Identity Management 2015
SoS Newsletter- Advanced Book Block
Identity Management 2015 |
The term identity management refers to the management of individual identities, their roles, authentication, authorizations, and privileges within or across systems. Examples include passwords, active directories, digital identities, tokens, and workflows. One of the core competencies for cybersecurity, the increasingly complex IT world demands smarter identity management solutions. The research cited here was presented in 2015.
Singh, A.; Chatterjee, K., “Identity Management in Cloud Computing Through Claim-Based Solution,” in Advanced Computing & Communication Technologies (ACCT), 2015 Fifth International Conference on, vol., no., pp. 524-529, 21-22 Feb. 2015. doi:10.1109/ACCT.2015.89
Abstract: In the last few years, many organizations/users have adopted cloud storage systems. These storage systems provide a large virtual storage. When people move from web applications to cloud computing platform, their main concern point is how-to raise privacy of user’s sensitive data in cloud infrastructure. The traditional form of accessing cloud services is to use a username and password as a security token. During login/access time, new security risk may arise like virtualization attack, account/password sniffing, or phishing attack. Hence, cloud service provider (CSP) does not provide a complete security. Even though existing authentication scheme have addressed various security properties, there is still need of a secure authentication mechanism. This paper describes the need of claim-based identity management system, the basic terminology that is used in claim based approach and what is the advantage to use this approach. This paper proposes a model to extend the claim-based identity management scheme for cloud applications and provide a more secure way to access the cloud services. In this scheme, a new form of Security Assertion Markup Langauge (SAML) security tokens are created for identity, supported by Windows Communication Foundation (WCF) and hence, can prove more reliable with single interoperable approach to identify the works more secure in every situation in the cloud computing environment.
Keywords: cloud computing; virtual storage; CSP; SAML security tokens; Security Assertion Markup Language; WCF; Web applications; Windows Communication Foundation; account/password sniffing; claim-based identity management scheme; claim-based identity management system; claim-based solution; cloud computing environment; cloud computing platform; cloud infrastructure; cloud service provider; cloud services; cloud storage systems; phishing attack; secure authentication mechanism; user sensitive data; username; virtual storage; virtualization attack; Authentication; Browsers; Cloud computing; Electronic mail; Organizations; Protocols; Claim; Cloud Computing; Federation Provide; Identity Providers; Security Token Service (ID#: 15-8698)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7079139&isnumber=7079031
Hörbe, R.; Hötzendorfer, W., “Privacy by Design in Federated Identity Management,” in Security and Privacy Workshops (SPW), 2015 IEEE, vol., no., pp. 167-174, 21-22 May 2015. doi:10.1109/SPW.2015.24
Abstract: Federated Identity Management (FIM), while solving important scalability, security and privacy problems of remote entity authentication, introduces new privacy risks. By virtue of sharing identities with many systems, the improved data quality of subjects may increase the possibilities of linking private data sets, moreover, new opportunities for user profiling are being introduced. However, FIM models to mitigate these risks have been proposed. In this paper we elaborate privacy by design requirements for this class of systems, transpose them into specific architectural requirements, and evaluate a number of FIM models with respect to these requirements. The contributions of this paper are a catalog of privacy-related architectural requirements, joining up legal, business and system architecture viewpoints, and the demonstration of concrete FIM models showing how the requirements can be implemented in practice.
