1 / 27

Cross-domain Identity Management System for Cloud Environment ( )

Cross-domain Identity Management System for Cloud Environment ( ). November 5, 2013. Healthcare as a case study. Agenda. Introduction Motivation Contributions Research Methodology Implementation Demonstration Future Directions References.

zahur
Download Presentation

Cross-domain Identity Management System for Cloud Environment ( )

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Cross-domain Identity Management System for Cloud Environment( ) November 5, 2013 Healthcare as a case study

  2. Agenda Introduction Motivation Contributions Research Methodology Implementation Demonstration Future Directions References

  3. Introduction : Identity is at the Core of Every Service User Provisioning & De-provisioning Authentication Authorization Federated Identity Management Single-Sign-On Self-service Access Right Delegation Identity Info. Synchronization Auditing and Reporting

  4. Challenges for IDMSs in Cloud Authorization Authentication Auditing & Accountability Self-Service Identification Privacy Access Right Delegation

  5. Literature Review - State-of-the-Art Security Perspective Industrial Perspective • Conference & Journal papers • Cloud Identity Management • Pressing Need of securing Identity credentials at Cloud • International IDMS Security Standards • Emerging Security Trends • Widely Adopted Security Standards • Best Practices • State-of-the-art Technologies • UnboundID • Hitachi ID • ORACLE Identity Management • Ping Identity • RSA- Secure ID • Kantara Initiative • Okta • Symplified - The Cloud Security Experts

  6. Research Methodology

  7. Cont..

  8. Problem Statement In order to address the security, interoperability, and privacy concerns in Cloud domain we are proposing SCIM based cross-domain Identity Management System for Cloud environment that will ensure seamless integration and utilization of identity credentials. In addition to basic identity management features, we intend to provide advanced security features including access right delegation, communication level security, synchronization and self-service in Cloud computing scenarios.

  9. Contribution Our Contribution is twofold, which includes: Establishment of a benchmark to ensure the security of Identity credentials at Cloud. Implementation of cross-domain Identity Management System for Cloud, in particular of enhancing SCIM open source protocol.

  10. Research Perspective Survey Paper UmmeHabiba, A. GhafoorAbbasi, RahatMasood, M. AwaisShibli, “Assessment Criteria for Cloud Identity Management Systems”, Proceedings of The 19th IEEE Pacific Rim International Symposium on Dependable Computing (PRDC-2013), Vancouver, BC, Canada, December 2-4, 2013 Conceptual Paper UmmeHabiba, RahatMasood, M. AwaisShibli, “Cross-domain Identity Management Systems for Cloud”, In the proceedings of 22nd Euromicro International Conference on Parallel, Distributed and Network-based Processing (PDP-2014), Turin , Italy, February 12-14, 2014.

  11. Proposed Benchmark

  12. Implementation Perspective Implement a secure Identity management system based on underlying SCIM protocol to ensure: Credentials Synchronization across CSPs. Communication level security. User-centricity (Privacy concerns).

  13. SCIM features by UnboundID

  14. Why UnbounID SCIM Reference SDK ? Unbound SCIM SDK is Open source Customizable Widely adopted User friendly Generic

  15. Development Toolkit Netbeans IDE 7.3.1 (JAVA) MySQL Workbench 5.2 CE Apache Maven 3.0.5 Jetty web Server UnboundID SCIM SDK Crypto Java API RESTful Architecture Style JSON (Data Exchange Format)

  16. Access Right Delegation Communication Protocol – HTTP (RESTful API) Authentication & Authorization Server (XACML) Identity Management System (SCIM) Synchronization Self-Service A/C Management De- provisioning Provisioning Identity Data Store (MySQL Server) Layered Architecture

  17. Proposed Design

  18. Proposal for Access Right Delegation

  19. MySQL DB Decrypt Unmarshaller SCIM Method Domain 1 Domain 2 REST based SCIM Endpoint SCIM SDK Detailed Work flow Response SCIM Service CSP1 CSP2 SCIM Endpoint //localhost:8080 //localhost:8081 MySQL DB Jetty Server Jetty Server CSC

  20. Goals achieved from IDMS perspective Credentials synchronization across CSPs. Communication level security Interoperability User-centricity (Privacy)

  21. Protocol Enhancements Unbound SCIM SDK Enhanced SCIM • Single SCIM Endpoint • SCIM Schema • SDK for CRUD • GUI • Encryption – AES • JSON Marshaller/Unmarshaller • RESTful Architecture style • Dual SCIM Endpoint • Synchronization

