This document discusses challenges and opportunities for building identity providers (IdPs) as a service using a cloud-of-clouds approach. It outlines how a multi-cloud architecture can increase resilience and trustworthiness compared to single cloud or data center deployments. Experimental evaluations show the multi-cloud approach improves performance and scalability while reducing costs compared to other options. However, technical challenges remain around efficient wide-area networks, interoperability, and privacy across multiple cloud providers.

1. Identity Providers-as-a-Service built as
Cloud-of-Clouds: challenges and opportunities
Diego Kreutz and Eduardo Feitosa
FedCSIS/SODIS 2014, Warsaw, Poland

2. Outline
Resilient & Secure IdPs
Motivation & Goals
Deployments & Trade Offs
Open Roads & Opportunities
Experimental Evaluations

3. Common Threats and Challenges
Cyber Crimes/Attacks!
Software Bugs & Vulnerabilities
Logical Failures
3

4. 4
Vulnerabilities and Treats in IdPs
Vulnerability/Support RADIUS OpenID
Tolerates crash faults (e.g., back-end clusters) YES YES
Tolerates arbitrary faults NO NO
Tolerates infrastructure outages NO NO
Tolerates DDoS attacks NO NO
Risk of common vulnerabilities HIGH HIGH
Risk of sensitive data leakage HIGH HIGH
Diverse security-related vulnerabilities YES YES
Susceptible to resource depletion attacks YES YES

5. 5
What can we do about it?

6. 6
What can we do about it?
Approach 1: try to fix
everything!?

7. 7
What can we do about it?
Approach 2: increase the
system’s resilience and
trustworthiness
Hybrid system architectures, specialized components, clouds, …

8. 8
Current State of Affairs
Fault
tolerance/resilience
Level
of
trust
C1
C2
C3 C4
C6
C5

9. Goals
9
Develop new hybrid system
architectures.
Use cloud and multi-cloud
environments to increase the
resilience and trustworthiness of
critical systems.
Reduce costs and foster new
business models.

10. Cloud: some benefits
10
Ø Elasticity of resources"
Ø Cost-effectiveness"
§ Reduce CAPEX and OPEX for business"
Ø Efficient and productive tools and systems"
Ø Protection against high scale attacks"

11. Cloud: some challenges
11
Ø Failures: are still high"
Ø Performance"
§ Hard to measure"
§ Not yet enough for HPC apps"
Ø Price models"
§ No standards"
§ No easy way to measure and compare"
Ø Confidentiality & Privacy"
§ Cloud provider has access to your data"

12. Multi-Cloud: some benefits
12
Ø Increasing reliability"
§ Up to three nines"
Ø Lower costs"
Ø No vendor lock-in"
Ø Better privacy and confidentiality"
§ Multi-cloud storage crypto solutions"
Ø Improved performance"
Ø Diversity of attack defenses"

13. Multi-Cloud: challenges
13
Ø Inter-cloud high network latency"
Ø Network performance, reliability and costs"
Ø Privacy and confidentiality"
§ Yet, still easier to solve than in a single cloud"
Ø Deployment and management costs"
§ Different technologies"
§ Diversity of tools"
§ Lack of standardized interoperability"

14. Multi-DCs/Cloud Trade Offs
14
PhyMachine1!
Hypervisor 1!
VM1!
Resilient
Service!
OverallSystemPerformance!
HighAvailability(towards3nines)!
ResistancetoAttacksandVulnerabilities!
Single Data Center (Multiple Physical Machines)
SusceptibilitytoPhysicalandLogicalFailures!
PhyMachine2!
Hypervisor 2!
VM2!
Resilient
Service!
PhyMachine3!
Hypervisor 3!
VM3!
Resilient
Service!
PhyMachine1!
Hypervisor 1!
VM1!
Resilient
Service!
Multiple Data Centers (Single Cloud Provider)
PhyMachine2!
Hypervisor 2!
VM2!
Resilient
Service!
PhyMachine3!
Hypervisor 3!
VM3!
Resilient
Service!
PhyMachine1!
Hypervisor 1!
VM1!
Resilient
Service!
Multiple Cloud Providers
PhyMachine2!
Hypervisor 2!
VM2!
Resilient
Service!
PhyMachine3!
Hypervisor 3!
VM3!
Resilient
Service!