Keywords: data protection; security of data; FIM models; federated identity management; identity sharing; improved data quality; privacy problems; privacy risks; privacy-related architectural requirements; private data sets; remote entity authentication; security problems; Art; Business; Data privacy; Guidelines; IEC standards; ISO standards; Privacy; data protection law; identity management; limited linkability; limited observability; privacy; privacy by design; security (ID#: 15-8699)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7163221&isnumber=7163193
Macedo, R.; Ghamri-Doudane, Y.; Nogueira, M., “Mitigating DoS Attacks in Identity Management Systems Through Reorganizations,” in Network Operations and Management Symposium (LANOMS), 2015 Latin American, vol., no., pp. 27-34,
1-3 Oct. 2015. doi:10.1109/LANOMS.2015.7332666
Abstract: Ensuring identity management (IdM) systems availability plays a key role to support networked systems. Denial-of-Service (DoS) attacks can make IdM operations unavailable, preventing the use of computational resources by legitimate users. In the literature, the main countermeasures against DoS over IdM systems are based on either the application of external resources to extend the system lifetime (replication) or on DoS attacks detection. The first approach increases the solutions cost, and in general the second approach is still prone to high rates of false negatives and/or false positives. Hence, this work presents SAMOS, a novel and paradigm-shifting Scheme for DoS Attacks Mitigation by the reOrganization and optimization of the IdM System. SAMOS optimizes the reorganization of the IdM system components founded on optimization techniques, minimizing DoS effects and improving the system lifetime. SAMOS is based on the unavailabilities effects such as the exhaustion of processing and memory resources, eliminating the dependence of attacks detection. Furthermore, SAMOS employs operational IdPs from the IdM system to support the demand of the IdM system, differently from replication approaches. Results considering data from two real IdM systems indicate the scheme viability and improvements. As future works, SAMOS will be prototyped in order to allow performance evaluations in a real testbed.
Keywords: computer network security; telecommunication network management; Denial-of-Service; DoS attacks detection; DoS attacks mitigation; IDM systems; computational resources; external resources; identity management systems; memory resources; mitigating DoS attacks; networked systems; Authentication; Cloud computing; Computer crime; IP networks; Optimization; Proposals (ID#: 15-8700)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7332666&isnumber=7332658
Soni, D.; Patel, H., “Privacy Preservation Using Novel Identity Management Scheme in Cloud Computing,” in Communication Systems and Network Technologies (CSNT), 2015 Fifth International Conference on, vol., no., pp. 714-719, 4-6 April 2015. doi:10.1109/CSNT.2015.284
Abstract: The Cloud Computing is known for its high availability and low cost in implementation and maintenance. The Users of Cloud often give their secret credential for accessing application and/or data hosted on Cloud environment. Authentication is today’s one of the most challenging issues in the domain of security and privacy for the applications running under Cloud environment. As users’ access more than one service, sometimes using common credentials, User feels unsafe about disclosing their identity on the Cloud environment because their information may be used with other application/users to generate knowledge about their activities. In this paper, we propose a model which allows users to authenticate to the service securely and control the disclosure of their attributes. The proposed model offers users’ a flexibility to generate instant identity along with credential required to authenticate service provider. The instant identity for each service provider makes tough for them to track user’s access patterns. Due to rapid change in identity, service provider may not be able to locate user(s). The proposed model aims to assists the users to preserve privacy of their data.
Keywords: cloud computing; data privacy; message authentication; software management; identity management scheme; privacy preservation; service provider authentication; user access patterns; Authentication; Data privacy; Privacy; Public key; Relays; Servers; Cloud computing; Zero Knowledge Proof; One Time Password; Identity Management; Identity Provider; Privacy
(ID#: 15-8701)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7280012&isnumber=7279856
Chen, Ju; Liu, Yi; Chai, Yueting, “An Identity Management Framework for Internet of Things,” in e-Business Engineering (ICEBE), 2015 IEEE 12th International Conference on, vol., no., pp. 360-364, 23-25 Oct. 2015. doi:10.1109/ICEBE.2015.67
Abstract: The Internet of Things (IoT) has been developing rapidly in the past few years. In IoT, an enormous number of smart devices are connected to the network, where communication and interaction occurs extensively among end users, smart devices and Internet services. Due to the great diversity of devices, broader scope of interactions and other characteristics of IoT, current IdM model for Internet needs to be extended and improved. The objective of this article is to analyze the main features of IoT and key issues of the IdM for IoT, and then present an IdM framework for IoT, which consists of three parts: the standard information model, user-centric architecture and multi-channel authentication.
