Presentation is loading. Please wait.

Presentation is loading. Please wait.

Privacy and Identity Management in Cloud

Published byElizabeth Reeves Modified over 5 years ago

Similar presentations

Presentation on theme: "Privacy and Identity Management in Cloud"— Presentation transcript:

1 Privacy and Identity Management in Cloud
Rohit Ranchal, Bharat Bhargava, Pelin Angin, Noopur Singh, Lotfi Ben Othmane, Leszek Lilien Department of Computer Science Purdue University, Western Michigan University {rranchal, Mark Linderman Air Force Research Laboratory Rome, NY, USA This research was supported by AFRL Rome, USA and NGC

2 Outline Motivation Identity Management (IDM)
Goals of Proposed User-Centric IDM Mechanisms Description of proposed solution Advantages of the Proposed Scheme Conclusion & Future Work References Questions?

3 Motivation User on Amazon Cloud Name E-mail Password Billing Address
Shipping Address Credit Card Name Billing Address Credit Card Name Password Billing Address Shipping Address Credit Card Name Shipping Address Name Shipping Address

4 Motivation User on Amazon Cloud Name E-mail Password Billing Address
Shipping Address Credit Card Name Billing Address Credit Card Name Password Billing Address Shipping Address Credit Card Name Shipping Address Name Shipping Address

5 Identity Management (IDM)
IDM in traditional application-centric IDM model Each service keeps track of identifying information of its users. Existing IDM Systems Microsoft Windows CardSpace [W. A. Alrodhan] OpenID [ PRIME [S. F. Hubner, Karlstad Univ] These systems require a trusted third party and do not work on an untrusted host. If Trusted Third Party is compromised, all the identifying information of the users is also compromised leading to serious problems like Identity Theft. [Latest: AT&T iPad leak]

6 IDM in Cloud needs to be user-centric
IDM in Cloud Computing Cloud introduces several issues to IDM Collusion between Cloud Services Users have multiple accounts associated with multiple service providers. Sharing sensitive identity information between services can lead to undesirable mapping of the identities to the user. Lack of trust Cloud hosts are untrusted Use of Trusted Third Party is not an option Loss of control Service-centric IDM Model IDM in Cloud needs to be user-centric

7 Goals of Proposed User-Centric IDM for the Cloud
Authenticate without disclosing identifying information Ability to securely use a service while on an untrusted host (VM on the cloud) Minimal disclosure and minimized risk of disclosure during communication between user and service provider (Man in the Middle, Side Channel and Correlation Attacks) Independence of Trusted Third Party for identity information

8 Mechanisms in Proposed IDM
Active Bundle [L. Othmane, R. Ranchal] Anonymous Identification [A. Shamir] Computing Predicates with encrypted data [E. Shi] Multi-Party Computing [A. Shamir] Selective Disclosure [B. Laurie]

9 Active Bundle Active bundle (AB) Active Bundles—Operations
An encapsulating mechanism protecting data carried within it Includes data Includes metadata used for managing confidentiality Both privacy of data and privacy of the whole AB Includes Virtual Machine (VM) performing a set of operations protecting its confidentiality Active Bundles—Operations Self-Integrity check E.g., Uses a hash function Evaporation/ Filtering Self-destroys (a part of) AB’s sensitive data when threatened with a disclosure Apoptosis Self-destructs AB’s completely

10 Active Bundle Scheme Metadata: Access control policies
Data integrity checks Dissemination policies Life duration ID of a trust server ID of a security server App-dependent information E(Name) E( ) E(Password) E(Shipping Address) E(Billing Address) E(Credit Card) Sensitive Data: Identity Information ... Virtual Machine (algorithm): Interprets metadata Checks active bundle integrity Enforces access and dissemination control policies * E( ) - Encrypted Information

11 Anonymous Identification
Use of Zero-knowledge proofing for user authentication without disclosing its identifier. User on Amazon Cloud ZKP Interactive Protocol User Request for service Function f and number k Password fk( , Password) = R Password Authenticated

12 Interaction using Active Bundle
AB information disclosure Active Bundle Destination User Application Active Bundle Active Bundle Creator Active Bundle (AB) Security Services Agent (SSA) Audit Services Agent (ASA) Directory Facilitator Trust Evaluation Agent (TEA) Active Bundle Coordinator Active Bundle Services

