nach oben

International Journal of Information Security

Erschienen in:

01.04.2014 | Special Issue Paper

BlindIdM: A privacy-preserving approach for identity management as a service

verfasst von: David Nuñez, Isaac Agudo

Erschienen in: International Journal of Information Security | Ausgabe 2/2014

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

Identity management is an almost indispensable component of today’s organizations and companies, as it plays a key role in authentication and access control; however, at the same time, it is widely recognized as a costly and time-consuming task. The advent of cloud computing technologies, together with the promise of flexible, cheap and efficient provision of services, has provided the opportunity to externalize such a common process, shaping what has been called Identity Management as a Service (IDaaS). Nevertheless, as in the case of other cloud-based services, IDaaS brings with it great concerns regarding security and privacy, such as the loss of control over the outsourced data. In this paper, we analyze these concerns and propose BlindIdM, a model for privacy-preserving IDaaS with a focus on data privacy protection. In particular, we describe how a SAML-based system can be augmented to employ proxy re-encryption techniques for achieving data confidentiality with respect to the cloud provider, while preserving the ability to supply the identity service. This is an innovative contribution to both the privacy and identity management landscapes.

Vorheriger Artikel Enhanced GeoProof: improved geographic assurance for data in the cloud

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

The term blind is used here in an analogous way as in blind signature, which is a signature scheme that enables the signer to perform a signature without knowing the content of the underlying message.

Note that HIPAA is focused on the health care sector.

Hermans, J., Chung, M.: KPMG’s 2010 Cloud Computing Survey. Technical report, KPMG (2010)

Security guidance for critical areas of focus in cloud computing, version 3.0. Technical report, Cloud Security Alliance (2011)

Cisco global cloud networking survey. Technical report, Cisco (2012)

Heiser, J., Nicolett, M.: Assessing the Security Risks of Cloud Computing. Gartner Inc., Technical report (2008)

Top threats to cloud computing, version 1.0. Technical report, Cloud Security Alliance, 2010

The Notorious Nine: Cloud Computing Top Threats in 2013. Technical report, Cloud Security Alliance (2013)

Casassa Mont, M., Pearson, S., Bramhall, P.: Towards accountable management of identity and privacy: Sticky policies and enforceable tracing services. In Proceedings of the 14th International Workshop on Database and Expert Systems Applications, pp. 377–382. IEEE (2003)

Dhamija, R., Dusseault, L.: The seven flaws of identity management: usability and security challenges. IEEE Secur. Priv. 6(2), 24–29 (2008)CrossRef

Hussain, M.: The Design and Applications of a Privacy-Preserving Identity and Trust-Management System. PhD thesis, School of Computing, Queen’s University, (2010)

10.

OASIS Security Services TC: Assertions and Protocols for the OASIS Security Assertion Markup Language (SAML) V2.0 (2005)

11.

Shibboleth Consortium. Shibboleth. http://shibboleth.net/

12.

OASIS Web Services Federation TC. Web Services Federation Language (WS-Federation) Version 1.2 (2009)

13.

OASIS Security Services TC: Glossary for the OASIS Security Assertion Markup Language (SAML) V2.0, (2005)

14.

Maler, E., Reed, D.: The venn of identity: options and issues in federated identity management. IEEE Secur. Priv. 6(2), 16–23 (2008)CrossRef

15.

Microsoft. Windows Azure Active Directory. http://www.windowsazure.com/en-us/home/features/identity/

16.

CA Technologies. CA CloudMinder Identity Management. http://www.ca.com/us/cloudminder-identity-management

17.

Pearson, S., Benameur, A.: Privacy, security and trust issues arising from cloud computing. In: 2nd IEEE International Conference on Cloud Computing Technology and Science (CloudCom), pp. 693–702. IEEE (2010)

18.

Clauß, S., Köhntopp, M.: Identity management and its support of multilateral security. Computer Networks 37(2), 205–219 (2001)CrossRef

19.

De Capitani di Vimercati, S., Foresti, S., Samarati, P.: Managing and accessing data in the cloud: privacy risks and approaches. In: Risk and Security of Internet and Systems (CRiSIS), 2012 7th International Conference on, pp. 1–9. IEEE (2012)

20.

E.U. Comission. Council Directive 95/46/EC: On the protection of individuals with regard to the processing of personal data and on the free movement of such data, (1995)

21.

Shane, S., Burns, J.F.: U.S. Subpoenas Twitter Over WikiLeaks Supporters. The New York Times, January 8 (2011)

22.

U.S. Congress. Uniting and strengthening america by providing appropriate tools required to intercept and obstruct terrorism act (2001)

23.

U.S. Congress. Health insurance portability and accountability act (1996)

24.

Hon, W.K., Millard, C., Walden, I.: The problem of ‘personal data’ in cloud computing: what information is regulated? The cloud of unknowing. Int. Data Priv. Law 1(4), 211–228 (2011)CrossRef

25.

Fowler, G.A., Barrett, D., Schechner, S.: U.S. shuts offshore file-share ‘locker’. The Wall Street Journal, January 20 (2012)

26.

Certivox. PrivateSky. http://privatesky.me/

27.

CipherCloud. CipherCloud Gateway. http://www.ciphercloud.com/

28.