Keywords: Authentication; Authorization; Internet of things; Servers; Service-oriented architecture; Unified modeling language; Identity management (IdM); Internet of Things (IoT); User-centric architecture (ID#: 15-8702)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7349993&isnumber=7349845
Malchow, Jan-Ole; Roth, Volker, “CryptID — Distributed Identity Management Infrastructure,” in Communications and Network Security (CNS), 2015 IEEE Conference on, vol., no., pp. 735-736, 28-30 Sept. 2015. doi:10.1109/CNS.2015.7346910
Abstract: Many of the services on which we depend on the Internet where designed when communications security was not a major concern. The toll for retrofitted security was increased complexity. When search engines emerged users began to type only significant parts of a domain name into the search field and clicked on the appropriate link. In this poster we argue that this paradigm shift ultimately allows us to disentangle, replace and simplify the existing stack of Internet services related to name services and security.
Keywords: Dictionaries; Indexes; Public key cryptography; Routing (ID#: 15-8703)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7346910&isnumber=7346791
Barreto, Luciano; Celesti, Antonio; Villari, Massimo; Fazio, Maria; Puliafito, Antonio, “Identity Management in IoT Clouds: A FIWARE Case Study,” in Communications and Network Security (CNS), 2015 IEEE Conference on, vol., no., pp. 680-684, 28-30 Sept. 2015. doi:10.1109/CNS.2015.7346887
Abstract: Nowadays, the combination between Cloud computing and Internet of Things (IoT) is pursuing new levels of efficiency in delivering services, representing a tempting business opportunity for ICT operators of increasing their revenues. However, security is seen as one of the major factors that slows down the rapid and large scale adoption and deployment of both the IoT and Cloud computing. In this paper, considering such an IoT Cloud scenario, we present an authentication model that allow IoT devices to join IoT Clouds and users to access the system. Moreover, we discuss the issues involved in applying our authentication models in a real IoT Cloud based on the FIWARE technology.
Keywords: Authentication; Cloud computing; Computational modeling; Performance evaluation; Sensors; Cloud computing; FIWARE; authentication; internet of things; security (ID#: 15-8704)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7346887&isnumber=7346791
Werner, Jorge; Westphall, Carla Merkle; Weingärtner, Rafael; Geronimo, Guilherme Arthur; Westphall, Carlos Becker, “An Approach to IdM with Privacy in the Cloud,” in Computer and Information Technology; Ubiquitous Computing and Communications; Dependable, Autonomic and Secure Computing; Pervasive Intelligence and Computing (CIT/IUCC/DASC/PICOM), 2015 IEEE International Conference on, vol., no., pp. 168-175, 26-28 Oct. 2015. doi:10.1109/CIT/IUCC/DASC/PICOM.2015.26
Abstract: Cloud computing allows the use of resources and systems in thousands of providers. This paradigm can use federated identity management to control user’s identification data, but it is essential to preserve privacy, while performing authentication and access control. This article discusses necessary characteristics to improve privacy in the dissemination of sensitive data of users in federated cloud computing paradigm. We plan to identify and use privacy techniques in identity management systems used in cloud. Users’ attributes should have associated policies to minimize release of data exchanged in the process. It is also necessary to deal with privacy in interactions between authentication and authorization processes. This paper presents an approach to address the issues involving privacy around the personally identifiable information. The proposed model allows control of users’ PII, provides some choices to assist users in data dissemination during the interaction and provides guarantees using user preferences on the SP side.
