1 / 14

Cloud based Secure and Privacy Enhanced Authentication & Authorization Protocol

Cloud based Secure and Privacy Enhanced Authentication & Authorization Protocol. Umer Khalid Dr. Abdul Ghafoor Abbasi Misbah Irum Dr. Awais Shibli. Outline. Introduction Problems with existing security mechanisms Selection of components Modifications Workflow Conclusion.

vince
Download Presentation

Cloud based Secure and Privacy Enhanced Authentication & Authorization Protocol

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Cloud based Secure and Privacy Enhanced Authentication &Authorization Protocol Umer Khalid Dr. Abdul Ghafoor Abbasi Misbah Irum Dr. Awais Shibli

  2. Outline Introduction Problems with existing security mechanisms Selection of components Modifications Workflow Conclusion

  3. 1. Introduction • Traditional Security Mechanisms • Authentication System • Password Based Authentication • Kerberos • Zero knowledge Proofs • Authorization • Access control • OTP

  4. 2.Problems • Easily compromised • Lengthy passwords • Leakage risks • Based on a single factor • No anonymity • Solution • Multi factor authentication • Access control

  5. 3. Solution • Multi-factor authentication • Based on what you have and what you posses: • Certificates • PINs • Smart cards • Biometrics • Flexible Authorization • Access Control based on: • Roles • Attributes • Combination of multiple conditions

  6. 2.Problems Revisited • Identity information binding. • Information only protected in transit. • Still does not cater for anonymity. • Lengthy passwords • Leakage risks • Based on a single factor • Anonymity

  7. Current Challenges • Different organizations are now shifting data assets to the cloud such as: • E-Government • Health Care • Cloud offers significant cut down in infrastructure costs at the risk of: • Privacy (Identity Linking) • Data leakage • Problem gets further amplified as data owners are not the only ones with the data • Cloud service providers also posses the same data • Service provider can easily link identity information to this data

  8. Design of a Anonymous Authentication & Authorization Protocol • Choice of components: • Design a completely new approach • Build on existing robust protocols • Separate mechanisms for authentication and authorization • Modify the protocols to achieve anonymity • Authentication: • Strong authentication based server with support for anonymity • Authorization: • XACML based PDP server for authorization • PEP at multiple points

  9. Authentication • Certificates • Revocable • Traceable • Partial Anonymity • Certificates • PINs • Smart cards • Biometrics Strong authentication server with support for multi-factor authentication:

  10. Anonymous Digital Certificates Anonymous Certificate Certificate

  11. Anonymous Digital Certificates

  12. Certificate based Strong Authentication SA Server Client

  13. Improvements [Cert A] LCA Tok ID|RND B Tok ID|RND B|RND A IDMS

  14. 2. Results

More Related