Machine Learning -Based Security Authentication for Wireless Multimedia Network
Secure and Privacy Enhanced Authentication & Authorization Protocol in Cloud
1. Department of Computing, School of Electrical
Engineering and Computer Sciences, NUST -
Islamabad
KTH
Applied
Information
Security
Lab
Cloud based Secure and Privacy
Enhanced Authentication &
Authorization Protocol
Umer Khalid
Dr. Abdul Ghafoor Abbasi
Misbah Irum
Dr. Awais Shibli
2. Department of Computing, School of Electrical
Engineering and Computer Sciences, NUST -
Islamabad
KTH
Applied
Information
Security
Lab
Outline
1. Introduction
2. Problems with existing security
mechanisms
3. Selection of components
4. Modifications
5. Workflow
6. Conclusion
3. Department of Computing, School of Electrical
Engineering and Computer Sciences, NUST -
Islamabad
KTH
Applied
Information
Security
Lab
1. Introduction1. Introduction
Traditional Security Mechanisms
– Authentication System
•Password Based Authentication
•Kerberos
•Zero knowledge Proofs
– Authorization
•Access control
•OTP
4. Department of Computing, School of Electrical
Engineering and Computer Sciences, NUST -
Islamabad
KTH
Applied
Information
Security
Lab
2.Problems
Easily compromised
– Lengthy passwords
– Leakage risks
– Based on a single factor
– No anonymity
Solution
– Multi factor authentication
– Access control
5. Department of Computing, School of Electrical
Engineering and Computer Sciences, NUST -
Islamabad
KTH
Applied
Information
Security
Lab
3. Solution
Multi-factor authentication
– Based on what you have and what you
posses:
• Certificates
• PINs
• Smart cards
• Biometrics
Flexible Authorization
– Access Control based on:
• Roles
• Attributes
• Combination of multiple conditions
6. Department of Computing, School of Electrical
Engineering and Computer Sciences, NUST -
Islamabad
KTH
Applied
Information
Security
Lab
2.Problems Revisited
Lengthy passwords
Leakage risks
Based on a single factor
Anonymity
Identity information binding.
Information only protected in transit.
Still does not cater for anonymity.
7. Department of Computing, School of Electrical
Engineering and Computer Sciences, NUST -
Islamabad
KTH
Applied
Information
Security
Lab
Current Challenges
Different organizations are now shifting data
assets to the cloud such as:
– E-Government
– Health Care
Cloud offers significant cut down in infrastructure
costs at the risk of:
– Privacy (Identity Linking)
– Data leakage
Problem gets further amplified as data owners
are not the only ones with the data
– Cloud service providers also posses the same data
– Service provider can easily link identity information to this
data
8. Department of Computing, School of Electrical
Engineering and Computer Sciences, NUST -
Islamabad
KTH
Applied
Information
Security
Lab
Design of a Anonymous
Authentication & Authorization
Protocol
Choice of components:
Design a completely new approach
Build on existing robust protocols
Separate mechanisms for authentication and
authorization
Modify the protocols to achieve anonymity
Authentication:
Strong authentication based server with support for
anonymity
Authorization:
XACML based PDP server for authorization
PEP at multiple points
9. Department of Computing, School of Electrical
Engineering and Computer Sciences, NUST -
Islamabad
KTH
Applied
Information
Security
Lab
Authentication
Strong authentication server with support
for multi-factor authentication:
Certificates
Revocable
Traceable
Partial
Anonymity
Certificates
PINs
Smart cards
Biometrics
10. Department of Computing, School of Electrical
Engineering and Computer Sciences, NUST -
Islamabad
KTH
Applied
Information
Security
Lab
Anonymous Digital Certificates
Certificate Anonymous
Certificate
11. Department of Computing, School of Electrical
Engineering and Computer Sciences, NUST -
Islamabad
KTH
Applied
Information
Security
Lab
Anonymous Digital Certificates
12. Department of Computing, School of Electrical
Engineering and Computer Sciences, NUST -
Islamabad
KTH
Applied
Information
Security
Lab
Certificate based Strong
Authentication
Client
SA Server
13. Department of Computing, School of Electrical
Engineering and Computer Sciences, NUST -
Islamabad
KTH
Applied
Information
Security
Lab
Improvements
[Cert A]
Tok ID|RND B
LCA
IDMS
Tok ID|RND B|RND A
14. Department of Computing, School of Electrical
Engineering and Computer Sciences, NUST -
Islamabad
KTH
Applied
Information
Security
Lab
2. Results2. Results
TAG Description Example
@author Identifies the author of a
class.
@author Ali
@exception Identifies an exception
thrown by a method
@exception exception-
name explanation
@param Documents a method's
parameter.
@param parameter-name
explanation
@return Documents a method's
return value.
Documents a method's
return value.
@since States the release when a
specific change was
introduced.
@since release