Privacy and Identity Management in Cloud
Download
1 / 34

Privacy and Identity Management in Cloud - PowerPoint PPT Presentation


  • 89 Views
  • Uploaded on

Privacy and Identity Management in Cloud. Rohit Ranchal, Bharat Bhargava, Pelin Angin, Noopur Singh, Lotfi Ben Othmane, Leszek Lilien Department of Computer Science Purdue University, Western Michigan University {rranchal, bbshail}@purdue.edu, [email protected] Mark Linderman

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' Privacy and Identity Management in Cloud' - randall-randall


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

Privacy and Identity Management in Cloud

Rohit Ranchal, Bharat Bhargava, Pelin Angin, Noopur Singh,

Lotfi Ben Othmane, Leszek Lilien

Department of Computer Science

Purdue University, Western Michigan University

{rranchal, bbshail}@purdue.edu, [email protected]

Mark Linderman

[email protected]

Air Force Research Laboratory

Rome, NY, USA

This research was supported by AFRL Rome, USA and NGC


Outline
Outline

  • Motivation

  • Identity Management (IDM)

  • Goals of Proposed User-Centric IDM

  • Mechanisms

  • Description of proposed solution

  • Advantages of the Proposed Scheme

  • Conclusion & Future Work

  • References

  • Questions?


Motivation
Motivation

User on Amazon Cloud

  • Name

  • E-mail

  • Password

  • Billing Address

  • Shipping Address

  • Credit Card

  • Name

  • Billing Address

  • Credit Card

  • Name

  • E-mail

  • Password

  • Billing Address

  • Shipping Address

  • Credit Card

  • Name

  • E-mail

  • Shipping Address

  • Name

  • E-mail

  • Shipping Address


Motivation1
Motivation

User on Amazon Cloud

  • Name

  • E-mail

  • Password

  • Billing Address

  • Shipping Address

  • Credit Card

  • Name

  • Billing Address

  • Credit Card

  • Name

  • E-mail

  • Password

  • Billing Address

  • Shipping Address

  • Credit Card

  • Name

  • E-mail

  • Shipping Address

  • Name

  • E-mail

  • Shipping Address


Motivation2
Motivation

  • The migration of web applications to Cloud computing platform has raised concerns about the privacy of sensitive data belonging to the consumers of cloud services.

  • How can consumers verify that a service provider conform to the privacy laws and protect consumer’s digital identity.

  • The username/password security token used by most service providers to authenticate consumers, leaves the consumer vulnerable to phishing attacks.

  • The solution to address the above problems can be the use of an Identity Management (IDM) System. The solution should help the consumer in making a proactive choice about how and what personal information they disclose, control how their information can be used, cancel their subscription to the service, and monitor to verify that a service provider applies required privacy policies.


Identity management idm
Identity Management (IDM)

  • IDM in traditional application-centric IDM model

    • Each service keeps track of identifying information of its users.

  • Existing IDM Systems

    • Microsoft Windows CardSpace [W. A. Alrodhan]

    • OpenID [http://openid.net]

    • PRIME [S. F. Hubner, Karlstad Univ]

      These systems require atrusted third party and do not work on

      an untrusted host.

      If Trusted Third Party is compromised, all the identifying information

      of the users is also compromised leading to serious problems like

      Identity Theft.

      [AT&T iPad leak]


Identity management idm1
Identity Management (IDM)

  • Microsoft Windows CardSpace

    Windows CardSpace is an Identity-metasystem which provides a way, for managing multiple digital identities of a user. It is claims based access platform/ architecture, developed for windows XP. It uses a plug-in for Internet explorer 7 browser.

  • OpenID

    With OpenID a user uses one username and one password to access many web applications. The user authenticate to an OpenID server to get his/her OpenID token in order to authenticate itself to web applications.

  • PRIME (Privacy and Identity Management for Europe)

    PRIME, is an application -the PRIME Console middleware running on a user’s machine, It handles management and disclosure of personal data for the user.


Idm in cloud computing
IDM in Cloud Computing

  • Cloud introduces several issues to IDM

    • Collusion between Cloud Services

      • Users have multiple accounts associated with multiple service providers.

      • Sharing sensitive identity information between services can lead to undesirable mapping of the identities to the user.