Y. Chen and R. Sion. On securing untrusted clouds with cryptography. In Proceedings of the 9th annual ACM workshop on Privacy in the electronic society, pages 109–114. ACM, 2010

29.

Gritzalis, Stefanos: Enhancing web privacy and anonymity in the digital era. Inf. Manag. Comput. Secur. 12(3), 255–287 (2004)CrossRef

30.

Camenisch, J., Van Herreweghen, E.: Design and implementation of the idemix anonymous credential system. In: Proceedings of the 9th ACM Conference on Computer and Communications security, pp. 21–30. ACM (2002)

31.

OASIS Security Services TC: Metadata for the OASIS Security Assertion Markup Language (SAML) V2.0 (2005)

32.

Ateniese, G., Fu, K., Green, M., Hohenberger, S.: Improved proxy re-encryption schemes with applications to secure distributed storage. In Proceedings of the 12th Annual Network and Distributed System Security Symposium, pp. 29–44 (2005)

33.

Blaze, M., Bleumer, G., Strauss, M.: Divertible protocols and atomic proxy cryptography. In: Advances in Cryptology—EUROCRYPT’98, pp. 127–144 (1998)

34.

Green, M., Ateniese, G.: Identity-based proxy re-encryption. In: Applied Cryptography and Network Security, pp. 288–306. Springer (2007)

35.

Chu, C.K., Tzeng, W.G.: Identity-based proxy re-encryption without random oracles. In: Information Security, pp. 189–202 (2007)

36.

Canetti, R., Hohenberger, S.: Chosen-ciphertext secure proxy re-encryption. In: Proceedings of the 14th ACM conference on Computer and communications security, pp. 185–194. ACM (2007)

37.

Libert, B., Vergnaud, D.: Unidirectional chosen-ciphertext secure proxy re-encryption. IEEE Trans. Inf. Theory 57(3), 1786–1802 (2011)CrossRefMathSciNet

38.

Ateniese, G., Benson, K., Hohenberger, S.: Key-private proxy re-encryption. In: Topics in Cryptology-CT-RSA 2009, pp. 279–294 (2009)

39.

W3C. XML Encryption Syntax and Processing Version 1.0. W3C Recommendation, W3C (2002). http://www.w3.org/TR/xmlenc-core/

40.

OASIS Security Services TC: Bindings for the OASIS Security Assertion Markup Language (SAML) V2.0 (2005)

41.

Nuñez, D., Agudo, I., Lopez, J.: Integrating OpenID with proxy re-encryption to enhance privacy in cloud-based identity services. In: Cloud Computing Technology and Science (CloudCom), 2012 IEEE 4th International Conference on, pp. 241–248. IEEE (2012)

42.

Shirey, R.: Internet Security Glossary, Version 2. RFC 4949 (Informational), August (2007)

43.

Angin, P., Bhargava, B., Ranchal, R., Singh, N., Othmane, L.B., Lilien, L., Linderman, M.: An entity-centric approach for privacy and identity management in cloud computing. In: 29th IEEE Symposium on Reliable Distributed Systems, pp. 177–183 (2010)

44.

Ardagna, C.A., Camenisch, J., Kohlweiss, M., Leenes, R., Neven, G., Priem, B., Samarati, P., Sommer, D., Verdicchio, M.: Exploiting cryptography for privacy-enhanced access control: A result of the PRIME project. J. Comput. Secur. 18(1), 123–160 (2010)

45.

Dey, A., Weis, S.: PseudoID: Enhancing privacy in federated login. In: Hot Topics in Privacy Enhancing Technologies, pp. 95–107 (2010)

46.

Chow, S., He, Y.J., Hui, L., and Yiu, S.: SPICE-simple privacy-preserving identity-management for cloud environment. In: Applied Cryptography and Network Security, pp. 526–543. Springer (2012)

47.

Bertino, E., Paci, F., Ferrini, R., Shang, N.: Privacy-preserving digital identity management for cloud computing. Bull. IEEE Comput. Soc. Tech. Committ. Data Eng. 32(1), 21–27 (2009)

48.

Agudo, I., Nuñez, D., Giammatteo, G., Rizomiliotis, P., Lambrinoudakis, C.: Cryptography goes to the cloud. In: Secure and Trust Computing, Data Management, and Applications, pp. 190–197. Springer (2011)

49.

Kamara, S., Lauter, K.: Cryptographic cloud storage, pp. 136–149. Financial Cryptography and Data, Security (2010)

50.

System for cross-domain identity management. http://www.simplecloud.info/

Titel: BlindIdM: A privacy-preserving approach for identity management as a service
verfasst von: David Nuñez
Isaac Agudo
Publikationsdatum: 01.04.2014
Verlag: Springer Berlin Heidelberg
Erschienen in: International Journal of Information Security / Ausgabe 2/2014
Print ISSN: 1615-5262
Elektronische ISSN: 1615-5270
DOI: https://doi.org/10.1007/s10207-014-0230-4

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Technik"

Springer Professional "Wirtschaft+Technik"

Springer Professional "Wirtschaft"

Weitere Artikel der Ausgabe 2/2014

On detecting co-resident cloud instances using network flow watermarking techniques

Security issues in cloud environments: a survey

Enhanced GeoProof: improved geographic assurance for data in the cloud

Security in cloud computing

Security policy verification for multi-domains in cloud systems