SlideShare a Scribd company logo

Secure and Privacy Enhanced Authentication & Authorization Protocol in Cloud

Download as PPT, PDF
U
Umer Khalid
1 of 14
Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab Cloud based Secure and Privacy Enhanced Authentication & Authorization Protocol Umer Khalid Dr. Abdul Ghafoor Abbasi Misbah Irum Dr. Awais Shibli
Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab Outline 1. Introduction 2. Problems with existing security mechanisms 3. Selection of components 4. Modifications 5. Workflow 6. Conclusion
Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab 1. Introduction1. Introduction  Traditional Security Mechanisms – Authentication System •Password Based Authentication •Kerberos •Zero knowledge Proofs – Authorization •Access control •OTP
Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab 2.Problems  Easily compromised – Lengthy passwords – Leakage risks – Based on a single factor – No anonymity  Solution – Multi factor authentication – Access control
Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab 3. Solution  Multi-factor authentication – Based on what you have and what you posses: • Certificates • PINs • Smart cards • Biometrics  Flexible Authorization – Access Control based on: • Roles • Attributes • Combination of multiple conditions
Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab 2.Problems Revisited  Lengthy passwords  Leakage risks  Based on a single factor  Anonymity Identity information binding. Information only protected in transit. Still does not cater for anonymity.
Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab Current Challenges  Different organizations are now shifting data assets to the cloud such as: – E-Government – Health Care  Cloud offers significant cut down in infrastructure costs at the risk of: – Privacy (Identity Linking) – Data leakage  Problem gets further amplified as data owners are not the only ones with the data – Cloud service providers also posses the same data – Service provider can easily link identity information to this data
Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab Design of a Anonymous Authentication & Authorization Protocol  Choice of components:  Design a completely new approach  Build on existing robust protocols  Separate mechanisms for authentication and authorization  Modify the protocols to achieve anonymity  Authentication:  Strong authentication based server with support for anonymity  Authorization:  XACML based PDP server for authorization  PEP at multiple points
Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab Authentication  Strong authentication server with support for multi-factor authentication: Certificates Revocable Traceable Partial Anonymity Certificates PINs Smart cards Biometrics
Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab Anonymous Digital Certificates Certificate Anonymous Certificate
Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab Anonymous Digital Certificates
Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab Certificate based Strong Authentication Client SA Server
Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab Improvements [Cert A] Tok ID|RND B LCA IDMS Tok ID|RND B|RND A
Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab 2. Results2. Results TAG Description Example @author Identifies the author of a class. @author Ali @exception Identifies an exception thrown by a method @exception exception- name explanation @param Documents a method's parameter. @param parameter-name explanation @return Documents a method's return value. Documents a method's return value. @since States the release when a specific change was introduced. @since release

Recommended

Security Method in Data Acquisition Wireless Sensor Network
Security Method in Data Acquisition Wireless Sensor Network Security Method in Data Acquisition Wireless Sensor Network
Security Method in Data Acquisition Wireless Sensor Network Dharmendrasingh417
 
Resume
ResumeResume
ResumeRushabh Singhavi
 
Network Security IEEE 2015 Projects
Network Security IEEE 2015 ProjectsNetwork Security IEEE 2015 Projects
Network Security IEEE 2015 ProjectsVijay Karan
 
CIP Version 5 Immersion Workshop
CIP Version 5 Immersion WorkshopCIP Version 5 Immersion Workshop
CIP Version 5 Immersion WorkshopEnergySec
 
Final year projects for ECE students
Final year projects for ECE students Final year projects for ECE students
Final year projects for ECE students Senthilvel S
 
Research on security of the wlan campus network
Research on security of the wlan campus networkResearch on security of the wlan campus network
Research on security of the wlan campus networkkarthik
 
5
55
5aniketnimaje
 
A KEY LEVEL SELECTION WITHIN HASH CHAINS FOR THE EFFICIENT ENERGY CONSUMPTION...
A KEY LEVEL SELECTION WITHIN HASH CHAINS FOR THE EFFICIENT ENERGY CONSUMPTION...A KEY LEVEL SELECTION WITHIN HASH CHAINS FOR THE EFFICIENT ENERGY CONSUMPTION...
A KEY LEVEL SELECTION WITHIN HASH CHAINS FOR THE EFFICIENT ENERGY CONSUMPTION...IAEME Publication
 