Keywords: Authorization; Cloud computing; Data privacy; Identity management systems; Privacy; Proposals; cloud; identity management; idm; privacy (ID#: 15-8705)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7363067&isnumber=7362962
Xiaoqi Ma, “Managing Identities in Cloud Computing Environments,” in Information Science and Control Engineering (ICISCE), 2015 2nd International Conference on, vol., no., pp. 290-292, 24-26 April 2015. doi:10.1109/ICISCE.2015.71
Abstract: As cloud computing becomes a hot spot of research, the security issues of clouds raise concerns and attention from academic research community. A key area of cloud security is managing users’ identities, which is fundamental and important to other aspects of cloud computing. A number of identity management frameworks and systems are introduced and analysed. Issues remaining in them are discussed and potential solutions and countermeasures are proposed.
Keywords: cloud computing; security of data; academic research community; cloud computing environments; cloud security; Authentication; Cloud computing; Computational modeling; Computer architecture; Identity management systems; Servers; identity management; security (ID#: 15-8706)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7120611&isnumber=7120439
Hummer, M.; Kunz, M.; Netter, M.; Fuchs, L.; Pernul, G., “Advanced Identity and Access Policy Management Using Contextual Data,” in Availability, Reliability and Security (ARES), 2015 10th International Conference on, vol., no., pp. 40-49, 24-27 Aug. 2015. doi:10.1109/ARES.2015.40
Abstract: Due to compliance and IT security requirements, company-wide Identity and Access Management within organizations has gained significant importance in research and practice over the last years. Companies aim at standardizing user management policies in order to reduce administrative overhead and strengthen IT security. Despite of its relevance, hardly any supportive means for the automated detection and refinement as well as management of policies are available. As a result, policies outdate over time, leading to security vulnerabilities and inefficiencies. Existing research mainly focuses on policy detection without providing the required guidance for policy management. This paper closes the existing gap by proposing a Dynamic Policy Management Process which structures the activities required for policy management in Identity and Access Management environments. In contrast to current approaches it fosters the consideration of contextual user management data for policy detection and refinement and offers result visualization techniques that foster human understanding. In order to underline its applicability, this paper provides a naturalistic evaluation based on real-life data from a large industrial company.
Keywords: authorisation; data visualisation; feature extraction; standardisation; IT security requirement; access policy management; contextual data; dynamic policy management process; identity management; policy detection; result visualization technique; user management policy standardization; Access control; Companies; Context; Data mining; Access Control; Identity Management; Policy Management; Policy Mining; RBAC (ID#: 15-8707)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7299897&isnumber=7299862
Fongen, Anders, “Trust Management in Cross Domain Operations,” in Military Communications Conference, MILCOM 2015 - 2015 IEEE, vol., no., pp. 935-940, 26-28 Oct. 2015. doi:10.1109/MILCOM.2015.7357565
Abstract: Protocols for communication across security domains need to be evaluated against their architectural properties, not only their security properties. The protocols have connectivity and capacity requirements, they have implications on system coupling, scalability and management. This paper investigates several trust management mechanisms from the perspective of a list of non-functional requirements. The conclusions have consequences for the organization of Identity Management Systems used in cross-domain applications.
Keywords: Authentication; Authorization; Protocols; Public key; Scalability (ID#: 15-8708)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7357565&isnumber=7357245
Kurniawan, A.; Kyas, M., “A Trust Model-Based Bayesian Decision Theory in Large Scale Internet of Things,” in Intelligent Sensors, Sensor Networks and Information Processing (ISSNIP), 2015 IEEE Tenth International Conference on, vol., no., pp. 1-5, 7-9 April 2015. doi:10.1109/ISSNIP.2015.7106964
Abstract: In addressing the growing problem of security of Internet of Things, we present, from a statistical decision point of view, a naval approach for trust-based access control using Bayesian decision theory. We build a trust model, TrustBayes which represents a trust level for identity management in IoT. TrustBayes model is be applied to address access control on uncertainty environment where identities are not known in advance. The model consists of EX (Experience), KN (Knowledge) and RC (Recommendation) values which is be obtained in measurement while a IoT device requests to access a resource. A decision will be taken based model parameters and be computed using Bayesian decision rules. To evaluate our a trust model, we do a statistical analysis and simulate it using OMNeT++ to investigate battery usage. The simulation result shows that the Bayesian decision theory approach for trust based access control guarantees scalability and it is energy efficient as increasing number of devices and not affecting the functioning and performance.
