SlideShare a Scribd company logo

Privacy Preserving Identity Management as a Service

C
cygnusv

In this work we tackle the problem of privacy and confidentiality in Identity Management as a Service (IDaaS). The adoption of cloud computing technologies by organizations has fostered the externalization of the identity management processes, shaping the concept of Identity Management as a Service. However, as it has happened to other cloud-based services, the cloud poses serious risks to the users, since they lose the control over their data. Here we analyze these concerns and propose a model for privacy-preserving IDaaS, called BlindIdM, which is designed to provide data privacy protection through the use of cryptographic safeguards.

Technology
1 of 28
Download to read offline
Outline Motivation State of the art Results Research Challenges Privacy-Preserving Identity Management as a Service David Nu˜nez Supervisors: Isaac Agudo, and Javier Lopez Network, Information and Computer Security Laboratory (NICS Lab) Universidad de M´alaga, Spain Email: dnunez@lcc.uma.es June 4, 2014
Outline Motivation State of the art Results Research Challenges 1. Motivation 2. State of the art 3. Results 4. Research Challenges
Outline Motivation State of the art Results Research Challenges Introduction Identity Management is a ubiquitous service Costly ⇒ specific applications and personnel Identity Management as a Service (IDaaS) Cloud computing solution to this problem Organizations can outsource their IdM services to the cloud Cloud providers specialized in Identity Management New business opportunities to cloud providers
Outline Motivation State of the art Results Research Challenges Scenarios Service Provider Host Organization (Identity Provider) Employee belongs to requests service direct trust retrieves identity provides identity information Figure : Federated Identity Management Scenario
Outline Motivation State of the art Results Research Challenges Scenarios Cloud Identity Provider Service Provider Host Organization Employee belongs to requests service outsources identity management direct trust direct trust indirect trust retrieves identity provides identity information Figure : Identity Management as a Service Scenario
Outline Motivation State of the art Results Research Challenges Motivation Classic problem of cloud computing ⇒ The user loses the control of his data Now we are talking about identity data... ⇒ Data protection laws and regulations Current solution: Service Level Agreements (SLAs) ⇒ It is just an agreement not a technical safeguard Trust problem ⇒ Users are obliged to trust the provider
Outline Motivation State of the art Results Research Challenges Problem statement Goal: To define technical safeguards that allow an IdM service without compromising users’ data This solution must go beyond defining an access control and enforcement layer ⇒ Cryptographic safeguards Solution must not interfere with the service provision Control must go back to the owner of data
Outline Motivation State of the art Results Research Challenges Proposal BlindIDM – A Model for Privacy-preserving IDaaS Privacy-preserving IDaaS system Based in SAML 2.0 and Proxy Re-Encryption Identity attributes are encrypted by the user and decrypted by the requester The Identity Provider (IdP) stores encrypted attributes ⇒ Still capable of offering an identity service First proposal that tackles this problem
Outline Motivation State of the art Results Research Challenges Cryptographic Cloud Storage Kamara, S., and Lauter, K. (2010). Cryptographic cloud storage. In Financial Cryptography and Data Security
Outline Motivation State of the art Results Research Challenges Sticky Policies Pearson, S., Mont, M. C., Chen, L., and Reed, A. (2011). End-to-end policy-based encryption and management of data in the cloud. In IEEE CloudCom 2011
Outline Motivation State of the art Results Research Challenges SAML 2.0 Security Assertion Markup Language OASIS Standard Description and exchange of identity information (e.g., attributes) Protocols for issuing and exchanging assertions
Outline Motivation State of the art Results Research Challenges Proxy Re-Encryption: Overview A PRE scheme is a public-key encryption scheme that permits a proxy to transform ciphertexts under Alice’s public key into ciphertexts under Bob’s public key. The proxy needs a re-encryption key rA→B to make this transformation possible. Figure : Proxy Re-Encryption flow
Outline Motivation State of the art Results Research Challenges Proxy Re-Encryption: AFGH scheme Global parameters: G1, G2 are groups of prime order q e : G1 × G1 → G2 is a bilinear pairing g ∈ G1, Z = e(g, g) ∈ G2 Primitives: Key Generation: KG() = (sA, pA) Re-Encryption Key Generation: RKG(sA, pB) = rA→B First-level Encryption: E1(m, pA) = c1 Second-level Encryption: E2(m, pA) = c2 Re-Encryption: R(c2, rA→B) = c1 First-level Decryption: D1(c1, sA) = m Second-level Decryption: D2(c2, sA) = m
Outline Motivation State of the art Results Research Challenges Proxy Re-Encryption: AFGH scheme Properties: Unidirectional Unihop Collusion-resistant
Outline Motivation State of the art Results Research Challenges BlindIDM – Privacy-preserving IDaaS Cloud Identity Provider Service Provider Host Organization Employee belongs to requests service outsources identity management direct trust direct trust indirect trust retrieves identity provides identity information Figure : Identity Management as a Service Scenario
Outline Motivation State of the art Results Research Challenges BlindIDM – Privacy-preserving IDaaS Cloud Identity Provider Service Provider Host Organization rH→SP(pH, sH) (pSP , sSP ) ca c a Figure : Information flow within our system
Outline Motivation State of the art Results Research Challenges Assumptions Honest-but-curious provider: The cloud provider will respect protocol fulfillment, but will try to read users’ data Existing trust relationship between users and requesters ⇒ Expressed using SAML Metadata
Outline Motivation State of the art Results Research Challenges Integration with SAML User agent Service Provider Cloud Identity Provider Host Organization Request service Discovery of the IdP SAML AuthnRequest AuthnRequest (User redirection) SAML AuthnRequest AuthnRequest (User redirection) User authentication SAML Response Response (User redirection) Re-encryption of user attributes and creation of SAML Response Response (User redirection) Decryption of user attributes and verification of SAML Response Access to service Figure : Modified SAML Authentication sequence
Outline Motivation State of the art Results Research Challenges Implementation details We have implemented: Prototype implementation using OpenSAML library AFGH Proxy Re-Encryption scheme using Java Pairing-Based Cryptography library (jPBC)1 1 A. D. Caro, http://gas.dia.unisa.it/projects/jpbc
Outline Motivation State of the art Results Research Challenges Economic analysis Most of proposals do not analyze their economic impact Cryptographic operations have an economic cost due to computation, communication, etc. ⇒ Cloud provider incurs in expenses due to energy consumption, personnel, ... Our estimations are based on a research from Chen Sion2 ⇒ They give estimations for computation, storage and communication costs, expressed in picocents (1 picocent = 10E−12 USD cent) We estimate the number of CPU cycles to give an approximation of the costs 2 Y. Chen and R. Sion, “On securing untrusted clouds with cryptography” in Proc. 9th annual ACM workshop on Privacy in the electronic society
Outline Motivation State of the art Results Research Challenges Economic analysis: costs Table : Costs in picocents for the main operations Operation Cost per operation Operations per cent Encryption 4.34E+08 2304 Re-encryption 4.79E+08 2087 Decryption 5.70E+08 1755
Outline Motivation State of the art Results Research Challenges Economic analysis: example scenario IDaaS provider that handles 1 million attribute requests per day ⇒ 1 million re-encryptions per day Approx. 2000 USD per year Reasonable cost for an average-sized company, considering that their information is encrypted at the cloud provider
Outline Motivation State of the art Results Research Challenges Results IDaaS is a promising paradigm for organizations Cloud providers are in a privileged position to gain information about their users We need technical safeguards, such as those based in cryptography, to ensure users’ privacy
Outline Motivation State of the art Results Research Challenges Results We describe an IDaaS system that handles encrypted attributes and still provides an identity service Our system is based in SAML and Proxy Re-Encryption The cloud identity provider transforms encrypted attributes from the original users to ciphertexts for the requesters using re-encryption Implementation and economic analysis is provided
Outline Motivation State of the art Results Research Challenges Publications D. Nu˜nez, and I. Agudo, “BlindIdM: A Privacy-Preserving Approach for Identity Management as a Service”, In International Journal of Information Security, vol. 13, issue 2, Springer, pp. 199-215, 2014. D. Nu˜nez, I. Agudo, and J. Lopez, “Integrating OpenID with Proxy Re-Encryption to enhance privacy in cloud-based identity services”, In IEEE CloudCom 2012, Dec 2012 D. Nu˜nez, I. Agudo, et al., “Identity Management Challenges for Intercloud Applications”, In STAVE 2011, June, 2011 I. Agudo, D. Nu˜nez, et al., “Cryptography Goes to the Cloud”, In STAVE 2011, June, 2011
Outline Motivation State of the art Results Research Challenges Next steps Consider the (un)linkability problem Granular access control Deployment of prototype in cloud setting More efficient and secure cryptographic solutions
Outline Motivation State of the art Results Research Challenges Research Challenges Leveraging user-centricity in identity management. Enhancing users’ privacy in digital transactions that involve their identity. Interoperability of the solutions. Solutions that reduce the trade-off between anonymity and accountability. Exploring and devising new cryptographic techniques for protecting privacy on cloud-based settings.
Outline Motivation State of the art Results Research Challenges Thank you!