Recommended

Security Method in Data Acquisition Wireless Sensor Network
Security Method in Data Acquisition Wireless Sensor Network Security Method in Data Acquisition Wireless Sensor Network
Security Method in Data Acquisition Wireless Sensor Network Dharmendrasingh417
 
Resume
ResumeResume
ResumeRushabh Singhavi
 
Network Security IEEE 2015 Projects
Network Security IEEE 2015 ProjectsNetwork Security IEEE 2015 Projects
Network Security IEEE 2015 ProjectsVijay Karan
 
CIP Version 5 Immersion Workshop
CIP Version 5 Immersion WorkshopCIP Version 5 Immersion Workshop
CIP Version 5 Immersion WorkshopEnergySec
 
Final year projects for ECE students
Final year projects for ECE students Final year projects for ECE students
Final year projects for ECE students Senthilvel S
 
Research on security of the wlan campus network
Research on security of the wlan campus networkResearch on security of the wlan campus network
Research on security of the wlan campus networkkarthik
 
5
55
5aniketnimaje
 
A KEY LEVEL SELECTION WITHIN HASH CHAINS FOR THE EFFICIENT ENERGY CONSUMPTION...
A KEY LEVEL SELECTION WITHIN HASH CHAINS FOR THE EFFICIENT ENERGY CONSUMPTION...A KEY LEVEL SELECTION WITHIN HASH CHAINS FOR THE EFFICIENT ENERGY CONSUMPTION...
A KEY LEVEL SELECTION WITHIN HASH CHAINS FOR THE EFFICIENT ENERGY CONSUMPTION...IAEME Publication
 
COMPTIA COLLEGE CEU
COMPTIA COLLEGE CEUCOMPTIA COLLEGE CEU
COMPTIA COLLEGE CEUDavid Ault
 
A Defense-in-depth Cybersecurity for Smart Substations
A Defense-in-depth Cybersecurity for Smart SubstationsA Defense-in-depth Cybersecurity for Smart Substations
A Defense-in-depth Cybersecurity for Smart SubstationsIJECEIAES
 
CCD_2013_Preguntas_REVIEW
CCD_2013_Preguntas_REVIEWCCD_2013_Preguntas_REVIEW
CCD_2013_Preguntas_REVIEWGregory Anders
 
4
44
4aniketnimaje
 
IRJET - A Review on Crypto-Algorithm using Different Hardware
IRJET - A Review on Crypto-Algorithm using Different HardwareIRJET - A Review on Crypto-Algorithm using Different Hardware
IRJET - A Review on Crypto-Algorithm using Different HardwareIRJET Journal
 
35 9142 it s-execution evaluation of end-to-end edit septian
35 9142 it s-execution evaluation of end-to-end edit septian35 9142 it s-execution evaluation of end-to-end edit septian
35 9142 it s-execution evaluation of end-to-end edit septianIAESIJEECS
 
IRJET- Design to Secure Data by using DNA Cryptography in Cloud Computing
IRJET- Design to Secure Data by using DNA Cryptography in Cloud ComputingIRJET- Design to Secure Data by using DNA Cryptography in Cloud Computing
IRJET- Design to Secure Data by using DNA Cryptography in Cloud ComputingIRJET Journal
 
CV
CVCV
CVYang Yang
 
IRJET- Easy to Implement Searchable Encryption Scheme for Cloud-Assisted Wire...
IRJET- Easy to Implement Searchable Encryption Scheme for Cloud-Assisted Wire...IRJET- Easy to Implement Searchable Encryption Scheme for Cloud-Assisted Wire...
IRJET- Easy to Implement Searchable Encryption Scheme for Cloud-Assisted Wire...IRJET Journal
 