Keywords: Bayes methods; Internet of Things; authorisation; decision theory; statistical analysis; Bayesian decision rules; EX value; KN value; OMNeT++; RC value; TrustBayes model; battery usage; experience value; identity management; knowledge value; large scale Internet-of-things; recommendation value; statistical decision point; trust model-based Bayesian decision theory; trust-based access control; uncertainty environment; Batteries; Communication system security; Scalability; Wireless communication; Wireless sensor networks; Access Control; Decision making; Decision theory; Trust Management (ID#: 15-8709)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7106964&isnumber=7106892
Fei Liu; Jing Wang; Hongtao Bai; Huiping Sun, “Access Control Model Based on Trust and Risk Evaluation in IDMaaS,” in Information Technology – New Generations (ITNG), 2015 12th International Conference on, vol., no., pp. 179-184, 13-15 April 2015. doi:10.1109/ITNG.2015.34
Abstract: As cloud computing technology develops rapidly, more convenience has been brought to users by various cloud providers with various cloud services. However, difficulty of management, especially when different access control protocols and personal information involved, has become one of barriers that inhibit the development process of cloud technology. In this paper, a user-centered ID MaaS (Identity Management as a Service) is proposed combined with a novel access control model based on trust and risk evaluation. Besides, a format-preserving encryption (FPE) method is proposed as an auxiliary scheme guaranteeing the effectiveness of access control. ID MaaS offers a solution that effectively alleviates the difficulty of realizing unified management of users’ identity and information among diverse cloud service providers.
Keywords: authorisation; cloud computing; risk analysis; trusted computing; FPE method; IDMaaS; access control protocols; cloud computing technology; cloud service providers; cloud technology; format preserving encryption; identity management as a service; personal information; risk evaluation; trust evaluation; unified management; Access control; Cloud computing; Computational modeling; Data models; Encryption; Servers; access control; format-preserving encryption; (ID#: 15-8710)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7113469&isnumber=7113432
Marsico, A.; Broglio, A.; Vecchio, M.; Facca, F.M., “Learn by Examples How to Link the Internet of Things and the Cloud Computing Paradigms: A Fully Working Proof of Concept,” in Future Internet of Things and Cloud (FiCloud), 2015 3rd International Conference on, vol., no., pp. 806-810, 24-26 Aug. 2015. doi:10.1109/FiCloud.2015.27
Abstract: This paper describes a fully-working proof of concept centered around a smart enterprise scenario and able to shed led on the power offered by linking the Internet of Things (IoT) and the Cloud Computing (CC) paradigms together. More specifically, in this showcase all the sensing and actuation capabilities are implemented in the tiny micro-controllers on-board the “things” and exposed, through a short-range radio module, as interfaces and commands, while all the smart capabilities (from identity management, to complex event processing, from data contextualization to persistent storage) are implemented as cloud services. In this way one can keep the computational and memory requirements of the devices extremely low, by off-loading the smartness of the application to the cloud services, where computational and memory resources are not an issue. Finally, to connect the two worlds together, a small linux embedded micro-pc is used as a controller, hence playing the role of a smart IoT gateway.