15. Outline
Resilient & Secure IdPs
Motivation & Goals
Deployments & Trade Offs
Open Roads & Opportunities
Experimental Evaluations

16. 16
OpenID: traditional architecture
Client / Web
Browser!
Service Provider!
(Relying Party)!
OpenID
server!
steps 4 and 5!
OpenID!
Backends!
SQL$
LDAP$

17. 17
ROpenID Architecture
User
Browser / !
Certificate /
Attributes!
IdP Service
Replicas!
Service Providers
(SPs) / Relying
Parties (RPs)!
IdP Gateways!
Resilient and
Secue IdP!
Secure Authentication!
(confidentiality)!
Alternative Path!
Default Path!

18. Ø Arbitrary faults:
§ Between the
CIS and
gateway
18
Client!
Cx!
CIS!
Cx!
Service!
Sx!
Gateway!
Gx!
Timeout A! Timeout B!
Corrupted response !
from replica Sx!
Corrupted response !
from replica Gx!
Byzantine behavior!
from replica Cx!
ROpenID Fault Detection Mechanisms
Ø Timeouts:"
§ Between client and service"
§ Between service and gateway"
Ø Corrupted messages detection"
§ Between service and client"
§ Between gateway and service"

19. 19
Main Building Blocks
1. Virtual Machines"
2. Trusted Computing Base"
§ e.g. hypervisors"
3. Trusted Components"
§ e.g. smart cards, TPMs, isolated VMs, secured PCs"
4. Replication & Recovery Protocols"
§ e.g. BFT-SMaRt and ITVM"
5. Diversity"
§ e.g. different operating systems"
6. Strong mutual authentication"
§ e.g. EAP-TLS"

20. 20
What is a TC in our model?
A trusted/secure component can be “any” device capable of ensuring !
the data and operation confidentiality of the target system/environment.!
Smart Cards" TPM" Tamper Resistant
a FPGA"
A Highly Secured
(shielded) Computer"
Virtual TPM"
(e.g. vTPM)"
Secure Hypervisor
(e.g. sHyper)"

21. Outline
Resilient & Secure IdPs
Motivation & Goals
Deployments & Trade Offs
Open Roads & Opportunities
Experimental Evaluations

22. 22
ROpenID Deployments

23. 23
ROpenID Deployments

24. 24
Deployments & Trade Offs
PhyMachine1!
Hypervisor 1!
VM1!
Resilient
Service!
VM2!
Resilient
Service!
VM3!
Resilient
Service!
PhyMachine1!
Hypervisor 1!
VM1!
Resilient
Service!
Administrative
Domain1!
Administrative
Domain1!
Administrative
Domain1!
Performance!
Availability!
PhyMachine2!Hypervisor 2!
VM2!
Resilient
Service!
PhyMachine3!
Hypervisor 3!
VM3!
Resilient
Service!
PhyMachine1!
Hypervisor 1!
VM1!
Resilient
Service!
Administrative
Domain3!
Administrative
Domain2!
PhyMachine2!
Hypervisor 2!
VM2!
Resilient
Service!
PhyMachine3!
Hypervisor 3!
VM3!
Resilient
Service!
Susceptibletodepletionattacks!
(a)!
(b)!
(c)!

25. 25
Deployments & Trade Offs
PhyMachine1!
Hypervisor 1!
VM1!
Resilient
Service!
OverallSystemPerformance!
HighAvailability(towards3nines)!
ResistancetoAttacksandVulnerabilities!
Single Data Center (Multiple Physical Machines)
SusceptibilitytoPhysicalandLogicalFailures!
PhyMachine2!
Hypervisor 2!
VM2!
Resilient
Service!
PhyMachine3!
Hypervisor 3!
VM3!
Resilient
Service!
PhyMachine1!
Hypervisor 1!
VM1!
Resilient
Service!
Multiple Data Centers (Single Cloud Provider)
PhyMachine2!
Hypervisor 2!
VM2!
Resilient
Service!
PhyMachine3!
Hypervisor 3!
VM3!
Resilient
Service!
PhyMachine1!
Hypervisor 1!
VM1!
Resilient
Service!
Multiple Cloud Providers
PhyMachine2!
Hypervisor 2!
VM2!
Resilient
Service!
PhyMachine3!
Hypervisor 3!
VM3!
Resilient
Service!