Revealing AES Encryption Device Key on 328P Microcontrollers with Differentia...
Revealing AES Encryption Device Key on 328P Microcontrollers with Differentia...Revealing AES Encryption Device Key on 328P Microcontrollers with Differentia...
Revealing AES Encryption Device Key on 328P Microcontrollers with Differentia...IJECEIAES
 
Nano Communication
Nano Communication Nano Communication
Nano Communication Behnaz Motavali
 
Artificial neural network for misuse detection
Artificial neural network for misuse detectionArtificial neural network for misuse detection
Artificial neural network for misuse detectionSajan Sahu
 
Shridhar_Resume_Embedded
Shridhar_Resume_EmbeddedShridhar_Resume_Embedded
Shridhar_Resume_EmbeddedShridhar Kulkarni
 
IRJET- Latency and Power Optimized AES Cryptography System using Scan Cha...
IRJET- Latency and Power Optimized AES Cryptography System using Scan Cha...IRJET- Latency and Power Optimized AES Cryptography System using Scan Cha...
IRJET- Latency and Power Optimized AES Cryptography System using Scan Cha...IRJET Journal
 
Artificial neural networks
Artificial neural networks Artificial neural networks
Artificial neural networks Tharushi Ruwandika
 
IRJET- Analysis on the Open Security Issues in 802.1x EAP Security Standa...
IRJET- Analysis on the Open Security Issues in 802.1x EAP Security Standa...IRJET- Analysis on the Open Security Issues in 802.1x EAP Security Standa...
IRJET- Analysis on the Open Security Issues in 802.1x EAP Security Standa...IRJET Journal
 
Behavior rule specification based intrusion
Behavior rule specification based intrusionBehavior rule specification based intrusion
Behavior rule specification based intrusionjpstudcorner
 
AMFA Company profile . !BS shw
AMFA Company profile . !BS shwAMFA Company profile . !BS shw
AMFA Company profile . !BS shwAMFA ClimaTech Solutions Pvt Ltd
 
AngularJS Authentication Secure Your App with Auth0
AngularJS Authentication Secure Your App with Auth0AngularJS Authentication Secure Your App with Auth0
AngularJS Authentication Secure Your App with Auth0ayman diab
 
How to Take Cloud Access Control to the Next Level
How to Take Cloud Access Control to the Next LevelHow to Take Cloud Access Control to the Next Level
How to Take Cloud Access Control to the Next LevelOneLogin
 
Stronger/Multi-factor Authentication for Enterprise Applications
Stronger/Multi-factor Authentication for Enterprise ApplicationsStronger/Multi-factor Authentication for Enterprise Applications
Stronger/Multi-factor Authentication for Enterprise ApplicationsRamesh Nagappan
 
Survey on Efficient and Secure Anonymous Communication in Manets
Survey on Efficient and Secure Anonymous Communication in ManetsSurvey on Efficient and Secure Anonymous Communication in Manets
Survey on Efficient and Secure Anonymous Communication in ManetsEditor IJCATR
 

More Related Content

What's hot

COMPTIA COLLEGE CEU
COMPTIA COLLEGE CEUCOMPTIA COLLEGE CEU
COMPTIA COLLEGE CEUDavid Ault
 
A Defense-in-depth Cybersecurity for Smart Substations
A Defense-in-depth Cybersecurity for Smart SubstationsA Defense-in-depth Cybersecurity for Smart Substations
A Defense-in-depth Cybersecurity for Smart SubstationsIJECEIAES
 
CCD_2013_Preguntas_REVIEW
CCD_2013_Preguntas_REVIEWCCD_2013_Preguntas_REVIEW
CCD_2013_Preguntas_REVIEWGregory Anders
 
IRJET - A Review on Crypto-Algorithm using Different Hardware
IRJET - A Review on Crypto-Algorithm using Different HardwareIRJET - A Review on Crypto-Algorithm using Different Hardware
IRJET - A Review on Crypto-Algorithm using Different HardwareIRJET Journal
 
35 9142 it s-execution evaluation of end-to-end edit septian
35 9142 it s-execution evaluation of end-to-end edit septian35 9142 it s-execution evaluation of end-to-end edit septian
35 9142 it s-execution evaluation of end-to-end edit septianIAESIJEECS
 