Recommended

IRJET- Implementation of DNA Cryptography in Cloud Computing and using Socket...
IRJET- Implementation of DNA Cryptography in Cloud Computing and using Socket...IRJET- Implementation of DNA Cryptography in Cloud Computing and using Socket...
IRJET- Implementation of DNA Cryptography in Cloud Computing and using Socket...
IRJET Journal
 
Privacy preserving secure data exchange in mobile p2 p
Privacy preserving secure data exchange in mobile p2 pPrivacy preserving secure data exchange in mobile p2 p
Privacy preserving secure data exchange in mobile p2 p
www.pixelsolutionbd.com
 
Privacy preserving secure data exchange in mobile P2P
Privacy preserving secure data exchange in mobile P2PPrivacy preserving secure data exchange in mobile P2P
Privacy preserving secure data exchange in mobile P2P
www.pixelsolutionbd.com
 
call for papers, research paper publishing, where to publish research paper, ...
call for papers, research paper publishing, where to publish research paper, ...call for papers, research paper publishing, where to publish research paper, ...
call for papers, research paper publishing, where to publish research paper, ...
International Journal of Engineering Inventions www.ijeijournal.com
 
Role Based Access Control Model (RBACM) With Efficient Genetic Algorithm (GA)...
Role Based Access Control Model (RBACM) With Efficient Genetic Algorithm (GA)...Role Based Access Control Model (RBACM) With Efficient Genetic Algorithm (GA)...
Role Based Access Control Model (RBACM) With Efficient Genetic Algorithm (GA)...
dbpublications
 
Privacy Preserving Location Query Service
Privacy Preserving Location Query ServicePrivacy Preserving Location Query Service
Privacy Preserving Location Query Service
IRJET Journal
 