Keywords: Internet of Things; Linux; cloud computing; embedded systems; internetworking; microcontrollers; CC paradigm; IoT gateway; Linux embedded micro-pc; actuation capability; cloud computing paradigm; cloud service; complex event processing; computational requirement; data contextualization; identity management; memory requirement; microcontroller; sensing capability; short-range radio module; smart enterprise scenario; Actuators; Cloud computing; Clouds; Context; Graphical user interfaces; Logic gates; Sensors; Cloud Computing; FIWARE Techologies; Smart Environments (ID#: 15-8711)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7300909&isnumber=7300539
Breaux, T.D.; Smullen, D.; Hibshi, H., “Detecting Repurposing and Over-Collection in Multi-Party Privacy Requirements Specifications,” in Requirements Engineering Conference (RE), 2015 IEEE 23rd International, vol., no., pp. 166-175, 24-28 Aug. 2015. doi:10.1109/RE.2015.7320419
Abstract: Mobile and web applications increasingly leverage service-oriented architectures in which developers integrate third-party services into end user applications. This includes identity management, mapping and navigation, cloud storage, and advertising services, among others. While service reuse reduces development time, it introduces new privacy and security risks due to data repurposing and over-collection as data is shared among multiple parties who lack transparency into third-party data practices. To address this challenge, we propose new techniques based on Description Logic (DL) for modeling multiparty data flow requirements and verifying the purpose specification and collection and use limitation principles, which are prominent privacy properties found in international standards and guidelines. We evaluate our techniques in an empirical case study that examines the data practices of the Waze mobile application and three of their service providers: Facebook Login, Amazon Web Services (a cloud storage provider), and Flurry.com (a popular mobile analytics and advertising platform). The study results include detected conflicts and violations of the principles as well as two patterns for balancing privacy and data use flexibility in requirements specifications. Analysis of automation reasoning over the DL models show that reasoning over complex compositions of multi-party systems is feasible within exponential asymptotic timeframes proportional to the policy size, the number of expressed data, and orthogonal to the number of conflicts found.
Keywords: Web services; data privacy; description logic; mobile computing; security of data; Amazon Web Services; DL models; Facebook login; Flurry.com; Waze mobile application; data use flexibility; description logic; exponential asymptotic timeframes; guidelines; international standards; multiparty data flow requirements; multiparty privacy requirements specifications; over-collection detection; repurposing detection; use limitation principles; Advertising; Data privacy; Facebook; Limiting; Privacy; Terminology; Data flow analysis; privacy principles; requirements validation (ID#: 15-8712)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7320419&isnumber=7320393
Nida; Teli, B.K., “An Efficient and Secure Means for Identity and Trust Management in Cloud,” in Computer Engineering and Applications (ICACEA), 2015 International Conference on Advances in, vol., no., pp. 677-682, 19-20 March 2015. doi:10.1109/ICACEA.2015.7164777
Abstract: Cloud users are inevitably confronted with the potential risk of storing their crucial data into the remote data center of cloud service providers (CSP), which raises the concern among cloud users for their Identities and Trust for CSP’s. So their arises the need for an efficient identity and trust management system, which can serve to both CSP and Cloud Consumer and hence necessary to increase the service level agreements (SLA) between them. This paper propose a strong heterogeneous online and offline sign crypt model for a cloud network for the issue pertaining to identities and trust management. This model has certain merits: firstly, it set ups the secure, trustworthy connection between the cloud user and cloud data center, while maintaining the identities of the user and also it achieves confidentiality, authentication, and non-repudiation of services in a coherent single step. Secondly, it allows a cloud user in an Identity based cryptography (IBC) to send a request message to an internet host in public key infrastructure (PKI). Thirdly, it splits the generated sign crypt into two phases: a) Offline, and b) Online phase, and thereafter they are shown on several types of attacks. Our model is very suitable to provide high level of identity and trust management in cloud computing paradigm.