13 Predicate over Encrypted Data
Verification without disclosing unencrypted identity data. Predicate Request* Password E(Name) E(Shipping Address) E(Billing Address) E(Credit Card) E(Name) E(Billing Address) E(Credit Card) *Age Verification Request *Credit Card Verification Request

14 Multi-Party Computing
To become independent of a trusted third party Multiple Services hold shares of the secret key Minimize the risk Predicate Request E(Name) E(Billing Address) E(Credit Card) K’1 K’2 K’3 K’n Key Management Services * Decryption of information is handled by the Key Management services

15 Multi-Party Computing
To become independent of a trusted third party Multiple Services hold shares of the secret key Minimize the risk Predicate Reply* Name Billing Address Credit Card K’1 K’2 K’3 K’n Key Management Services *Age Verified *Credit Card Verified

16 Selective disclosure*
User Policies in the Active Bundle dictate dissemination Selective disclosure* Password E(Name) E(Shipping Address) E(Billing Address) E(Credit Card) E(Name) E(Shipping Address) *e-bay shares the encrypted information based on the user policy

17 Selective disclosure*
E(Name) E(Shipping Address) E(Name) E(Shipping Address) *e-bay seller shares the encrypted information based on the user policy

18 Selective Disclosure Selective disclosure E(Name) E(Shipping Address) Name Shipping Address Decryption handled by Multi-Party Computing as in the previous slides

19 Selective Disclosure Fed-Ex can now send the package to the user
E(Name) E(Shipping Address) Name Shipping Address Fed-Ex can now send the package to the user

20 Identity in the Cloud User on Amazon Cloud E-mail Password Name
Billing Address Credit Card Name Password Billing Address Shipping Address Credit Card Name Shipping Address

21 Characteristics and Advantages
Ability to use Identity data on untrusted hosts Self Integrity Check Integrity compromised- apoptosis or evaporation Data should not be on this host Establishes the trust of users in IDM Through putting the user in control of who has his data and how is is used Identity is being used in the process of authentication, negotiation, and data exchange. Independent of Third Party for Identity Information Minimizes correlation attacks Minimal disclosure to the SP SP receives only necessary information.

22 Conclusion & Future Work
Problems with IDM in Cloud Computing Collusion of Identity Information Prohibited Untrusted Hosts Usage of Trusted Third Party Proposed Approaches IDM based on Anonymous Identification IDM based on Predicate over Encrypted data IDM based on Multi-Party Computing Future work Develop the prototype, conduct experiments and evaluate the approach

23 References [1] C. Sample and D. Kelley. Cloud Computing Security: Routing and DNS Threats, June 23,2009. [2] W. A. Alrodhan and C. J. Mitchell. Improving the Security of CardSpace, EURASIP Journal on Information Security Vol. 2009, doi: /2009/167216, [3] OPENID, [4] S. F. Hubner. HCI work in PRIME, [5] A. Gopalakrishnan, Cloud Computing Identity Management, SETLabsBriefings, Vol7, [6] A. Barth, A. Datta, J. Mitchell and H. Nissenbaum. Privacy and Contextual Integrity: Framework and Applications, Proc. of the 2006 IEEE Symposium on Security and Privacy, [7] L. Othmane, Active Bundles for Protecting Confidentiality of Sensitive Data throughout Their Lifecycle, PhD Thesis, Western Michigan Univ, [8] A. Fiat and A. Shamir, How to prove yourself: Practical Solutions to Identification and Signature Problems, CRYPTO, [9] A. Shamir, How to Share a Secret, Communications of the ACM, [10] M. Ben-Or, S. Goldwasser and A. Wigderson, Completeness theorems for non-cryptographic fault-tolerant distributed computation, ACM Symposium on Theory of Computing, [11] E. Shi, Evaluating Predicates over Encrypted Data, PhD Thesis, CMU, 2008.

Download ppt "Privacy and Identity Management in Cloud"

Similar presentations

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.
Secure Naming structure and p2p application interaction IETF - PPSP WG July 2010 Christian Dannewitz, Teemu Rautio and Ove Strandberg.

Secure Naming structure and p2p application interaction IETF - PPSP WG July 2010 Christian Dannewitz, Teemu Rautio and Ove Strandberg.
Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.

Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.
User-centric Handling of Identity Agent Compromise Daisuke Mashima Dr. Mustaque Ahamad Swagath Kannan College of Computing Georgia Institute of Technology.