Security Issues related with cloud computing
Security Issues related with cloud computingSecurity Issues related with cloud computing
Security Issues related with cloud computing
IJERA Editor
 
survey paper on cp abe cloud computing
survey paper on cp abe cloud computingsurvey paper on cp abe cloud computing
survey paper on cp abe cloud computing
INFOGAIN PUBLICATION
 

Recommended

IRJET- Implementation of DNA Cryptography in Cloud Computing and using Socket...
IRJET- Implementation of DNA Cryptography in Cloud Computing and using Socket...IRJET- Implementation of DNA Cryptography in Cloud Computing and using Socket...
IRJET- Implementation of DNA Cryptography in Cloud Computing and using Socket...
IRJET Journal
 
Privacy preserving secure data exchange in mobile p2 p
Privacy preserving secure data exchange in mobile p2 pPrivacy preserving secure data exchange in mobile p2 p
Privacy preserving secure data exchange in mobile p2 p
www.pixelsolutionbd.com
 
Privacy preserving secure data exchange in mobile P2P
Privacy preserving secure data exchange in mobile P2PPrivacy preserving secure data exchange in mobile P2P
Privacy preserving secure data exchange in mobile P2P
www.pixelsolutionbd.com
 
call for papers, research paper publishing, where to publish research paper, ...
call for papers, research paper publishing, where to publish research paper, ...call for papers, research paper publishing, where to publish research paper, ...
call for papers, research paper publishing, where to publish research paper, ...
International Journal of Engineering Inventions www.ijeijournal.com
 
Role Based Access Control Model (RBACM) With Efficient Genetic Algorithm (GA)...
Role Based Access Control Model (RBACM) With Efficient Genetic Algorithm (GA)...Role Based Access Control Model (RBACM) With Efficient Genetic Algorithm (GA)...
Role Based Access Control Model (RBACM) With Efficient Genetic Algorithm (GA)...
dbpublications
 
Privacy Preserving Location Query Service
Privacy Preserving Location Query ServicePrivacy Preserving Location Query Service
Privacy Preserving Location Query Service
IRJET Journal
 
Security Issues related with cloud computing
Security Issues related with cloud computingSecurity Issues related with cloud computing
Security Issues related with cloud computing
IJERA Editor
 
survey paper on cp abe cloud computing
survey paper on cp abe cloud computingsurvey paper on cp abe cloud computing
survey paper on cp abe cloud computing
INFOGAIN PUBLICATION
 
Sharing Secured Scalable Data in Cloud Environment Using Key Aggregate Crypto...
Sharing Secured Scalable Data in Cloud Environment Using Key Aggregate Crypto...Sharing Secured Scalable Data in Cloud Environment Using Key Aggregate Crypto...
Sharing Secured Scalable Data in Cloud Environment Using Key Aggregate Crypto...
IRJET Journal
 
An Efficient Scheme for Data Sharing Among Dynamic Cloud Members
An Efficient Scheme for Data Sharing Among Dynamic Cloud MembersAn Efficient Scheme for Data Sharing Among Dynamic Cloud Members
An Efficient Scheme for Data Sharing Among Dynamic Cloud Members
IRJET Journal
 
Ijarcet vol-2-issue-7-2232-2235
Ijarcet vol-2-issue-7-2232-2235Ijarcet vol-2-issue-7-2232-2235
Ijarcet vol-2-issue-7-2232-2235
Editor IJARCET
 
Improving Efficiency of Security in Multi-Cloud
Improving Efficiency of Security in Multi-CloudImproving Efficiency of Security in Multi-Cloud
Improving Efficiency of Security in Multi-Cloud
IJTET Journal
 
DESIGN AND ANALYSIS OF DKRINGA PROTOCOL FOR LOCATION PRIVACY IN TRUSTED ENVIR...
DESIGN AND ANALYSIS OF DKRINGA PROTOCOL FOR LOCATION PRIVACY IN TRUSTED ENVIR...DESIGN AND ANALYSIS OF DKRINGA PROTOCOL FOR LOCATION PRIVACY IN TRUSTED ENVIR...
DESIGN AND ANALYSIS OF DKRINGA PROTOCOL FOR LOCATION PRIVACY IN TRUSTED ENVIR...
ijsptm
 
Transmission of cryptic text using rotational visual
Transmission of cryptic text using rotational visualTransmission of cryptic text using rotational visual
Transmission of cryptic text using rotational visual
eSAT Publishing House
 
Transmission of cryptic text using rotational visual cryptography
Transmission of cryptic text using rotational visual cryptographyTransmission of cryptic text using rotational visual cryptography
Transmission of cryptic text using rotational visual cryptography
eSAT Journals
 
Mca projects in gagner
Mca projects in gagnerMca projects in gagner
Mca projects in gagner
Gagnertech
 
Micro services Architecture with Vortex -- Part I
Micro services Architecture with Vortex -- Part IMicro services Architecture with Vortex -- Part I
Micro services Architecture with Vortex -- Part I
Angelo Corsaro
 
Mca projects in gagner, chennai slideshare
Mca projects in gagner, chennai slideshareMca projects in gagner, chennai slideshare
Mca projects in gagner, chennai slideshare
Gagnertech
 
Ijri ece-01-01 joint data hiding and compression based on saliency and smvq
Ijri ece-01-01 joint data hiding and compression based on saliency and smvqIjri ece-01-01 joint data hiding and compression based on saliency and smvq
Ijri ece-01-01 joint data hiding and compression based on saliency and smvq
Ijripublishers Ijri
 
