cloud based secure and privacy enhanced authentication & authorization protocol
DESCRIPTION
Cloud based Secure and Privacy Enhanced Authentication & Authorization Protocol. Umer Khalid Dr. Abdul Ghafoor Abbasi Misbah Irum Dr. Awais Shibli. Outline. Introduction Problems with existing security mechanisms Selection of components Modifications Workflow Conclusion. - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: Cloud based Secure and Privacy Enhanced Authentication & Authorization Protocol](https://reader035.vdocuments.net/reader035/viewer/2022062519/568156f5550346895dc49a99/html5/thumbnails/1.jpg)
Department of Computing, School of Electrical Engineering and Computer
Sciences, NUST - Islamabad
KTH Applied
Information Security
Lab
Cloud based Secure and Privacy Enhanced Authentication &Authorization Protocol
Umer Khalid
Dr. Abdul Ghafoor Abbasi
Misbah Irum
Dr. Awais Shibli
![Page 2: Cloud based Secure and Privacy Enhanced Authentication & Authorization Protocol](https://reader035.vdocuments.net/reader035/viewer/2022062519/568156f5550346895dc49a99/html5/thumbnails/2.jpg)
Department of Computing, School of Electrical Engineering and Computer
Sciences, NUST - Islamabad
KTH Applied
Information Security
Lab
Outline
1. Introduction 2. Problems with existing security
mechanisms3. Selection of components4. Modifications5. Workflow6. Conclusion
![Page 3: Cloud based Secure and Privacy Enhanced Authentication & Authorization Protocol](https://reader035.vdocuments.net/reader035/viewer/2022062519/568156f5550346895dc49a99/html5/thumbnails/3.jpg)
Department of Computing, School of Electrical Engineering and Computer
Sciences, NUST - Islamabad
KTH Applied
Information Security
Lab
1. Introduction1. Introduction
Traditional Security Mechanisms– Authentication System
• Password Based Authentication• Kerberos • Zero knowledge Proofs
– Authorization • Access control• OTP
![Page 4: Cloud based Secure and Privacy Enhanced Authentication & Authorization Protocol](https://reader035.vdocuments.net/reader035/viewer/2022062519/568156f5550346895dc49a99/html5/thumbnails/4.jpg)
Department of Computing, School of Electrical Engineering and Computer
Sciences, NUST - Islamabad
KTH Applied
Information Security
Lab
2.Problems
Easily compromised– Lengthy passwords – Leakage risks– Based on a single factor– No anonymity
Solution – Multi factor authentication – Access control
![Page 5: Cloud based Secure and Privacy Enhanced Authentication & Authorization Protocol](https://reader035.vdocuments.net/reader035/viewer/2022062519/568156f5550346895dc49a99/html5/thumbnails/5.jpg)
Department of Computing, School of Electrical Engineering and Computer
Sciences, NUST - Islamabad
KTH Applied
Information Security
Lab
3. Solution Multi-factor authentication
– Based on what you have and what you posses:
• Certificates• PINs• Smart cards• Biometrics
Flexible Authorization– Access Control based on:
• Roles• Attributes• Combination of multiple conditions
![Page 6: Cloud based Secure and Privacy Enhanced Authentication & Authorization Protocol](https://reader035.vdocuments.net/reader035/viewer/2022062519/568156f5550346895dc49a99/html5/thumbnails/6.jpg)
Department of Computing, School of Electrical Engineering and Computer
Sciences, NUST - Islamabad
KTH Applied
Information Security
Lab
2.Problems Revisited Lengthy passwords Leakage risks Based on a single factor Anonymity
Identity information binding.Information only protected in transit.Still does not cater for anonymity.