  22. Implementation Demo Cross-domain Identity Management System for Cloud environment- Healthcare as a Case Study

  23. Enhanced SCIM Protocol – Healthcare as a Case-study Application Layer Business LogicLayer Component Diagram Posted to CSP2 StorageLayer SCIM Doctor Interface MySQL DB Encryption SCIM SDK Encryption/ Decryption Module V/U My Profile V/U Patient Details SCIM Administrator Interface User Provisioning , De-provisioning, A/C Management Decryption Key Key Management Server SCIM Patient Interface V/U My Profile

  24. Research Directions Implementation of Access Right Delegation Module using XACML Implementation of Key-management server Consumer Cloud -- User-Centric Identity Management with SAML based SSO-Authentication

  25. References • Antonio Celesti, Francesco Tusa, Massimo Villari and Antonio Puliafito, “Security and Cloud Computing: InterCloud Identity Management Infrastructure” , Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises, Larissa- Greece 2010. • Liang Yan, ChunmingRong, and Gansen Zhao, "Strengthen Cloud Computing Security with Federal Identity Management Using Hierarchical Identity-Based Cryptography", Springer 1st International Conference on Cloud Computing, Beijing-China 2009. • Il Kon Kim, Zeeshan Pervez, AsadMasoodKhattak and Sungyoung Lee, “Chord Based Identity Management for e-Healthcare Cloud Applications”, 10th Annual International Symposium on Applications and the Intern IEEE, Seoul-Korea 2010. • David W Chadwick and MatteoCasenove, “Security APIs for My Private Cloud Granting access to anyone, from anywhere at any time”, Third IEEE International Conference on Coud Computing Technology and Science, Athens-Greece 2011. • AnuGopalakrishnan, "Cloud Computing Identity Management", SETLabs Briefings VOL 7 NO 7, Business Innovation through Technology, 2009. • Yang Zhang and Jun-Liang Chen, “A Delegation Solution for Universal Identity Management in SOA”, IEEE Transactions On Services Computing, Vol. 4, No. 1, January-March 2011 • R. Sánchez et al., “Enhancing Privacy and Dynamic Federation in IdM for Consumer Cloud Computing”, IEEE Transactions on Consumer Electronics, Vol. 58, No. 1, February 2012 • RohitRanchal, Bharat Bhargava, Lotfi Ben Othmane and LeszekLilien, “Protection of Identity Information in Cloud Computing without Trusted Third Party”, Published in 29th IEEE International Symposium on Reliable Distributed Systems, New Delhi-India 2010. • Mika¨elAtes, Serge Ravet, AbakarMohamatAhmat and Jacques Fayolle, “An Identity-Centric Internet: Identity in the Cloud,Identity as a Service and other delights”, Sixth International Conference on Availability, Reliability and Security, Vienna-Austria 2011.

  26. Cont.. • Mohammad M. R. Chowdhury, Josef Noll, “Distributed Identity for Secure Service Interaction”, Proceedings of the Third International Conference on Wireless and Mobile Communications (ICWMC'07), Guadeloupe 2007. • AmlanJyotiChoudhury, Pardeep Kumar, MangalSain, Hyotaek Lim and Hoon Jae-Lee, “A Strong User Authentication Framework for Cloud Computing” , IEEE Asia -Pacific Services Computing Conference, Jeju Island-South Korea 2011. • Albeshri, A, and W Caelli. "Mutual Protection in a Cloud Computing Environment", IEEE 12th International Conference on High Performance Computing and Communications, 2010. • Yuan Cao, , and Lin Yang. "A Survey of Identity Management Technology", IEEE International Conference on Information Theory and Information Security, 2010. • Song Luo, Jianbin Hu* and Zhong Chen, “An Identity-Based One-Time Password Scheme with Anonymous Authentication”, International Conference on Networks Security, Wireless Communications and Trusted Computing, Wuhan, Hubei –China 2009. • Yang Zhang Jun-Liang Chen, “Universal Identity Management Model Based on Anonymous Credentials”, IEEE International Conference on Services Computing, Miami-Florida 2010 • PelinAngin, Bharat Bhargava, Mark Linderman and LeszekLilien,"An Entity-centric Approach for Privacy and Identity Management in Cloud Computing", 29th IEEE International Symposium on Reliable Distributed Systems, New Delhi-India 2010.

  27. Special Thanks to my Supervisor and committee members..

More Related