IRJET- A Key-Policy Attribute based Temporary Keyword Search Scheme for S...
IRJET- A Key-Policy Attribute based Temporary Keyword Search Scheme for S...IRJET- A Key-Policy Attribute based Temporary Keyword Search Scheme for S...
IRJET- A Key-Policy Attribute based Temporary Keyword Search Scheme for S...
IRJET Journal
 
A Generalized Image Authentication Based On Statistical Moments of Color Hist...
A Generalized Image Authentication Based On Statistical Moments of Color Hist...A Generalized Image Authentication Based On Statistical Moments of Color Hist...
A Generalized Image Authentication Based On Statistical Moments of Color Hist...
idescitation
 
Comparative Study on Watermarking & Image Encryption for Secure Communication
Comparative Study on Watermarking & Image Encryption for Secure CommunicationComparative Study on Watermarking & Image Encryption for Secure Communication
Comparative Study on Watermarking & Image Encryption for Secure Communication
IJTET Journal
 
Access control in decentralized online social networks applying a policy hidi...
Access control in decentralized online social networks applying a policy hidi...Access control in decentralized online social networks applying a policy hidi...
Access control in decentralized online social networks applying a policy hidi...
IGEEKS TECHNOLOGIES
 
Image and text Encryption using RSA algorithm in java
Image and text Encryption using RSA algorithm in java Image and text Encryption using RSA algorithm in java
Image and text Encryption using RSA algorithm in java
PiyushPatil73
 
IJARCCE 20
IJARCCE 20IJARCCE 20
IJARCCE 20
Nahan Rahman
 
Identity-Based Distributed Provable Data Possession in Multicloud Storage
Identity-Based Distributed Provable Data Possession in Multicloud StorageIdentity-Based Distributed Provable Data Possession in Multicloud Storage
Identity-Based Distributed Provable Data Possession in Multicloud Storage
1crore projects
 
Strategic Prefetching of VoD Programs Based on ART2 driven Request Clustering
Strategic Prefetching of VoD Programs Based on ART2 driven Request Clustering Strategic Prefetching of VoD Programs Based on ART2 driven Request Clustering
Strategic Prefetching of VoD Programs Based on ART2 driven Request Clustering
ijistjournal
 
IRJET- Comparison Among RSA, AES and DES
IRJET- Comparison Among RSA, AES and DESIRJET- Comparison Among RSA, AES and DES
IRJET- Comparison Among RSA, AES and DES
IRJET Journal
 
IRJET- Secure Skyline Queries over the Encrypted Data
IRJET- Secure Skyline Queries over the Encrypted DataIRJET- Secure Skyline Queries over the Encrypted Data
IRJET- Secure Skyline Queries over the Encrypted Data
IRJET Journal
 
Ijarcet vol-2-issue-7-2232-2235
Ijarcet vol-2-issue-7-2232-2235Ijarcet vol-2-issue-7-2232-2235
Ijarcet vol-2-issue-7-2232-2235
Editor IJARCET
 

More Related Content

What's hot

Ijarcet vol-2-issue-7-2232-2235
Ijarcet vol-2-issue-7-2232-2235Ijarcet vol-2-issue-7-2232-2235
Ijarcet vol-2-issue-7-2232-2235
Editor IJARCET
 
Improving Efficiency of Security in Multi-Cloud
Improving Efficiency of Security in Multi-CloudImproving Efficiency of Security in Multi-Cloud
Improving Efficiency of Security in Multi-Cloud
IJTET Journal
 
DESIGN AND ANALYSIS OF DKRINGA PROTOCOL FOR LOCATION PRIVACY IN TRUSTED ENVIR...
DESIGN AND ANALYSIS OF DKRINGA PROTOCOL FOR LOCATION PRIVACY IN TRUSTED ENVIR...DESIGN AND ANALYSIS OF DKRINGA PROTOCOL FOR LOCATION PRIVACY IN TRUSTED ENVIR...
DESIGN AND ANALYSIS OF DKRINGA PROTOCOL FOR LOCATION PRIVACY IN TRUSTED ENVIR...
ijsptm
 
Transmission of cryptic text using rotational visual cryptography
Transmission of cryptic text using rotational visual cryptographyTransmission of cryptic text using rotational visual cryptography
Transmission of cryptic text using rotational visual cryptography
eSAT Journals
 
Micro services Architecture with Vortex -- Part I
Micro services Architecture with Vortex -- Part IMicro services Architecture with Vortex -- Part I
Micro services Architecture with Vortex -- Part I
Angelo Corsaro
 
Mca projects in gagner, chennai slideshare
Mca projects in gagner, chennai slideshareMca projects in gagner, chennai slideshare
Mca projects in gagner, chennai slideshare
Gagnertech
 
Ijri ece-01-01 joint data hiding and compression based on saliency and smvq
Ijri ece-01-01 joint data hiding and compression based on saliency and smvqIjri ece-01-01 joint data hiding and compression based on saliency and smvq
Ijri ece-01-01 joint data hiding and compression based on saliency and smvq
Ijripublishers Ijri
 
A Generalized Image Authentication Based On Statistical Moments of Color Hist...
A Generalized Image Authentication Based On Statistical Moments of Color Hist...A Generalized Image Authentication Based On Statistical Moments of Color Hist...
A Generalized Image Authentication Based On Statistical Moments of Color Hist...
idescitation
 
Comparative Study on Watermarking & Image Encryption for Secure Communication
Comparative Study on Watermarking & Image Encryption for Secure CommunicationComparative Study on Watermarking & Image Encryption for Secure Communication
Comparative Study on Watermarking & Image Encryption for Secure Communication
IJTET Journal
 