![Page 7: Cloud based Secure and Privacy Enhanced Authentication & Authorization Protocol](https://reader035.vdocuments.net/reader035/viewer/2022062519/568156f5550346895dc49a99/html5/thumbnails/7.jpg)
Department of Computing, School of Electrical Engineering and Computer
Sciences, NUST - Islamabad
KTH Applied
Information Security
Lab
Current Challenges Different organizations are now shifting data
assets to the cloud such as:– E-Government – Health Care
Cloud offers significant cut down in infrastructure costs at the risk of:– Privacy (Identity Linking)
– Data leakage Problem gets further amplified as data owners
are not the only ones with the data – Cloud service providers also posses the same data– Service provider can easily link identity information to this
data
![Page 8: Cloud based Secure and Privacy Enhanced Authentication & Authorization Protocol](https://reader035.vdocuments.net/reader035/viewer/2022062519/568156f5550346895dc49a99/html5/thumbnails/8.jpg)
Department of Computing, School of Electrical Engineering and Computer
Sciences, NUST - Islamabad
KTH Applied
Information Security
Lab
Design of a Anonymous Authentication & Authorization Protocol Choice of components:
Design a completely new approach Build on existing robust protocols Separate mechanisms for authentication and
authorization Modify the protocols to achieve anonymity
Authentication: Strong authentication based server with support for
anonymity Authorization:
XACML based PDP server for authorization PEP at multiple points
![Page 9: Cloud based Secure and Privacy Enhanced Authentication & Authorization Protocol](https://reader035.vdocuments.net/reader035/viewer/2022062519/568156f5550346895dc49a99/html5/thumbnails/9.jpg)
Department of Computing, School of Electrical Engineering and Computer
Sciences, NUST - Islamabad
KTH Applied
Information Security
Lab
Authentication
Strong authentication server with support for multi-factor authentication:
CertificatesRevocableTraceable
Partial Anonymity
CertificatesPINs
Smart cardsBiometrics
![Page 10: Cloud based Secure and Privacy Enhanced Authentication & Authorization Protocol](https://reader035.vdocuments.net/reader035/viewer/2022062519/568156f5550346895dc49a99/html5/thumbnails/10.jpg)
Department of Computing, School of Electrical Engineering and Computer
Sciences, NUST - Islamabad
KTH Applied
Information Security
Lab
Anonymous Digital Certificates
Certificate Anonymous Certificate
![Page 11: Cloud based Secure and Privacy Enhanced Authentication & Authorization Protocol](https://reader035.vdocuments.net/reader035/viewer/2022062519/568156f5550346895dc49a99/html5/thumbnails/11.jpg)
Department of Computing, School of Electrical Engineering and Computer
Sciences, NUST - Islamabad
KTH Applied
Information Security
Lab
Anonymous Digital Certificates
![Page 12: Cloud based Secure and Privacy Enhanced Authentication & Authorization Protocol](https://reader035.vdocuments.net/reader035/viewer/2022062519/568156f5550346895dc49a99/html5/thumbnails/12.jpg)
Department of Computing, School of Electrical Engineering and Computer
Sciences, NUST - Islamabad
KTH Applied
Information Security
Lab
Certificate based Strong Authentication
Client
SA Server
![Page 13: Cloud based Secure and Privacy Enhanced Authentication & Authorization Protocol](https://reader035.vdocuments.net/reader035/viewer/2022062519/568156f5550346895dc49a99/html5/thumbnails/13.jpg)
Department of Computing, School of Electrical Engineering and Computer
Sciences, NUST - Islamabad
KTH Applied
Information Security
Lab
Improvements
[Cert A]
Tok ID|RND B
LCA
IDMSTok ID|RND B|RND A
![Page 14: Cloud based Secure and Privacy Enhanced Authentication & Authorization Protocol](https://reader035.vdocuments.net/reader035/viewer/2022062519/568156f5550346895dc49a99/html5/thumbnails/14.jpg)
Department of Computing, School of Electrical Engineering and Computer
Sciences, NUST - Islamabad
KTH Applied
Information Security
Lab
2. Results 2. Results
TAG Description Example
@author Identifies the author of a class.
@author Ali
@exception Identifies an exception thrown by a method
@exception exception-name explanation
@param Documents a method's parameter.
@param parameter-name explanation
@return Documents a method's return value.
Documents a method's return value.
@since States the release when a specific change was introduced.
@since release