IRJET- Design to Secure Data by using DNA Cryptography in Cloud Computing
IRJET- Design to Secure Data by using DNA Cryptography in Cloud ComputingIRJET- Design to Secure Data by using DNA Cryptography in Cloud Computing
IRJET- Design to Secure Data by using DNA Cryptography in Cloud ComputingIRJET Journal
 
IRJET- Easy to Implement Searchable Encryption Scheme for Cloud-Assisted Wire...
IRJET- Easy to Implement Searchable Encryption Scheme for Cloud-Assisted Wire...IRJET- Easy to Implement Searchable Encryption Scheme for Cloud-Assisted Wire...
IRJET- Easy to Implement Searchable Encryption Scheme for Cloud-Assisted Wire...IRJET Journal
 
Revealing AES Encryption Device Key on 328P Microcontrollers with Differentia...
Revealing AES Encryption Device Key on 328P Microcontrollers with Differentia...Revealing AES Encryption Device Key on 328P Microcontrollers with Differentia...
Revealing AES Encryption Device Key on 328P Microcontrollers with Differentia...IJECEIAES
 
Artificial neural network for misuse detection
Artificial neural network for misuse detectionArtificial neural network for misuse detection
Artificial neural network for misuse detectionSajan Sahu
 
IRJET- Latency and Power Optimized AES Cryptography System using Scan Cha...
IRJET- Latency and Power Optimized AES Cryptography System using Scan Cha...IRJET- Latency and Power Optimized AES Cryptography System using Scan Cha...
IRJET- Latency and Power Optimized AES Cryptography System using Scan Cha...IRJET Journal
 
IRJET- Analysis on the Open Security Issues in 802.1x EAP Security Standa...
IRJET- Analysis on the Open Security Issues in 802.1x EAP Security Standa...IRJET- Analysis on the Open Security Issues in 802.1x EAP Security Standa...
IRJET- Analysis on the Open Security Issues in 802.1x EAP Security Standa...IRJET Journal
 
Behavior rule specification based intrusion
Behavior rule specification based intrusionBehavior rule specification based intrusion
Behavior rule specification based intrusionjpstudcorner
 

What's hot (17)

COMPTIA COLLEGE CEU
COMPTIA COLLEGE CEUCOMPTIA COLLEGE CEU
COMPTIA COLLEGE CEU
 
A Defense-in-depth Cybersecurity for Smart Substations
A Defense-in-depth Cybersecurity for Smart SubstationsA Defense-in-depth Cybersecurity for Smart Substations
A Defense-in-depth Cybersecurity for Smart Substations
 
CCD_2013_Preguntas_REVIEW
CCD_2013_Preguntas_REVIEWCCD_2013_Preguntas_REVIEW
CCD_2013_Preguntas_REVIEW
 
4
44
4
 
IRJET - A Review on Crypto-Algorithm using Different Hardware
IRJET - A Review on Crypto-Algorithm using Different HardwareIRJET - A Review on Crypto-Algorithm using Different Hardware
IRJET - A Review on Crypto-Algorithm using Different Hardware
 
35 9142 it s-execution evaluation of end-to-end edit septian
35 9142 it s-execution evaluation of end-to-end edit septian35 9142 it s-execution evaluation of end-to-end edit septian
35 9142 it s-execution evaluation of end-to-end edit septian
 
IRJET- Design to Secure Data by using DNA Cryptography in Cloud Computing
IRJET- Design to Secure Data by using DNA Cryptography in Cloud ComputingIRJET- Design to Secure Data by using DNA Cryptography in Cloud Computing
IRJET- Design to Secure Data by using DNA Cryptography in Cloud Computing
 
CV
CVCV
CV
 
IRJET- Easy to Implement Searchable Encryption Scheme for Cloud-Assisted Wire...
IRJET- Easy to Implement Searchable Encryption Scheme for Cloud-Assisted Wire...IRJET- Easy to Implement Searchable Encryption Scheme for Cloud-Assisted Wire...
IRJET- Easy to Implement Searchable Encryption Scheme for Cloud-Assisted Wire...
 
