Secure and Privacy Enhanced Authentication & Authorization Protocol in Cloud

Department of Computing, School of Electrical Engineering and Computer

Sciences, NUST - Islamabad

KTH Applied

Information Security

Lab

Cloud based Secure and Privacy Enhanced Authentication &Authorization Protocol

Umer KhalidDr. Abdul Ghafoor AbbasiMisbah IrumDr. Awais Shibli



KTH Applied


Lab

Outline1. Introduction 2. Problems with existing security

mechanisms3. Selection of components4. Modifications5. Workflow6. Conclusion



KTH Applied


Lab

1. Introduction1. Introduction Traditional Security

Mechanisms– Authentication System

• Password Based Authentication• Kerberos • Zero knowledge Proofs

– Authorization • Access control• OTP



KTH Applied


Lab

2.Problems Easily compromised

– Lengthy passwords – Leakage risks– Based on a single factor– No anonymity

Solution – Multi factor authentication – Access control



KTH Applied


Lab

3. Solution Multi-factor authentication

– Based on what you have and what you posses:

• Certificates• PINs• Smart cards• Biometrics

Flexible Authorization– Access Control based on:

• Roles• Attributes• Combination of multiple conditions



KTH Applied


Lab

2.Problems Revisited Lengthy passwords Leakage risks Based on a single factor Anonymity

Identity information binding.Information only protected in transit.Still does not cater for anonymity.



KTH Applied


Lab

Current Challenges Different organizations are now shifting data

assets to the cloud such as:– E-Government – Health Care

Cloud offers significant cut down in infrastructure costs at the risk of:– Privacy (Identity Linking)– Data leakage

Problem gets further amplified as data owners are not the only ones with the data – Cloud service providers also posses the same data– Service provider can easily link identity information to this

data



KTH Applied


Lab

Design of a Anonymous Authentication & Authorization Protocol Choice of components:

Design a completely new approach Build on existing robust protocols Separate mechanisms for authentication and

authorization Modify the protocols to achieve anonymity

Authentication: Strong authentication based server with support for

anonymity Authorization:

XACML based PDP server for authorization PEP at multiple points



KTH Applied


Lab

Authentication Strong authentication server with

support for multi-factor authentication:

CertificatesRevocableTraceable

Partial Anonymity

CertificatesPINs

Smart cardsBiometrics



KTH Applied


Lab

Anonymous Digital Certificates

Certificate Anonymous Certificate



KTH Applied


Lab

Anonymous Digital Certificates



KTH Applied


Lab

Certificate based Strong Authentication

Client

SA Server



KTH Applied


Lab

Improvements

[Cert A]

Tok ID|RND B

LCA

IDMSTok ID|RND B|RND A



KTH Applied


Lab

2. Results 2. Results TAG Description Example

@author Identifies the author of a class.

@author Ali

@exception Identifies an exception thrown by a method

@exception exception-name explanation

@param Documents a method's parameter.

@param parameter-name explanation

@return Documents a method's return value.

Documents a method's return value.

@since States the release when a specific change was introduced.

@since release