Identity-Based Distributed Provable Data Possession in Multicloud Storage
Identity-Based Distributed Provable Data Possession in Multicloud StorageIdentity-Based Distributed Provable Data Possession in Multicloud Storage
Identity-Based Distributed Provable Data Possession in Multicloud Storage
1crore projects
 
Strategic Prefetching of VoD Programs Based on ART2 driven Request Clustering
Strategic Prefetching of VoD Programs Based on ART2 driven Request Clustering Strategic Prefetching of VoD Programs Based on ART2 driven Request Clustering
Strategic Prefetching of VoD Programs Based on ART2 driven Request Clustering
ijistjournal
 

What's hot (19)

Sharing Secured Scalable Data in Cloud Environment Using Key Aggregate Crypto...
Sharing Secured Scalable Data in Cloud Environment Using Key Aggregate Crypto...Sharing Secured Scalable Data in Cloud Environment Using Key Aggregate Crypto...
Sharing Secured Scalable Data in Cloud Environment Using Key Aggregate Crypto...
 
An Efficient Scheme for Data Sharing Among Dynamic Cloud Members
An Efficient Scheme for Data Sharing Among Dynamic Cloud MembersAn Efficient Scheme for Data Sharing Among Dynamic Cloud Members
An Efficient Scheme for Data Sharing Among Dynamic Cloud Members
 
Ijarcet vol-2-issue-7-2232-2235
Ijarcet vol-2-issue-7-2232-2235Ijarcet vol-2-issue-7-2232-2235
Ijarcet vol-2-issue-7-2232-2235
 
Improving Efficiency of Security in Multi-Cloud
Improving Efficiency of Security in Multi-CloudImproving Efficiency of Security in Multi-Cloud
Improving Efficiency of Security in Multi-Cloud
 
DESIGN AND ANALYSIS OF DKRINGA PROTOCOL FOR LOCATION PRIVACY IN TRUSTED ENVIR...
DESIGN AND ANALYSIS OF DKRINGA PROTOCOL FOR LOCATION PRIVACY IN TRUSTED ENVIR...DESIGN AND ANALYSIS OF DKRINGA PROTOCOL FOR LOCATION PRIVACY IN TRUSTED ENVIR...
DESIGN AND ANALYSIS OF DKRINGA PROTOCOL FOR LOCATION PRIVACY IN TRUSTED ENVIR...
 
Transmission of cryptic text using rotational visual
Transmission of cryptic text using rotational visualTransmission of cryptic text using rotational visual
Transmission of cryptic text using rotational visual
 
Transmission of cryptic text using rotational visual cryptography
Transmission of cryptic text using rotational visual cryptographyTransmission of cryptic text using rotational visual cryptography
Transmission of cryptic text using rotational visual cryptography
 
Mca projects in gagner
Mca projects in gagnerMca projects in gagner
Mca projects in gagner
 
Micro services Architecture with Vortex -- Part I
Micro services Architecture with Vortex -- Part IMicro services Architecture with Vortex -- Part I
Micro services Architecture with Vortex -- Part I
 
Mca projects in gagner, chennai slideshare
Mca projects in gagner, chennai slideshareMca projects in gagner, chennai slideshare
Mca projects in gagner, chennai slideshare
 
Ijri ece-01-01 joint data hiding and compression based on saliency and smvq
Ijri ece-01-01 joint data hiding and compression based on saliency and smvqIjri ece-01-01 joint data hiding and compression based on saliency and smvq
Ijri ece-01-01 joint data hiding and compression based on saliency and smvq
 
IRJET- A Key-Policy Attribute based Temporary Keyword Search Scheme for S...
IRJET- A Key-Policy Attribute based Temporary Keyword Search Scheme for S...IRJET- A Key-Policy Attribute based Temporary Keyword Search Scheme for S...
IRJET- A Key-Policy Attribute based Temporary Keyword Search Scheme for S...
 
A Generalized Image Authentication Based On Statistical Moments of Color Hist...
A Generalized Image Authentication Based On Statistical Moments of Color Hist...A Generalized Image Authentication Based On Statistical Moments of Color Hist...
A Generalized Image Authentication Based On Statistical Moments of Color Hist...
 
Comparative Study on Watermarking & Image Encryption for Secure Communication
Comparative Study on Watermarking & Image Encryption for Secure CommunicationComparative Study on Watermarking & Image Encryption for Secure Communication
Comparative Study on Watermarking & Image Encryption for Secure Communication
 
Access control in decentralized online social networks applying a policy hidi...
Access control in decentralized online social networks applying a policy hidi...Access control in decentralized online social networks applying a policy hidi...
Access control in decentralized online social networks applying a policy hidi...
 
Image and text Encryption using RSA algorithm in java
Image and text Encryption using RSA algorithm in java Image and text Encryption using RSA algorithm in java
Image and text Encryption using RSA algorithm in java
 
IJARCCE 20
IJARCCE 20IJARCCE 20
IJARCCE 20
 
Identity-Based Distributed Provable Data Possession in Multicloud Storage
Identity-Based Distributed Provable Data Possession in Multicloud StorageIdentity-Based Distributed Provable Data Possession in Multicloud Storage
Identity-Based Distributed Provable Data Possession in Multicloud Storage
 
Strategic Prefetching of VoD Programs Based on ART2 driven Request Clustering
Strategic Prefetching of VoD Programs Based on ART2 driven Request Clustering Strategic Prefetching of VoD Programs Based on ART2 driven Request Clustering
Strategic Prefetching of VoD Programs Based on ART2 driven Request Clustering
 