Revealing AES Encryption Device Key on 328P Microcontrollers with Differentia...
Revealing AES Encryption Device Key on 328P Microcontrollers with Differentia...Revealing AES Encryption Device Key on 328P Microcontrollers with Differentia...
Revealing AES Encryption Device Key on 328P Microcontrollers with Differentia...
 
Nano Communication
Nano Communication Nano Communication
Nano Communication
 
Artificial neural network for misuse detection
Artificial neural network for misuse detectionArtificial neural network for misuse detection
Artificial neural network for misuse detection
 
Shridhar_Resume_Embedded
Shridhar_Resume_EmbeddedShridhar_Resume_Embedded
Shridhar_Resume_Embedded
 
IRJET- Latency and Power Optimized AES Cryptography System using Scan Cha...
IRJET- Latency and Power Optimized AES Cryptography System using Scan Cha...IRJET- Latency and Power Optimized AES Cryptography System using Scan Cha...
IRJET- Latency and Power Optimized AES Cryptography System using Scan Cha...
 
Artificial neural networks
Artificial neural networks Artificial neural networks
Artificial neural networks
 
IRJET- Analysis on the Open Security Issues in 802.1x EAP Security Standa...
IRJET- Analysis on the Open Security Issues in 802.1x EAP Security Standa...IRJET- Analysis on the Open Security Issues in 802.1x EAP Security Standa...
IRJET- Analysis on the Open Security Issues in 802.1x EAP Security Standa...
 
Behavior rule specification based intrusion
Behavior rule specification based intrusionBehavior rule specification based intrusion
Behavior rule specification based intrusion
 

Viewers also liked

AngularJS Authentication Secure Your App with Auth0
AngularJS Authentication Secure Your App with Auth0AngularJS Authentication Secure Your App with Auth0
AngularJS Authentication Secure Your App with Auth0ayman diab
 
How to Take Cloud Access Control to the Next Level
How to Take Cloud Access Control to the Next LevelHow to Take Cloud Access Control to the Next Level
How to Take Cloud Access Control to the Next LevelOneLogin
 
Stronger/Multi-factor Authentication for Enterprise Applications
Stronger/Multi-factor Authentication for Enterprise ApplicationsStronger/Multi-factor Authentication for Enterprise Applications
Stronger/Multi-factor Authentication for Enterprise ApplicationsRamesh Nagappan
 
Survey on Efficient and Secure Anonymous Communication in Manets
Survey on Efficient and Secure Anonymous Communication in ManetsSurvey on Efficient and Secure Anonymous Communication in Manets
Survey on Efficient and Secure Anonymous Communication in ManetsEditor IJCATR
 
Multifactor Authentication
Multifactor AuthenticationMultifactor Authentication
Multifactor AuthenticationRonnie Isherwood
 
Integrated Cloud Framework: Security, Governance, Compliance, Content Applica...
Integrated Cloud Framework: Security, Governance, Compliance, Content Applica...Integrated Cloud Framework: Security, Governance, Compliance, Content Applica...
Integrated Cloud Framework: Security, Governance, Compliance, Content Applica...Chad Lawler
 
Cloud Computing Security
Cloud Computing SecurityCloud Computing Security
Cloud Computing SecurityNinh Nguyen
 

Viewers also liked (9)

AMFA Company profile . !BS shw
AMFA Company profile . !BS shwAMFA Company profile . !BS shw
AMFA Company profile . !BS shw
 
AngularJS Authentication Secure Your App with Auth0
AngularJS Authentication Secure Your App with Auth0AngularJS Authentication Secure Your App with Auth0
AngularJS Authentication Secure Your App with Auth0
 
How to Take Cloud Access Control to the Next Level
How to Take Cloud Access Control to the Next LevelHow to Take Cloud Access Control to the Next Level
How to Take Cloud Access Control to the Next Level
 
Stronger/Multi-factor Authentication for Enterprise Applications
Stronger/Multi-factor Authentication for Enterprise ApplicationsStronger/Multi-factor Authentication for Enterprise Applications
Stronger/Multi-factor Authentication for Enterprise Applications
 
