Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab Cloud based Secure.

Slides:

Advertisements

Similar presentations

Smart Certificates: Extending X.509 for Secure Attribute Service on the Web October 1999 Joon S. Park, Ph.D. Center for Computer High Assurance Systems.

Advertisements

17 March 2010 Workshop on Efficient and Effective eGovernment FASTeTEN : a Flexible Technology in Different European Administrative Contexts

FAME-PERMIS Project University of Manchester University of Kent London, July 2006.

Cloud PIV Authentication and Authorization Demo PIV Card User Workstation Central Security Server In order to use Cloud Authentication and Authorization.

Akshat Sharma Samarth Shah

FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.

Claudia Diaz, Hannelore Dekeyser, Markulf Kohlweiss, Girma Nigusse K.U.Leuven IDIS Workshop 29/05/2008 [Work done in the context of the ADAPID project]

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

Access Control Methodologies

Grid Security. Typical Grid Scenario Users Resources.

Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.

Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.

User Managed Privacy Using Distributed Trust Privacy and Security Research Workshop Carnegie Mellon University May 29-30, 2002 Lark M. Allen / Wave Systems.

Web Services Security Multimedia Information Engineering Lab. Yoon-Sik Yoo.

FIT3105 Smart card based authentication and identity management Lecture 4.

Polytechnic University of Tirana Faculty of Information Technology Computer Engineering Department Identification of on-line users and Digital Signature.

An Authentication Service Based on Trust and Clustering in Wireless Ad Hoc Networks: Description and Security Evaluation Edith C.H. Ngai and Michael R.

Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE CSci530: Computer Security Systems Authentication.

1 July 2005© 2005 University of Kent1 Seamless Integration of PERMIS and Shibboleth – Development of a Flexible PERMIS Authorisation Module for Shibboleth.

1 CS 194: Distributed Systems Security Scott Shenker and Ion Stoica Computer Science Division Department of Electrical Engineering and Computer Sciences.

CAMP - June 4-6, Copyright Statement Copyright Robert J. Brentrup and Mark J. Franklin This work is the intellectual property of the authors.

I DENTITY M ANAGEMENT Joe Braceland Mount Airey Group, Inc.

The Study of Security and Privacy in Mobile Applications Name: Liang Wei

Chapter 10: Authentication Guide to Computer Network Security.

Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

Information Security for Managers (Master MIS)

MagicNET: Security Architecture for Discovery and Adoption of Mobile Agents Presented By Mr. Muhammad Awais Shibli.

Csci5233 Computer Security1 Bishop: Chapter 14 Representing Identity.

Web-based E-commerce Architecture

Federated Identity Management for HEP David Kelsey WLCG GDB 9 May 2012.

© Synergetics Portfolio Security Aspecten.

Module 9: Fundamentals of Securing Network Communication.

A Flexible Access Control Model for Web Services Elisa Bertino CERIAS and CS Department, Purdue University Joint work with Anna C. Squicciarini – University.

sec1 IEEE MEDIA INDEPENDENT HANDOVER DCN: sec Title: TGa_Proposal_Antonio_Izquierdo (Protecting the Information Service.

Identity Management: A Technical Perspective Richard Cissée DAI-Labor; Technische Universität Berlin

P2: Privacy-Preserving Communication and Precise Reward Architecture for V2G Networks in Smart Grid P2: Privacy-Preserving Communication and Precise Reward.

Security Planning and Administrative Delegation Lesson 6.

CS453: Introduction to Information Security for E-Commerce Prof. Tom Horton.

Pertemuan #9 Security in Practice Kuliah Pengaman Jaringan.

Traditional Security Issues Confidentiality –Prevent unauthorized access or reading of information Integrity –Insure that writing or operations are allowed.

ICC Module 3 Lesson 5 – IT Security 1 / 4 © 2015 Ph. Janson Information, Computing & Communication Security – Clip 0 – Introduction School of Computer.

Security fundamentals Topic 5 Using a Public Key Infrastructure.

Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab Secure Sharding.