Similar to Privacy Preserving Identity Management as a Service

Ijarcet vol-2-issue-7-2232-2235
Ijarcet vol-2-issue-7-2232-2235Ijarcet vol-2-issue-7-2232-2235
Ijarcet vol-2-issue-7-2232-2235
Editor IJARCET
 
Hierarchal attribute based cryptographic model to handle security services in...
Hierarchal attribute based cryptographic model to handle security services in...Hierarchal attribute based cryptographic model to handle security services in...
Hierarchal attribute based cryptographic model to handle security services in...
IJECEIAES
 
Privacy protection domain-user integra tag deduplication in cloud data server
Privacy protection domain-user integra tag deduplication in cloud data serverPrivacy protection domain-user integra tag deduplication in cloud data server
Privacy protection domain-user integra tag deduplication in cloud data server
IJECEIAES
 
ACTOR CRITIC APPROACH BASED ANOMALY DETECTION FOR EDGE COMPUTING ENVIRONMENTS
ACTOR CRITIC APPROACH BASED ANOMALY DETECTION FOR EDGE COMPUTING ENVIRONMENTSACTOR CRITIC APPROACH BASED ANOMALY DETECTION FOR EDGE COMPUTING ENVIRONMENTS
ACTOR CRITIC APPROACH BASED ANOMALY DETECTION FOR EDGE COMPUTING ENVIRONMENTS
IJCNCJournal
 
Actor Critic Approach based Anomaly Detection for Edge Computing Environments
Actor Critic Approach based Anomaly Detection for Edge Computing EnvironmentsActor Critic Approach based Anomaly Detection for Edge Computing Environments
Actor Critic Approach based Anomaly Detection for Edge Computing Environments
IJCNCJournal
 

Similar to Privacy Preserving Identity Management as a Service (20)

IRJET- Comparison Among RSA, AES and DES
IRJET- Comparison Among RSA, AES and DESIRJET- Comparison Among RSA, AES and DES
IRJET- Comparison Among RSA, AES and DES
 
IRJET- Secure Skyline Queries over the Encrypted Data
IRJET- Secure Skyline Queries over the Encrypted DataIRJET- Secure Skyline Queries over the Encrypted Data
IRJET- Secure Skyline Queries over the Encrypted Data
 
Ijarcet vol-2-issue-7-2232-2235
Ijarcet vol-2-issue-7-2232-2235Ijarcet vol-2-issue-7-2232-2235
Ijarcet vol-2-issue-7-2232-2235
 
Hierarchal attribute based cryptographic model to handle security services in...
Hierarchal attribute based cryptographic model to handle security services in...Hierarchal attribute based cryptographic model to handle security services in...
Hierarchal attribute based cryptographic model to handle security services in...
 
561 1530-1-pb (1)
561 1530-1-pb (1)561 1530-1-pb (1)
561 1530-1-pb (1)
 
IRJET- Enhanced Cloud Data Security using Combined Encryption and Steganography
IRJET- Enhanced Cloud Data Security using Combined Encryption and SteganographyIRJET- Enhanced Cloud Data Security using Combined Encryption and Steganography
IRJET- Enhanced Cloud Data Security using Combined Encryption and Steganography
 
Secure Data Storage on Cloud System for Privacy Preserving
Secure Data Storage on Cloud System for Privacy PreservingSecure Data Storage on Cloud System for Privacy Preserving
Secure Data Storage on Cloud System for Privacy Preserving
 
Privacy protection domain-user integra tag deduplication in cloud data server
Privacy protection domain-user integra tag deduplication in cloud data serverPrivacy protection domain-user integra tag deduplication in cloud data server
Privacy protection domain-user integra tag deduplication in cloud data server
 
Cloud Encryption
Cloud EncryptionCloud Encryption
Cloud Encryption
 
K nearest neighbor classification over semantically secure encrypted relation...
K nearest neighbor classification over semantically secure encrypted relation...K nearest neighbor classification over semantically secure encrypted relation...
K nearest neighbor classification over semantically secure encrypted relation...
 
IRJET - A Secure AMR Stganography Scheme based on Pulse Distribution Mode...
IRJET - A Secure AMR Stganography Scheme based on Pulse Distribution Mode...IRJET - A Secure AMR Stganography Scheme based on Pulse Distribution Mode...
IRJET - A Secure AMR Stganography Scheme based on Pulse Distribution Mode...
 
Managing Cloud Security Risks in Your Organization
Managing Cloud Security Risks in Your OrganizationManaging Cloud Security Risks in Your Organization
Managing Cloud Security Risks in Your Organization
 
IRJET- Anchoring of Cloud Information under Key Presentation
IRJET- Anchoring of Cloud Information under Key PresentationIRJET- Anchoring of Cloud Information under Key Presentation
IRJET- Anchoring of Cloud Information under Key Presentation
 
ACTOR CRITIC APPROACH BASED ANOMALY DETECTION FOR EDGE COMPUTING ENVIRONMENTS
ACTOR CRITIC APPROACH BASED ANOMALY DETECTION FOR EDGE COMPUTING ENVIRONMENTSACTOR CRITIC APPROACH BASED ANOMALY DETECTION FOR EDGE COMPUTING ENVIRONMENTS
ACTOR CRITIC APPROACH BASED ANOMALY DETECTION FOR EDGE COMPUTING ENVIRONMENTS
 
Actor Critic Approach based Anomaly Detection for Edge Computing Environments
Actor Critic Approach based Anomaly Detection for Edge Computing EnvironmentsActor Critic Approach based Anomaly Detection for Edge Computing Environments
Actor Critic Approach based Anomaly Detection for Edge Computing Environments
 
SECURITY IN COULD DATA STORAGE USING SOFT COMPUTING TECHNIQUES AND ELGAMAL CR...
SECURITY IN COULD DATA STORAGE USING SOFT COMPUTING TECHNIQUES AND ELGAMAL CR...SECURITY IN COULD DATA STORAGE USING SOFT COMPUTING TECHNIQUES AND ELGAMAL CR...
SECURITY IN COULD DATA STORAGE USING SOFT COMPUTING TECHNIQUES AND ELGAMAL CR...
 
