Upload
umer-khalid
View
141
Download
2
Embed Size (px)
Citation preview
Department of Computing, School of Electrical Engineering and Computer
Sciences, NUST - Islamabad
KTH Applied
Information Security
Lab
Cloud based Secure and Privacy Enhanced Authentication &Authorization Protocol
Umer KhalidDr. Abdul Ghafoor AbbasiMisbah IrumDr. Awais Shibli
Department of Computing, School of Electrical Engineering and Computer
Sciences, NUST - Islamabad
KTH Applied
Information Security
Lab
Outline1. Introduction 2. Problems with existing security
mechanisms3. Selection of components4. Modifications5. Workflow6. Conclusion
Department of Computing, School of Electrical Engineering and Computer
Sciences, NUST - Islamabad
KTH Applied
Information Security
Lab
1. Introduction1. Introduction Traditional Security
Mechanisms– Authentication System
• Password Based Authentication• Kerberos • Zero knowledge Proofs
– Authorization • Access control• OTP
Department of Computing, School of Electrical Engineering and Computer
Sciences, NUST - Islamabad
KTH Applied
Information Security
Lab
2.Problems Easily compromised
– Lengthy passwords – Leakage risks– Based on a single factor– No anonymity
Solution – Multi factor authentication – Access control
Department of Computing, School of Electrical Engineering and Computer
Sciences, NUST - Islamabad
KTH Applied
Information Security
Lab
3. Solution Multi-factor authentication
– Based on what you have and what you posses:
• Certificates• PINs• Smart cards• Biometrics
Flexible Authorization– Access Control based on:
• Roles• Attributes• Combination of multiple conditions
Department of Computing, School of Electrical Engineering and Computer
Sciences, NUST - Islamabad
KTH Applied
Information Security
Lab
2.Problems Revisited Lengthy passwords Leakage risks Based on a single factor Anonymity
Identity information binding.Information only protected in transit.Still does not cater for anonymity.
Department of Computing, School of Electrical Engineering and Computer
Sciences, NUST - Islamabad
KTH Applied
Information Security
Lab
Current Challenges Different organizations are now shifting data
assets to the cloud such as:– E-Government – Health Care
Cloud offers significant cut down in infrastructure costs at the risk of:– Privacy (Identity Linking)– Data leakage
Problem gets further amplified as data owners are not the only ones with the data – Cloud service providers also posses the same data– Service provider can easily link identity information to this
data
Department of Computing, School of Electrical Engineering and Computer
Sciences, NUST - Islamabad
KTH Applied
Information Security
Lab
Design of a Anonymous Authentication & Authorization Protocol Choice of components:
Design a completely new approach Build on existing robust protocols Separate mechanisms for authentication and
authorization Modify the protocols to achieve anonymity
Authentication: Strong authentication based server with support for
anonymity Authorization:
XACML based PDP server for authorization PEP at multiple points
Department of Computing, School of Electrical Engineering and Computer
Sciences, NUST - Islamabad
KTH Applied
Information Security
Lab
Authentication Strong authentication server with
support for multi-factor authentication:
CertificatesRevocableTraceable
Partial Anonymity
CertificatesPINs
Smart cardsBiometrics
Department of Computing, School of Electrical Engineering and Computer
Sciences, NUST - Islamabad
KTH Applied
Information Security
Lab
Anonymous Digital Certificates
Certificate Anonymous Certificate
Department of Computing, School of Electrical Engineering and Computer
Sciences, NUST - Islamabad
KTH Applied
Information Security
Lab
Anonymous Digital Certificates
Department of Computing, School of Electrical Engineering and Computer
Sciences, NUST - Islamabad
KTH Applied
Information Security
Lab
Certificate based Strong Authentication
Client
SA Server
Department of Computing, School of Electrical Engineering and Computer
Sciences, NUST - Islamabad
KTH Applied
Information Security
Lab
Improvements
[Cert A]
Tok ID|RND B
LCA
IDMSTok ID|RND B|RND A
Department of Computing, School of Electrical Engineering and Computer
Sciences, NUST - Islamabad
KTH Applied
Information Security
Lab
2. Results 2. Results TAG Description Example
@author Identifies the author of a class.
@author Ali
@exception Identifies an exception thrown by a method
@exception exception-name explanation
@param Documents a method's parameter.
@param parameter-name explanation
@return Documents a method's return value.
Documents a method's return value.
@since States the release when a specific change was introduced.
@since release