Survey on Efficient and Secure Anonymous Communication in Manets
Survey on Efficient and Secure Anonymous Communication in ManetsSurvey on Efficient and Secure Anonymous Communication in Manets
Survey on Efficient and Secure Anonymous Communication in Manets
 
Multifactor Authentication
Multifactor AuthenticationMultifactor Authentication
Multifactor Authentication
 
Integrated Cloud Framework: Security, Governance, Compliance, Content Applica...
Integrated Cloud Framework: Security, Governance, Compliance, Content Applica...Integrated Cloud Framework: Security, Governance, Compliance, Content Applica...
Integrated Cloud Framework: Security, Governance, Compliance, Content Applica...
 
Cloud security ppt
Cloud security pptCloud security ppt
Cloud security ppt
 
Cloud Computing Security
Cloud Computing SecurityCloud Computing Security
Cloud Computing Security
 

Similar to Secure and Privacy Enhanced Authentication & Authorization Protocol in Cloud

Cyber Security_Presentation_KTH
Cyber Security_Presentation_KTHCyber Security_Presentation_KTH
Cyber Security_Presentation_KTHAwais Shibli
 
Developing an Effective
Developing an Effective Developing an Effective
Developing an Effective webhostingguy
 
Diploma In Information Security Training and Certification Details In Delhi
Diploma In Information Security Training and Certification Details In DelhiDiploma In Information Security Training and Certification Details In Delhi
Diploma In Information Security Training and Certification Details In DelhiCRAW CYBER SECURITY PVT LTD
 
Material best practices in network security using ethical hacking
Material best practices in network security using ethical hackingMaterial best practices in network security using ethical hacking
Material best practices in network security using ethical hackingDesmond Devendran
 
Open and Secure SCADA: Efficient and Economical Control, Without the Risk
Open and Secure SCADA: Efficient and Economical Control, Without the RiskOpen and Secure SCADA: Efficient and Economical Control, Without the Risk
Open and Secure SCADA: Efficient and Economical Control, Without the RiskInductive Automation
 
Open and Secure SCADA: Efficient and Economical Control, Without the Risk
Open and Secure SCADA: Efficient and Economical Control, Without the RiskOpen and Secure SCADA: Efficient and Economical Control, Without the Risk
Open and Secure SCADA: Efficient and Economical Control, Without the RiskInductive Automation
 
Study of campus network security
Study of campus network securityStudy of campus network security
Study of campus network securityTrishla Thakur
 
Nozomi Networks SCADAguardian - Data-Sheet
Nozomi Networks SCADAguardian - Data-SheetNozomi Networks SCADAguardian - Data-Sheet
Nozomi Networks SCADAguardian - Data-SheetNozomi Networks
 
01_ICT Visit_ Project Briefing and Progress Overview [Dec 26, 13]
01_ICT Visit_ Project Briefing and Progress Overview [Dec 26, 13]01_ICT Visit_ Project Briefing and Progress Overview [Dec 26, 13]
01_ICT Visit_ Project Briefing and Progress Overview [Dec 26, 13]Awais Shibli
 
JPJ1449 Efficient Authentication for Mobile and Pervasive Computing
JPJ1449 Efficient Authentication for Mobile and Pervasive ComputingJPJ1449 Efficient Authentication for Mobile and Pervasive Computing
JPJ1449 Efficient Authentication for Mobile and Pervasive Computingchennaijp
 
ATIPS - Advanced Technology Information Processing Systems
ATIPS - Advanced Technology Information Processing SystemsATIPS - Advanced Technology Information Processing Systems
ATIPS - Advanced Technology Information Processing SystemsWael Badawy
 
Online MS in Cybersecurity at NYU
Online MS in Cybersecurity at NYUOnline MS in Cybersecurity at NYU
Online MS in Cybersecurity at NYUNYU Tandon Online
 
A secure Crypto-biometric verification protocol
A secure Crypto-biometric verification protocol A secure Crypto-biometric verification protocol
A secure Crypto-biometric verification protocol Nishmitha B
 