Enhancing Privacy in Cloud Service Provider Using Cryptographic Algorithm
Enhancing Privacy in Cloud Service Provider Using Cryptographic AlgorithmEnhancing Privacy in Cloud Service Provider Using Cryptographic Algorithm
Enhancing Privacy in Cloud Service Provider Using Cryptographic Algorithm
 
IRJET - Efficient and Verifiable Queries over Encrypted Data in Cloud
IRJET - Efficient and Verifiable Queries over Encrypted Data in Cloud IRJET - Efficient and Verifiable Queries over Encrypted Data in Cloud
IRJET - Efficient and Verifiable Queries over Encrypted Data in Cloud
 
Achieving Secure And Scalable Cloud computing
Achieving Secure And Scalable Cloud computingAchieving Secure And Scalable Cloud computing
Achieving Secure And Scalable Cloud computing
 
IRJET- An EFficiency and Privacy-Preserving Biometric Identification Scheme i...
IRJET- An EFficiency and Privacy-Preserving Biometric Identification Scheme i...IRJET- An EFficiency and Privacy-Preserving Biometric Identification Scheme i...
IRJET- An EFficiency and Privacy-Preserving Biometric Identification Scheme i...
 

Recently uploaded

DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
UiPathCommunity
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Orbitshub
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Victor Rentea
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdf
Overkill Security
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
Overkill Security
 

Recently uploaded (20)

Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdf
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 