26. Wait! What about
resource depletion
attacks?
In virtualized environments,
how malicious VMs can
affect the execution of non-
malicious VMs?

27. 27
Resource Depletion Attacks
200
400
600
800
1000
1200
1400
1600
10 20 40 80 100
Numberofauthentications/s
Number of OpenID clients
ROpenID throughput under CPU depletion attacks
FF-Exec
3vCPUs-Attack
6vCPUs-Attack
12vCPUs-Attack

28. 28
Resource Depletion Attacks
200
400
600
800
1000
1200
1400
1600
10 20 40 80 100
Numberofauthentications/s
Number of OpenID clients
ROpenID throughput under attacks
QuintaVMs
TCP-ACK-A
TCP-SYN-A
TCP-SYN-ACK-A
TCP-SSH-A

29. Outline
Resilient & Secure IdPs
Motivation & Goals
Deployments & Trade Offs
Open Roads & Opportunities
Experimental Evaluations

30. 30
ROpenID Evaluation
Average Latency:
78.360ms!
Average Latency:
87.343ms!
Average Latency:
32.103ms!
Environment vCPU ECUs MEM Disk Network
UFAM-VMs 2 --- 2GB 20GB Gigabit
Amazon-EC2 4 13 15GB 2x40 SSD High Speed
Amazon-DCs 4 13 15GB 2x40 SSD Public WAN

31. 31
ROpenID Evaluation
Average Latency:
78.360ms!
Average Latency:
87.343ms!
Average Latency:
32.103ms!
# of clients UFAM-VMs Amazon-EC2 Amazon-DCs
20 867.73 1969.17 26.66
40 984.59 2166.58 50.72
80 995.12 2244.30 92.42
100 960.11 2244.04 114.05

32. Outline
Resilient & Secure IdPs
Motivation & Goals
Deployments & Trade Offs
Open Roads & Opportunities
Experimental Evaluations

33. 33
Multi-DCs/Clouds deployments
IdP-R2!
SP1/RP1!
SP2/RP2!
IdP-R2! IdP-R2!
GW2!
(Colocation)!
GW1!

34. 34
Scaling up ROpenID
Environment 20 clients 40 clients 80 clients 100 clients
UFAM-VMs 867 984 995 960
Amazon-EC2 1969 2166 2244 2444
Amazon-DCs 26 50 92 114
Environment 10k users 100k users 500k users 1M users
UFAM-VMs 4.16% 41.66% 208.30% 416.61%
Amazon-EC2 1.78% 17.82% 89.11% 178.22%
Amazon-DCs 35.07% 350.72% 1753.61% 3507.23%

35. 35
Scaling up ROpenID
Cost/Users 10k users 100k users 500k users 1M users
IaaS $350.40 $3,507.65 $17,531.90 $35,083.80
Service $550.37 $5,503.70 $27,518.50 $55,037.00
Total cost/y $900.77 $9,011.35 $45,060.40 $90,120.80
Environment 10k users 100k users 500k users 1M users
UFAM-VMs 4.16% 41.66% 208.30% 416.61%
Amazon-EC2 1.78% 17.82% 89.11% 178.22%
Amazon-DCs 35.07% 350.72% 1753.61% 3507.23%

36. Technical and Business Challenges
36
Ø Efficient networks"
§ Low latency"
§ High throughput"
Ø Cost-effective three nines"
§ Combined multi-cloud solutions"
Ø Confidentiality and Privacy"
§ Combined multi-cloud solutions"

37. 37
Multi-DCs/Clouds Efficient Networks

38. 38
Final remarks on multi-cloud IdPs
Ø New business opportunities for"
§ Cloud providers"
§ Startups"
Ø Research open reads & challenges"
§ Efficient WANs"
§ Telco Clouds"
§ Multi-cloud elasticity "
§ Multi-cloud interoperability"
§ Confidentiality & Privacy"

39. SecFuNet Project
(FP7-ICT-2011-EU-Brazil – STREP number 288349)
Acknowledgments

40. Identity Providers-as-a-Service built as
Cloud-of-Clouds: challenges and opportunities
Diego Kreutz and Eduardo Feitosa
FedCSIS/SODIS 2014, Warsaw, Poland