Keywords: authorisation; cloud computing; computer centres; public key cryptography; CSP; Internet host; PKI; SLA; cloud computing paradigm; cloud consumer; cloud network; cloud service providers; cloud users; crucial data storage; identity management system; offline phase; online phase; public key infrastructure; remote data center; request message; service authentication; service confidentiality; service level agreements; service nonrepudiation; strong heterogeneous offline sign crypt model; strong heterogeneous online sign crypt model; trust management system; Authentication; Cloud computing; Computers; Encryption; Public key; AES; Cloud Computing; IBC; OffSigncrypt; OnSigncrypt; trust and Identity management (ID#: 15-8713)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7164777&isnumber=7164643
Guenane, F.A.; Serhrouchni, A., “Secure Access & Authentication for Collaborative Intercloud Exchange Service,” in Cyber Security of Smart Cities, Industrial Control System and Communications (SSIC), 2015 International Conference on, vol., no.,
pp. 1-5, 5-7 Aug. 2015. doi:10.1109/SSIC.2015.7245331
Abstract: Recent advances in information technology make remote collaboration and resource sharing easier for next generation of distributed systems. The Intercloud is an interconnection system of several cloud provider infrastructures that allows the dynamic coordination of the deployment of applications and the distribution of the load across multiple data centers. In this paper, we propose a new design to establish a new generation of secure collaborative cloud services where several companies are patially or fully pooling their resources to optimize their operating costs and increase the availability of their services in a secure way by performing secure access & authentication for collaborative interCloud exchange services.
Keywords: authorisation; cloud computing; computer centres; groupware; authentication; cloud provider infrastructures; collaborative intercloud exchange service; data centers; information technology; operating costs; remote collaboration; resource sharing; secure access; secure collaborative cloud services; Authentication; Cloud computing; Collaboration; Computational modeling; Computer architecture; Servers; Access Control; Collaborative Internet; Identity Management; Intercloud; Security As A Service (ID#: 15-8714)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7245331&isnumber=7245317
Sung Choi; Zage, D.; Yung Ryn Choe; Brent Wasilow, “Physically Unclonable Digital ID,” in Mobile Services (MS), 2015 IEEE International Conference on, vol., no., pp. 105-111, June 27 2015-July 2 2015. doi:10.1109/MobServ.2015.24
Abstract: The Center for Strategic and International Studies estimates the annual cost from cyber crime to be more than $400 billion. Most notable is the recent digital identity thefts that compromised millions of accounts. These attacks emphasize the security problems of using clonable static information. One possible solution is the use of a physical device known as a Physically Unclonable Function (PUF). PUFs can be used to create encryption keys, generate random numbers, or authenticate devices. While the concept shows promise, current PUF implementations are inherently problematic: inconsistent behavior, expensive, susceptible to modeling attacks, and permanent. Therefore, we propose a new solution by which an unclonable, dynamic digital identity is created between two communication endpoints such as mobile devices. This Physically Unclonable Digital ID (PUDID) is created by injecting a data scrambling PUF device at the data origin point that corresponds to a unique and matching descrambler/hardware authentication at the receiving end. This device is designed using macroscopic, intentional anomalies, making them inexpensive to produce. PUDID is resistant to cryptanalysis due to the separation of the challenge response pair and a series of hash functions. PUDID is also unique in that by combining the PUF device identity with a dynamic human identity, we can create true two-factor authentication. We also propose an alternative solution that eliminates the need for a PUF mechanism altogether by combining tamper resistant capabilities with a series of hash functions. This tamper resistant device, referred to as a Quasi-PUDID (Q-PUDID), modifies input data, using a black-box mechanism, in an unpredictable way. By mimicking PUF attributes, Q-PUDID is able to avoid traditional PUF challenges thereby providing high-performing physical identity assurance with or without a low performing PUF mechanism. Three different application scenarios with mobile devices for PUDID and Q-PUDID have been analyzed to show their unique advantages over traditional PUFs and outline the potential for placement in a host of applications.