User-centric Handling of Identity Agent Compromise Daisuke Mashima Dr. Mustaque Ahamad Swagath Kannan College of Computing Georgia Institute of Technology.
Claudia Diaz, Hannelore Dekeyser, Markulf Kohlweiss, Girma Nigusse K.U.Leuven IDIS Workshop 29/05/2008 [Work done in the context of the ADAPID project]

Claudia Diaz, Hannelore Dekeyser, Markulf Kohlweiss, Girma Nigusse K.U.Leuven IDIS Workshop 29/05/2008 [Work done in the context of the ADAPID project]
1 Secure Credit Card Transactions on an Untrusted Channel Source: Information Sciences in review Presenter: Tsuei-Hung Sun ( 孫翠鴻 ) Date: 2010/9/24.

1 Secure Credit Card Transactions on an Untrusted Channel Source: Information Sciences in review Presenter: Tsuei-Hung Sun ( 孫翠鴻 ) Date: 2010/9/24.
Privacy in Cloud Computing Through Identity Management Purdue University Bharat Bhargava, Noopur Singh U.S Airforce Asher Sinclair.

Privacy in Cloud Computing Through Identity Management Purdue University Bharat Bhargava, Noopur Singh U.S Airforce Asher Sinclair.
Lect. 18: Cryptographic Protocols. 2 1.Cryptographic Protocols 2.Special Signatures 3.Secret Sharing and Threshold Cryptography 4.Zero-knowledge Proofs.

Lect. 18: Cryptographic Protocols. 2 1.Cryptographic Protocols 2.Special Signatures 3.Secret Sharing and Threshold Cryptography 4.Zero-knowledge Proofs.
Identity Management Based on P3P Authors: Oliver Berthold and Marit Kohntopp P3P = Platform for Privacy Preferences Project.

Identity Management Based on P3P Authors: Oliver Berthold and Marit Kohntopp P3P = Platform for Privacy Preferences Project.
Trustworthy and Personalized Computing Christopher Strasburg Department of Computer Science Iowa State University November 12, 2008.

Trustworthy and Personalized Computing Christopher Strasburg Department of Computer Science Iowa State University November 12, 2008.
Cryptography and Authentication Lab ECE4112 Group4 Joel Davis Scott Allen Quinn.

Cryptography and Authentication Lab ECE4112 Group4 Joel Davis Scott Allen Quinn.
Privacy and Identity Management in Cloud Rohit Ranchal, Bharat Bhargava, Pelin Angin, Noopur Singh, Lotfi Ben Othmane, Leszek Lilien Department of Computer.

Privacy and Identity Management in Cloud Rohit Ranchal, Bharat Bhargava, Pelin Angin, Noopur Singh, Lotfi Ben Othmane, Leszek Lilien Department of Computer.
Protection of Identity Information in Cloud Computing without Trusted Third Party 作者 :Rohit Ranchal, Bharat Bhargave, Lotfi Ben Othmane, Leszek Lilien,

Protection of Identity Information in Cloud Computing without Trusted Third Party 作者 :Rohit Ranchal, Bharat Bhargave, Lotfi Ben Othmane, Leszek Lilien,
This paper states that one of the major problem to the adoption of cloud computing is that of security.  Existing cloud computing problem or concerns.

This paper states that one of the major problem to the adoption of cloud computing is that of security.  Existing cloud computing problem or concerns.
Using Digital Credentials On The World-Wide Web M. Winslett.

Using Digital Credentials On The World-Wide Web M. Winslett.
Mar 4, 2003Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities.

Mar 4, 2003Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities.
Students: Rohit Ranchal and Gen Nishida PI: Bharat Bhargava ( PLM Center of Excellence and CERIAS Computer Sciences Purdue University.

Students: Rohit Ranchal and Gen Nishida PI: Bharat Bhargava ( PLM Center of Excellence and CERIAS Computer Sciences Purdue University.
Cloud Computing Cloud Security– an overview Keke Chen.

Cloud Computing Cloud Security– an overview Keke Chen.
Construction of efficient PDP scheme for Distributed Cloud Storage. By Manognya Reddy Kondam.

Construction of efficient PDP scheme for Distributed Cloud Storage. By Manognya Reddy Kondam.
SYSTEM ADMINISTRATION Chapter 13 Security Protocols.

SYSTEM ADMINISTRATION Chapter 13 Security Protocols.

Similar presentations

Ads by Google