PLNOG15: Simplifying network deployment using Autonomic networking and Plug-a...
PLNOG15: Simplifying network deployment using Autonomic networking and Plug-a...PLNOG15: Simplifying network deployment using Autonomic networking and Plug-a...
PLNOG15: Simplifying network deployment using Autonomic networking and Plug-a...PROIDEA
 
Mr. Sayed Rabbani - Quality Assurance - The 80% of Industrial Control System ...
Mr. Sayed Rabbani - Quality Assurance - The 80% of Industrial Control System ...Mr. Sayed Rabbani - Quality Assurance - The 80% of Industrial Control System ...
Mr. Sayed Rabbani - Quality Assurance - The 80% of Industrial Control System ...promediakw
 
Machine Learning -Based Security Authentication for Wireless Multimedia Network
Machine Learning -Based Security Authentication for Wireless Multimedia NetworkMachine Learning -Based Security Authentication for Wireless Multimedia Network
Machine Learning -Based Security Authentication for Wireless Multimedia NetworkGauthamSK4
 

Similar to Secure and Privacy Enhanced Authentication & Authorization Protocol in Cloud (20)

Cyber Security_Presentation_KTH
Cyber Security_Presentation_KTHCyber Security_Presentation_KTH
Cyber Security_Presentation_KTH
 
Developing an Effective
Developing an Effective Developing an Effective
Developing an Effective
 
Diploma In Information Security Training and Certification Details In Delhi
Diploma In Information Security Training and Certification Details In DelhiDiploma In Information Security Training and Certification Details In Delhi
Diploma In Information Security Training and Certification Details In Delhi
 
Material best practices in network security using ethical hacking
Material best practices in network security using ethical hackingMaterial best practices in network security using ethical hacking
Material best practices in network security using ethical hacking
 
Open and Secure SCADA: Efficient and Economical Control, Without the Risk
Open and Secure SCADA: Efficient and Economical Control, Without the RiskOpen and Secure SCADA: Efficient and Economical Control, Without the Risk
Open and Secure SCADA: Efficient and Economical Control, Without the Risk
 
Open and Secure SCADA: Efficient and Economical Control, Without the Risk
Open and Secure SCADA: Efficient and Economical Control, Without the RiskOpen and Secure SCADA: Efficient and Economical Control, Without the Risk
Open and Secure SCADA: Efficient and Economical Control, Without the Risk
 
Study of campus network security
Study of campus network securityStudy of campus network security
Study of campus network security
 
DGRZETICH_TDC531_Presentation
DGRZETICH_TDC531_PresentationDGRZETICH_TDC531_Presentation
DGRZETICH_TDC531_Presentation
 
Nozomi Networks SCADAguardian - Data-Sheet
Nozomi Networks SCADAguardian - Data-SheetNozomi Networks SCADAguardian - Data-Sheet
Nozomi Networks SCADAguardian - Data-Sheet
 
01_ICT Visit_ Project Briefing and Progress Overview [Dec 26, 13]
01_ICT Visit_ Project Briefing and Progress Overview [Dec 26, 13]01_ICT Visit_ Project Briefing and Progress Overview [Dec 26, 13]
01_ICT Visit_ Project Briefing and Progress Overview [Dec 26, 13]
 
JPJ1449 Efficient Authentication for Mobile and Pervasive Computing
JPJ1449 Efficient Authentication for Mobile and Pervasive ComputingJPJ1449 Efficient Authentication for Mobile and Pervasive Computing
JPJ1449 Efficient Authentication for Mobile and Pervasive Computing
 
ATIPS - Advanced Technology Information Processing Systems
ATIPS - Advanced Technology Information Processing SystemsATIPS - Advanced Technology Information Processing Systems
ATIPS - Advanced Technology Information Processing Systems
 
Ccsk course content v1
Ccsk course content v1Ccsk course content v1
Ccsk course content v1
 
CV_English
CV_EnglishCV_English
CV_English
 
Online MS in Cybersecurity at NYU
Online MS in Cybersecurity at NYUOnline MS in Cybersecurity at NYU
Online MS in Cybersecurity at NYU
 
A secure Crypto-biometric verification protocol
A secure Crypto-biometric verification protocol A secure Crypto-biometric verification protocol
A secure Crypto-biometric verification protocol
 