Keywords: authorisation; cryptography; random number generation; PUF; Q-PUDID; center for strategic and international studies; clonable static information; cryptanalysis; descrambler-hardware authentication; device authentication; digital identity thefts; dynamic human identity; encryption keys; hash functions; physically unclonable digital ID; physically unclonable function; quasi-PUDID; random number generation; two-factor authentication; Authentication; Cryptography; Immune system; Optical imaging; Optical sensors; Servers; access control; authentication; biometrics; cloning; computer security; cyber security; digital signatures; identification of persons; identity management systems; mobile hardware security (ID#: 15-8715)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7226678&isnumber=7226653
Becot, S.; Bertin, E.; Crom, J.-M.; Frey, V.; Tuffin, S., “Communication Services in the Web Era: How Can Telco Join the OTT Hangout?,” in Intelligence in Next Generation Networks (ICIN), 2015 18th International Conference on, vol., no., pp. 208-215,
17-19 Feb. 2015. doi:10.1109/ICIN.2015.7073833
Abstract: Evolutions of communications and the advent of Web real time technologies are further challenging the Telco ecosystem. New architectures are emerging to enable new services in a context where assets as identity, signaling and network management are decoupled and virtually delaminated, so to speak. This paper tackles three challenges to face to enable Telco to embrace these evolutions. First we need a secure, trustful and privacy-friendly way of using services provided by various identity and communication providers. Second, we need a versatile framework to develop and deploy communication services. The third challenge is to overcome the limitation of best effort networking by enabling specialized network services for de-perimeterized service delivery.
Keywords: Internet; data privacy; quality of service; Telco ecosystem; Web real time technologies; communication providers; communication services; deperimeterized service delivery; identity providers; network management; privacy-friendly services; signaling; specialized network services; trustful services; Biological system modeling; Browsers; IP networks; Mobile communication; Quality of service; Real-time systems; Telephony; Identity Management; IoT; QoS Management; Web communications; WebRTC; Webification of Networks; post-IMS (ID#: 15-8716)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7073833&isnumber=7073795
Niemiec, M.; Kolucka-Szypula, W., “Federated Identity in Real-Life Applications,” in Networks and Communications (EuCNC), 2015 European Conference on, vol., no., pp. 492-496, June 29 2015-July 2 2015. doi:10.1109/EuCNC.2015.7194124
Abstract: This paper describes scenarios and services based on Federated Identity technology. The authors emphasize the Single Sign On mechanism, in which a user’s single authentication credential is used to log in once without being prompted to authenticate again to other systems. The overview of Federated Identity and a Federated Identity Management System is presented first. Next, federation approaches used in different fields of human activity are discussed. A few examples of such domains are presented: E-health, E-government, E-learning, and E-business. Also, two different use cases were proposed: a federated approach for tourism which provide a better service for customers, and in the health care sector, which improves medical service quality and reduces treatment costs. The last section describes the prototype which was implemented and tested in network environment.
Keywords: authorisation; health care; quality of service; federated identity management system; medical service quality; single Sign On mechanism; tourism; treatment cost reduction; user single authentication credential; Authentication; Companies; Electronic government; Identity management systems; Medical services; Federated Identity; Single Sign On; authentication; security
(ID#: 15-8717)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7194124&isnumber=7194024
Raghavendra, K.; Ramesh, B., “Managing the Digital Identity in the Cloud: The Current Scenario,” in Electrical, Computer and Communication Technologies (ICECCT), 2015 IEEE International Conference on, vol., no., pp. 1-4, 5-7 March 2015. doi:10.1109/ICECCT.2015.7226076
Abstract: The role of cloud computing in today’s world of globalization has seen major contribution for application development and deployment. Many enterprise see cloud computing as a platform for organizational and economic benefit. Cloud computing offers many businesses a new way of accessing computing services. Nevertheless, this has also exposed the organizations to a range of risks which they are unaware of. In this paper, we present identity management issues in cloud and also review the existing approaches to provide secure Identity management (IdM) system.
Keywords: cloud computing; commerce; economics; globalisation; organisational aspects; IdM system; business; digital identity; economic benefit; enterprise; globalization; identity management system; organizational benefit; Authorization; Face; Protocols; Servers; Diameter; authentication; cloud; identity; security (ID#: 15-8718)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7226076&isnumber=7225915
Note:
Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to news@scienceofsecurity.net for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.