© ITT Educational Services, Inc. All rights reserved. IS3230 Access Security Unit 7 Authentication Methods and Requirements.

Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

Key Management in AAA Russ Housley Incoming Security Area Director.

Chapt. 10 – Key Management Dr. Wayne Summers Department of Computer Science Columbus State University

Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab Security aspects.

MagicNET: XACML Authorization Policies for Mobile Agents Mr. Awais Shibli.

Csci5233 Computer Security1 Bishop: Chapter 14 Representing Identity.

BOPS – Biometric Open Protocol Standard Emilio J. Sanchez-Sierra.

The Four Pillars of Identity: A Solution for Online Success Tom Shinder Principle Writer and Knowledge Engineer, SCD iX Solutions Group Microsoft Corporation.

A l a d d I n. c o m Strong Authentication and Beyond Budai László, IT Biztonságtechnikai tanácsadó.

Identity and Access Management

Secure Connected Infrastructure

Grid Computing Security Mechanisms: the state-of-the-art

A Dynamic ID-Based Generic Framework for Anonymous Authentication Scheme for Roaming Service in Global Mobility Networks Source: Wireless Personal Communications,

網路環境中通訊安全技術之研究 Secure Communication Schemes in Network Environments

Similarities between Grid-enabled Medical and Engineering Applications

Enterprise Single Sign-On

Public Key Infrastructure

Public Key Infrastructure from the Most Trusted Name in e-Security

Strong Password Authentication Protocols

CLIENT/SERVER COMPUTING ENVIRONMENT

How to Mitigate the Consequences What are the Countermeasures?

HIMSS National Conference New Orleans Convention Center

A Policy-Based Security Mechanism for Distributed Health Networks

COEN 351 Authentication.

Presentation transcript:

Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab Cloud based Secure and Privacy Enhanced Authentication & Authorization Protocol Umer Khalid Dr. Abdul Ghafoor Abbasi Misbah Irum Dr. Awais Shibli

Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab Outline 1. Introduction 2. Problems with existing security mechanisms 3. Selection of components 4. Modifications 5. Workflow 6. Conclusion

Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab 1. Introduction Traditional Security Mechanisms – Authentication System Password Based Authentication Kerberos Zero knowledge Proofs – Authorization Access control OTP

Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab 2.Problems Easily compromised –Lengthy passwords –Leakage risks –Based on a single factor –No anonymity Solution –Multi factor authentication –Access control

Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab 3. Solution Multi-factor authentication –Based on what you have and what you posses: Certificates PINs Smart cards Biometrics Flexible Authorization –Access Control based on: Roles Attributes Combination of multiple conditions

Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab 2.Problems Revisited Lengthy passwords Leakage risks Based on a single factor  Anonymity  Identity information binding.  Information only protected in transit.  Still does not cater for anonymity.

Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab Current Challenges Different organizations are now shifting data assets to the cloud such as: –E-Government –Health Care Cloud offers significant cut down in infrastructure costs at the risk of: –Privacy (Identity Linking) –Data leakage Problem gets further amplified as data owners are not the only ones with the data –Cloud service providers also posses the same data –Service provider can easily link identity information to this data

Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab Design of a Anonymous Authentication & Authorization Protocol Choice of components:  Design a completely new approach Build on existing robust protocols Separate mechanisms for authentication and authorization Modify the protocols to achieve anonymity  Authentication: Strong authentication based server with support for anonymity  Authorization: XACML based PDP server for authorization PEP at multiple points

Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab Authentication Strong authentication server with support for multi-factor authentication:  Certificates Revocable Traceable Partial Anonymity  Certificates  PINs  Smart cards  Biometrics

Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab Anonymous Digital Certificates Certificate Anonymous Certificate

Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab Anonymous Digital Certificates

Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab Certificate based Strong Authentication Client SA Server

Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab Improvements [Cert A] Tok ID|RND B LCA IDMS Tok ID|RND B|RND A

Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab 2. Results the author of a an exception thrown by a exception- name a method's parameter-name a method's return the release when a specific change was release