PACE-IT: Network Hardening Techniques (part 2)
PACE-IT: Network Hardening Techniques (part 2)PACE-IT: Network Hardening Techniques (part 2)
PACE-IT: Network Hardening Techniques (part 2)
 
PLNOG15: Simplifying network deployment using Autonomic networking and Plug-a...
PLNOG15: Simplifying network deployment using Autonomic networking and Plug-a...PLNOG15: Simplifying network deployment using Autonomic networking and Plug-a...
PLNOG15: Simplifying network deployment using Autonomic networking and Plug-a...
 
Mr. Sayed Rabbani - Quality Assurance - The 80% of Industrial Control System ...
Mr. Sayed Rabbani - Quality Assurance - The 80% of Industrial Control System ...Mr. Sayed Rabbani - Quality Assurance - The 80% of Industrial Control System ...
Mr. Sayed Rabbani - Quality Assurance - The 80% of Industrial Control System ...
 
Machine Learning -Based Security Authentication for Wireless Multimedia Network
Machine Learning -Based Security Authentication for Wireless Multimedia NetworkMachine Learning -Based Security Authentication for Wireless Multimedia Network
Machine Learning -Based Security Authentication for Wireless Multimedia Network
 

Secure and Privacy Enhanced Authentication & Authorization Protocol in Cloud

  • 1. Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab Cloud based Secure and Privacy Enhanced Authentication & Authorization Protocol Umer Khalid Dr. Abdul Ghafoor Abbasi Misbah Irum Dr. Awais Shibli
  • 2. Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab Outline 1. Introduction 2. Problems with existing security mechanisms 3. Selection of components 4. Modifications 5. Workflow 6. Conclusion
  • 3. Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab 1. Introduction1. Introduction  Traditional Security Mechanisms – Authentication System •Password Based Authentication •Kerberos •Zero knowledge Proofs – Authorization •Access control •OTP
  • 4. Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab 2.Problems  Easily compromised – Lengthy passwords – Leakage risks – Based on a single factor – No anonymity  Solution – Multi factor authentication – Access control
  • 5. Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab 3. Solution  Multi-factor authentication – Based on what you have and what you posses: • Certificates • PINs • Smart cards • Biometrics  Flexible Authorization – Access Control based on: • Roles • Attributes • Combination of multiple conditions
  • 6. Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab 2.Problems Revisited  Lengthy passwords  Leakage risks  Based on a single factor  Anonymity Identity information binding. Information only protected in transit. Still does not cater for anonymity.
  • 7. Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab Current Challenges  Different organizations are now shifting data assets to the cloud such as: – E-Government – Health Care  Cloud offers significant cut down in infrastructure costs at the risk of: – Privacy (Identity Linking) – Data leakage  Problem gets further amplified as data owners are not the only ones with the data – Cloud service providers also posses the same data – Service provider can easily link identity information to this data
  • 8. Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab Design of a Anonymous Authentication & Authorization Protocol  Choice of components:  Design a completely new approach  Build on existing robust protocols  Separate mechanisms for authentication and authorization  Modify the protocols to achieve anonymity  Authentication:  Strong authentication based server with support for anonymity  Authorization:  XACML based PDP server for authorization  PEP at multiple points
  • 9. Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab Authentication  Strong authentication server with support for multi-factor authentication: Certificates Revocable Traceable Partial Anonymity Certificates PINs Smart cards Biometrics
  • 10. Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab Anonymous Digital Certificates Certificate Anonymous Certificate
  • 11. Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab Anonymous Digital Certificates
  • 12. Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab Certificate based Strong Authentication Client SA Server
  • 13. Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab Improvements [Cert A] Tok ID|RND B LCA IDMS Tok ID|RND B|RND A
  • 14. Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab 2. Results2. Results TAG Description Example @author Identifies the author of a class. @author Ali @exception Identifies an exception thrown by a method @exception exception- name explanation @param Documents a method's parameter. @param parameter-name explanation @return Documents a method's return value. Documents a method's return value. @since States the release when a specific change was introduced. @since release