    • Lack of trust

      • Cloud hosts are untrusted

      • Use of Trusted Third Party is not an option

    • Loss of control

      • Service-centric IDM Model

        IDM in Cloud needs to be user-centric


Goals of proposed user centric idm for the cloud
Goals of Proposed User-Centric IDM for the Cloud

  • Authenticate without disclosing identifying information

  • Ability to securely use a service while on an untrusted host (VM on the cloud)

  • Minimal disclosure and minimized risk of disclosure during communication between user and service provider (Man in the Middle, Side Channel and Correlation Attacks)

  • Independence of Trusted Third Party for identity information


Mechanisms in proposed idm
Mechanisms in Proposed IDM

  • Active Bundle [L. Othmane, R. Ranchal]

  • Anonymous Identification [A. Shamir]

  • Computing Predicates with encrypted data [E. Shi]

  • Multi-Party Computing [A. Shamir]

  • Selective Disclosure [B. Laurie]


Active bundle
Active Bundle

  • Active bundle (AB)

    • An encapsulating mechanism protectingdatacarried withinit

    • Includes data

    • Includes metadataused for managing confidentiality

      • Both privacy of data and privacy of the whole AB

    • Includes Virtual Machine (VM)

      • performing a set of operations

      • protectingits confidentiality

  • Active Bundles—Operations

    • Self-Integrity check

      E.g., Uses a hash function

    • Evaporation/ Filtering

      Self-destroys (a part of) AB’s sensitive data when threatened with a disclosure

    • Apoptosis

      Self-destructs AB’s completely


Active bundle scheme
Active Bundle Scheme

  • Metadata:

    • Access control policies

    • Data integrity checks

    • Dissemination policies

    • Life duration

    • ID of a trust server

    • ID of a security server

    • App-dependent information

  • E(Name)

  • E(E-mail)

  • E(Password)

  • E(Shipping Address)

  • E(Billing Address)

  • E(Credit Card)

  • Sensitive Data:

    • Identity Information

    • ...

  • Virtual Machine (algorithm):

    • Interprets metadata

    • Checks active bundle integrity

    • Enforces access and dissemination control policies

* E( ) - Encrypted Information


Anonymous identification
Anonymous Identification

  • Use of Zero-knowledge proofing for user authentication without disclosing its identifier.

User on Amazon Cloud

ZKP Interactive Protocol

User Request for service

Function f and number k

  • E-mail

  • Password

fk(E-mail, Password) = R

  • E-mail

  • Password

Authenticated


Interaction using active bundle
Interaction using Active Bundle

AB information disclosure

Active Bundle Destination

User Application

Active Bundle

Active Bundle Creator

Active

Bundle (AB)

Audit Services

Agent (ASA)

Security Services

Agent (SSA)

Directory

Facilitator

Trust Evaluation

Agent (TEA)

Active Bundle Coordinator

Active Bundle Services


Predicate over encrypted data
Predicate over Encrypted Data

  • Verification without disclosing unencrypted identity data.

Predicate Request*

  • E-mail

  • Password

  • E(Name)

  • E(Shipping Address)

  • E(Billing Address)

  • E(Credit Card)

  • E(Name)

  • E(Billing Address)

  • E(Credit Card)

  • *Age Verification Request

  • *Credit Card Verification Request


Multi party computing
Multi-Party Computing

  • To become independent of a trusted third party

    • Multiple Services hold shares of the secret key

    • Minimize the risk

Predicate Request

  • E(Name)

  • E(Billing Address)

  • E(Credit Card)

K’1

K’2

K’3

K’n

Key Management Services

  • * Decryption of information is handled by the Key Management services


Multi party computing1
Multi-Party Computing

  • To become independent of a trusted third party

    • Multiple Services hold shares of the secret key

    • Minimize the risk

Predicate Reply*

  • Name

  • Billing Address

  • Credit Card

K’1

K’2

K’3

K’n

Key Management Services

  • *Age Verified

  • *Credit Card Verified


Selective disclosure
Selective Disclosure

  • User Policies in the Active Bundle dictate dissemination

Selective disclosure*

  • E-mail

  • Password

  • E(Name)

  • E(Shipping Address)

  • E(Billing Address)

  • E(Credit Card)

  • E-mail

  • E(Name)

  • E(Shipping Address)

*e-bay shares the encrypted information based on the user policy


Selective disclosure1
Selective Disclosure

Selective disclosure*

  • E-mail

  • E(Name)

  • E(Shipping Address)

  • E(Name)

  • E(Shipping Address)

*e-bay seller shares the encrypted information based on the user policy


Selective disclosure2
Selective Disclosure

Selective disclosure

  • E-mail

  • E(Name)

  • E(Shipping Address)

  • Name

  • Shipping Address

  • Decryption handled by Multi-Party Computing as in the previous slides


Selective disclosure3
Selective Disclosure

Selective disclosure

  • E-mail

  • E(Name)

  • E(Shipping Address)

  • Name

  • Shipping Address

  • Fed-Ex can now send the package to the user


Identity in the cloud
Identity in the Cloud

User on Amazon Cloud

  • E-mail

  • Password

  • Name

  • Billing Address

  • Credit Card

  • Name

  • E-mail

  • Password

  • Billing Address

  • Shipping Address

  • Credit Card

  • E-mail

  • Name

  • Shipping Address


Characteristics and advantages
Characteristics and Advantages

  • Ability to use Identity data on untrusted hosts

    • Self Integrity Check

    • Integrity compromised- apoptosis or evaporation

    • Data should not be on this host

  • Establishes the trust of users in IDM

    • Through putting the user in control of who has his data and how is is used

    • Identity is being used in the process of authentication, negotiation, and data exchange.