Privacy Preserving Identity Management as a Service

  • 1. Outline Motivation State of the art Results Research Challenges Privacy-Preserving Identity Management as a Service David Nu˜nez Supervisors: Isaac Agudo, and Javier Lopez Network, Information and Computer Security Laboratory (NICS Lab) Universidad de M´alaga, Spain Email: dnunez@lcc.uma.es June 4, 2014
  • 2. Outline Motivation State of the art Results Research Challenges 1. Motivation 2. State of the art 3. Results 4. Research Challenges
  • 3. Outline Motivation State of the art Results Research Challenges Introduction Identity Management is a ubiquitous service Costly ⇒ specific applications and personnel Identity Management as a Service (IDaaS) Cloud computing solution to this problem Organizations can outsource their IdM services to the cloud Cloud providers specialized in Identity Management New business opportunities to cloud providers
  • 4. Outline Motivation State of the art Results Research Challenges Scenarios Service Provider Host Organization (Identity Provider) Employee belongs to requests service direct trust retrieves identity provides identity information Figure : Federated Identity Management Scenario
  • 5. Outline Motivation State of the art Results Research Challenges Scenarios Cloud Identity Provider Service Provider Host Organization Employee belongs to requests service outsources identity management direct trust direct trust indirect trust retrieves identity provides identity information Figure : Identity Management as a Service Scenario
  • 6. Outline Motivation State of the art Results Research Challenges Motivation Classic problem of cloud computing ⇒ The user loses the control of his data Now we are talking about identity data... ⇒ Data protection laws and regulations Current solution: Service Level Agreements (SLAs) ⇒ It is just an agreement not a technical safeguard Trust problem ⇒ Users are obliged to trust the provider
  • 7. Outline Motivation State of the art Results Research Challenges Problem statement Goal: To define technical safeguards that allow an IdM service without compromising users’ data This solution must go beyond defining an access control and enforcement layer ⇒ Cryptographic safeguards Solution must not interfere with the service provision Control must go back to the owner of data
  • 8. Outline Motivation State of the art Results Research Challenges Proposal BlindIDM – A Model for Privacy-preserving IDaaS Privacy-preserving IDaaS system Based in SAML 2.0 and Proxy Re-Encryption Identity attributes are encrypted by the user and decrypted by the requester The Identity Provider (IdP) stores encrypted attributes ⇒ Still capable of offering an identity service First proposal that tackles this problem
  • 9. Outline Motivation State of the art Results Research Challenges Cryptographic Cloud Storage Kamara, S., and Lauter, K. (2010). Cryptographic cloud storage. In Financial Cryptography and Data Security
  • 10. Outline Motivation State of the art Results Research Challenges Sticky Policies Pearson, S., Mont, M. C., Chen, L., and Reed, A. (2011). End-to-end policy-based encryption and management of data in the cloud. In IEEE CloudCom 2011
  • 11. Outline Motivation State of the art Results Research Challenges SAML 2.0 Security Assertion Markup Language OASIS Standard Description and exchange of identity information (e.g., attributes) Protocols for issuing and exchanging assertions
  • 12. Outline Motivation State of the art Results Research Challenges Proxy Re-Encryption: Overview A PRE scheme is a public-key encryption scheme that permits a proxy to transform ciphertexts under Alice’s public key into ciphertexts under Bob’s public key. The proxy needs a re-encryption key rA→B to make this transformation possible. Figure : Proxy Re-Encryption flow
  • 13. Outline Motivation State of the art Results Research Challenges Proxy Re-Encryption: AFGH scheme Global parameters: G1, G2 are groups of prime order q e : G1 × G1 → G2 is a bilinear pairing g ∈ G1, Z = e(g, g) ∈ G2 Primitives: Key Generation: KG() = (sA, pA) Re-Encryption Key Generation: RKG(sA, pB) = rA→B First-level Encryption: E1(m, pA) = c1 Second-level Encryption: E2(m, pA) = c2 Re-Encryption: R(c2, rA→B) = c1 First-level Decryption: D1(c1, sA) = m Second-level Decryption: D2(c2, sA) = m
  • 14. Outline Motivation State of the art Results Research Challenges Proxy Re-Encryption: AFGH scheme Properties: Unidirectional Unihop Collusion-resistant
  • 15. Outline Motivation State of the art Results Research Challenges BlindIDM – Privacy-preserving IDaaS Cloud Identity Provider Service Provider Host Organization Employee belongs to requests service outsources identity management direct trust direct trust indirect trust retrieves identity provides identity information Figure : Identity Management as a Service Scenario
  • 16. Outline Motivation State of the art Results Research Challenges BlindIDM – Privacy-preserving IDaaS Cloud Identity Provider Service Provider Host Organization rH→SP(pH, sH) (pSP , sSP ) ca c a Figure : Information flow within our system
  • 17. Outline Motivation State of the art Results Research Challenges Assumptions Honest-but-curious provider: The cloud provider will respect protocol fulfillment, but will try to read users’ data Existing trust relationship between users and requesters ⇒ Expressed using SAML Metadata
  • 18. Outline Motivation State of the art Results Research Challenges Integration with SAML User agent Service Provider Cloud Identity Provider Host Organization Request service Discovery of the IdP SAML AuthnRequest AuthnRequest (User redirection) SAML AuthnRequest AuthnRequest (User redirection) User authentication SAML Response Response (User redirection) Re-encryption of user attributes and creation of SAML Response Response (User redirection) Decryption of user attributes and verification of SAML Response Access to service Figure : Modified SAML Authentication sequence
  • 19. Outline Motivation State of the art Results Research Challenges Implementation details We have implemented: Prototype implementation using OpenSAML library AFGH Proxy Re-Encryption scheme using Java Pairing-Based Cryptography library (jPBC)1 1 A. D. Caro, http://gas.dia.unisa.it/projects/jpbc
  • 20. Outline Motivation State of the art Results Research Challenges Economic analysis Most of proposals do not analyze their economic impact Cryptographic operations have an economic cost due to computation, communication, etc. ⇒ Cloud provider incurs in expenses due to energy consumption, personnel, ... Our estimations are based on a research from Chen Sion2 ⇒ They give estimations for computation, storage and communication costs, expressed in picocents (1 picocent = 10E−12 USD cent) We estimate the number of CPU cycles to give an approximation of the costs 2 Y. Chen and R. Sion, “On securing untrusted clouds with cryptography” in Proc. 9th annual ACM workshop on Privacy in the electronic society
  • 21. Outline Motivation State of the art Results Research Challenges Economic analysis: costs Table : Costs in picocents for the main operations Operation Cost per operation Operations per cent Encryption 4.34E+08 2304 Re-encryption 4.79E+08 2087 Decryption 5.70E+08 1755
  • 22. Outline Motivation State of the art Results Research Challenges Economic analysis: example scenario IDaaS provider that handles 1 million attribute requests per day ⇒ 1 million re-encryptions per day Approx. 2000 USD per year Reasonable cost for an average-sized company, considering that their information is encrypted at the cloud provider
  • 23. Outline Motivation State of the art Results Research Challenges Results IDaaS is a promising paradigm for organizations Cloud providers are in a privileged position to gain information about their users We need technical safeguards, such as those based in cryptography, to ensure users’ privacy
  • 24. Outline Motivation State of the art Results Research Challenges Results We describe an IDaaS system that handles encrypted attributes and still provides an identity service Our system is based in SAML and Proxy Re-Encryption The cloud identity provider transforms encrypted attributes from the original users to ciphertexts for the requesters using re-encryption Implementation and economic analysis is provided
  • 25. Outline Motivation State of the art Results Research Challenges Publications D. Nu˜nez, and I. Agudo, “BlindIdM: A Privacy-Preserving Approach for Identity Management as a Service”, In International Journal of Information Security, vol. 13, issue 2, Springer, pp. 199-215, 2014. D. Nu˜nez, I. Agudo, and J. Lopez, “Integrating OpenID with Proxy Re-Encryption to enhance privacy in cloud-based identity services”, In IEEE CloudCom 2012, Dec 2012 D. Nu˜nez, I. Agudo, et al., “Identity Management Challenges for Intercloud Applications”, In STAVE 2011, June, 2011 I. Agudo, D. Nu˜nez, et al., “Cryptography Goes to the Cloud”, In STAVE 2011, June, 2011
  • 26. Outline Motivation State of the art Results Research Challenges Next steps Consider the (un)linkability problem Granular access control Deployment of prototype in cloud setting More efficient and secure cryptographic solutions
  • 27. Outline Motivation State of the art Results Research Challenges Research Challenges Leveraging user-centricity in identity management. Enhancing users’ privacy in digital transactions that involve their identity. Interoperability of the solutions. Solutions that reduce the trade-off between anonymity and accountability. Exploring and devising new cryptographic techniques for protecting privacy on cloud-based settings.
  • 28. Outline Motivation State of the art Results Research Challenges Thank you!