences, NUST - Islamabad
KTH Applied
Information Security
Lab
2.Problems Revisited Lengthy passwords Leakage risks Based on a single factor Anonymity
Identity information binding.Information only protected in transit.Still does not cater for anonymity.
Department of Computing, School of Electrical Engineering and Computer
Sciences, NUST - Islamabad
KTH Applied
Information Security
Lab
Current Challenges Different organizations are now shifting data
assets to the cloud such as:– E-Government – Health Care
Cloud offers significant cut down in infrastructure costs at the risk of:– Privacy (Identity Linking)
– Data leakage Problem gets further amplified as data owners
are not the only ones with the data – Cloud service providers also posses the same data– Service provider can easily link identity information to this
data
Department of Computing, School of Electrical Engineering and Computer
Sciences, NUST - Islamabad
KTH Applied
Information Security
Lab
Design of a Anonymous Authentication & Authorization Protocol Choice of components:
Design a completely new approach Build on existing robust protocols Separate mechanisms for authentication and
authorization Modify the protocols to achieve anonymity
Authentication: Strong authentication based server with support for
anonymity Authorization:
XACML based PDP server for authorization PEP at multiple points
Department of Computing, School of Electrical Engineering and Computer
Sciences, NUST - Islamabad
KTH Applied
Information Security
Lab
Authentication
Strong authentication server with support for multi-factor authentication:
CertificatesRevocableTraceable
Partial Anonymity
CertificatesPINs
Smart cardsBiometrics
Department of Computing, School of Electrical Engineering and Computer
Sciences, NUST - Islamabad
KTH Applied
Information Security
Lab
Anonymous Digital Certificates
Certificate Anonymous Certificate
Department of Computing, School of Electrical Engineering and Computer
Sciences, NUST - Islamabad
KTH Applied
Information Security
Lab
Anonymous Digital Certificates
Department of Computing, School of Electrical Engineering and Computer
Sciences, NUST - Islamabad
KTH Applied
Information Security
Lab
Certificate based Strong Authentication
Client
SA Server
Department of Computing, School of Electrical Engineering and Computer
Sciences, NUST - Islamabad
KTH Applied
Information Security
Lab
Improvements
[Cert A]
Tok ID|RND B
LCA
IDMSTok ID|RND B|RND A
Department of Computing, School of Electrical Engineering and Computer
Sciences, NUST - Islamabad
KTH Applied
Information Security
Lab
2. Results 2. Results
TAG Description Example
@author Identifies the author of a class.
@author Ali
@exception Identifies an exception thrown by a method
@exception exception-name explanation
@param Documents a method's parameter.
@param parameter-name explanation
@return Documents a method's return value.
Documents a method's return value.
@since States the release when a specific change was introduced.
@since release