Abstract
Reliable and secure user identification and authentication are key enablers for regulating access to protected online services. Since cloud computing gains more and more importance, identification and authentication in and across clouds play an increasing role in this domain too. Currently, existing web identity management models are often just mapped to the cloud domain. Besides, within recent years several cloud identity management models such as the cloud identity broker-model have emerged. In the aforementioned model, an identity broker in the cloud acts as hub between various service and identity providers. While this seems to be a promising approach for adopting identity management in cloud computing, still some problems can be identified. A notable issue is the dependency of users and service providers on the same central broker for identification and authentication processes. Additionally, letting an identity broker store or process sensitive data such as identity information in the cloud brings up new issues, in particular with respect to user’s privacy. To overcome these problems, we propose a new cloud identity management model based on the federation between different cloud identity brokers. Thereby, users and service providers can select their favorite cloud identity broker without being dependent on one and the same broker. Moreover, it enhances user’s privacy by the use of appropriate cryptographic mechanisms and in particular proxy re-encryption. Besides introducing the model we also provide a proof of concept implementation thereof.
Chapter PDF
Similar content being viewed by others
Keywords
References
Ateniese, G., Fu, K., Green, M., Hohenberger, S.: Improved proxy re-encryption schemes with appl. to secure distributed storage. ACM Trans. Inf. Syst. Secur. 9(1), 1–30 (2006)
Bauer, M., Meints, M., Hansen, M.: D3.1: Structured Overview on Prototypes and Concepts of Identity Management System. FIDIS (2005)
Bertino, E., Takahashi, K.: Identity Management: Concepts, Technologies, and Systems. Artech House (2011)
Cantor, S., Hirsch, F., Kemp, J., Philpott, R., Maler, E.: Bindings for the OASIS Security Assertion Markup Language (SAML) V2.0. OASIS (2009)
Cantor, S., Kemp, J., Philpott, R., Maler, E.: Assertions and Protocols for the OASIS Security Assertion Markup Language (SAML) V2.0. OASIS (2009)
De Clercq, J.: Single sign-on architectures. In: Davida, G.I., Frankel, Y., Rees, O. (eds.) InfraSec 2002. LNCS, vol. 2437, pp. 40–58. Springer, Heidelberg (2002)
Cloud Security Alliance: Security Guidance for Critical Areas of Focus in Cloud Computing V3.0. Csa (2011)
Gopalakrishnan, A.: Cloud Computing Identity Management. SETLabs Briefings 7(7), 45–55 (2009)
Goulding, J.T.: Identity and access management for the cloud: CA Technologies strategy and vision. Tech. Rep. May, CA Technologies (2010)
Hulsebosch, B., Lenzini, G., Eertink, H.: STORK D2.3 - Quality authenticator scheme. Tech. rep., STORK (March 2009)
Alcalde-Morano, J., et al.: STORK D5.8.3b Interface Specification. STORK (2011)
JTC1/SC27: ISO/IEC DIS 29115 - Information technology – Security techniques – Entity authentication assurance framework (2013)
Leitold, H., Zwattendorfer, B.: STORK: Architecture, Implementation and Pilots. In: ISSE, pp. 131–142 (2010)
Nuñez, D., Agudo, I., Lopez, J.: Integrating OpenID with Proxy Re-Encryption to enhance privacy in cloud-based identity services. In: CloudCom, pp. 241–248 (2012)
Pearson, S., Benameur, A.: Privacy, Security and Trust Issues Arising from Cloud Computing. In: IEEE CloudCom, pp. 693–702 (November 2010)
Burr, W.E., et al.: SP 800-63-1. Elec.Authentication Guideline (2011)
Zwattendorfer, B., Slamanig, D.: On Privacy-Preserving Ways to Porting the Austrian eID System to the Public Cloud. In: Janczewski, L.J., Wolfe, H.B., Shenoi, S. (eds.) SEC 2013. IFIP AICT, vol. 405, pp. 300–314. Springer, Heidelberg (2013)
Zwattendorfer, B., Slamanig, D.: Privacy-preserving realization of the stork framework in the public cloud. In: SECRYPT, pp. 419–426 (2013)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 IFIP International Federation for Information Processing
About this paper
Cite this paper
Zwattendorfer, B., Slamanig, D., Stranacher, K., Hörandner, F. (2014). A Federated Cloud Identity Broker-Model for Enhanced Privacy via Proxy Re-Encryption. In: De Decker, B., Zúquete, A. (eds) Communications and Multimedia Security. CMS 2014. Lecture Notes in Computer Science, vol 8735. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-662-44885-4_8
Download citation
DOI: https://doi.org/10.1007/978-3-662-44885-4_8
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-662-44884-7
Online ISBN: 978-3-662-44885-4
eBook Packages: Computer ScienceComputer Science (R0)