  • Independent of Third Party for Identity Information

    • Minimizes correlation attacks

  • Minimal disclosure to the SP

    • SP receives only necessary information.


Conclusion future work
Conclusion & Future Work

  • Problems with IDM in Cloud Computing

    • Collusion of Identity Information

    • Prohibited Untrusted Hosts

    • Usage of Trusted Third Party

  • Proposed Approaches

    • IDM based on Anonymous Identification

    • IDM based on Predicate over Encrypted data

    • IDM based on Multi-Party Computing

  • Future work

    • Develop the prototype, conduct experiments and evaluate the approach


References
References

[1] C. Sample and D. Kelley. Cloud Computing Security: Routing and DNS Threats, http://www.securitycurve.com/wordpress/, June 23,2009.

[2] W. A. Alrodhan and C. J. Mitchell. Improving the Security of CardSpace, EURASIP Journal on Information Security Vol. 2009, doi:10.1155/2009/167216, 2009.

[3] OPENID, http://openid.net/, 2010.

[4] S. F. Hubner. HCI work in PRIME, https://www.prime-project.eu/, 2008.

[5] A. Gopalakrishnan, Cloud Computing Identity Management, SETLabsBriefings, Vol7, http://www.infosys.com/research/, 2009.

[6] A. Barth, A. Datta, J. Mitchell  and H. Nissenbaum.Privacy and Contextual Integrity: Framework and Applications, Proc. of the 2006 IEEE Symposium on Security and Privacy, 184-198.

[7] L. Othmane, Active Bundles for Protecting Confidentiality of Sensitive Data throughout Their Lifecycle, PhD Thesis, Western Michigan Univ, 2010.

[8] A. Fiat and A. Shamir, How to prove yourself: Practical Solutions to Identification and Signature Problems, CRYPTO, 1986.

[9] A. Shamir, How to Share a Secret, Communications of the ACM, 1979.

[10] M. Ben-Or, S. Goldwasser and A. Wigderson, Completeness theorems for non-cryptographic fault-tolerant distributed computation, ACM Symposium on Theory of Computing, 1988.

[11] E. Shi, Evaluating Predicates over Encrypted Data, PhD Thesis, CMU, 2008.


Thank you!

Any question?


Approach 1
Approach - 1

  • IDM Wallet:

    • Use of AB scheme to protect PII from untrusted hosts.

  • Anonymous Identification:

    • Use of Zero-knowledge proofing for authentication of an entity without disclosing its identifier.


Components of active bundle approach 1
Components of Active Bundle (Approach – 1)

  • Identity data: Data used during authentication, getting service, using service (i.e. SSN, Date of Birth).

  • Disclosure policy: A set of rules for choosing Identity data from a set of identities in IDM Wallet.

  • Disclosure history: Used for logging and auditing purposes.

  • Negotiation policy: This is Anonymous Identification, based on the Zero Knowledge Proofing.

  • Virtual Machine: Code for protecting data on untrusted hosts. It enforces the disclosure policies.


Anonymous identification approach 1
Anonymous Identification (Approach – 1)

Anonymous Identification

(Shamir's approach for Credit Cards)

  • IdP provides Encrypted Identity Information to the user and SP.

  • SP and User interact

  • Both run IdP's public function on the certain bits of the Encrypted data.

  • Both exchange results and agree if it matches.



Approach 2
Approach - 2

  • Active Bundle scheme to protect PII from untrusted hosts

  • Predicates over encrypted data to authenticate without disclosing unencrypted identity data.

  • Multi-party computing to be independent of a trusted third party


Usage scenario approach 2
Usage Scenario (Approach – 2)

  • Owner O encrypts Identity Data(PII) using algorithm Encrypt and O’s public key PK. Encrypt outputs CT—the encrypted PII.

  • SP transforms his request for PII to a predicate represented by function p.

  • SP sends shares of p to the n parties who hold the shares of MSK.

  • n parties execute together KeyGen using PK, MSK, and p, and return TKp to SP.

  • SP calls the algorithm Query that takes as input PK, CT, TKp and produces p(PII) which is the evaluation of the predicate.

  • The owner O is allowed to use the service only when the predicate evaluates to “true”.


Representation of identity information for negotiation
Representation of identity information for negotiation

  • Token/Pseudonym

  • Identity Information in clear plain text

  • Active Bundle


Motivation authentication process using pii
Motivation: Authentication Process using PII

Problem: Which information to disclose and how to disclose it.


ad