SlideShare a Scribd company logo

Umer Khalid Thesis Abstract

U
Umer Khalid

This thesis proposes a design and implementation of an anonymous authentication and authorization protocol for cloud computing. The protocol uses traceable anonymous certificates instead of standard public key certificates to authenticate users without revealing personally identifiable information. Authorization is provided through XACML access control policies bound to anonymous identities rather than real identities. The protocol aims to mitigate threats like identity theft and privacy leaks while requiring minimal changes to existing systems. It was validated using Scyther to ensure resistance against common attacks such as man-in-the-middle and replay attacks.

1 of 2
Download to read offline
1
2
Secure and Privacy Enhanced Authentication & Authorization in Cloud By Umer Khalid 2011-NUST-MS-CCS-35 Thesis Supervisor Dr. Abdul Ghafoor Department of Computing A thesis submitted in partial fulfillment of the requirements for the degree Of Masters of Science in Computer and Communication Security (MS CCS) In Department of Computing (DoC) School of Electrical Engineering & Computer Science (SEECS) National University of Sciences & Technology (NUST), Islamabad, Pakistan (2014)
Abstract. Cloud computing is a general purpose technology that greatly impacts business owners and organizations in terms of energy, cost and efficiency. However, organizations are reluctant about shifting sensitive information such as identity credentials over the cloud environment. Up till now, legacy security standards have been used by organizations for the protection of resources which pose unique threats like identity theft and privacy leaks due to the use of Personally Identifiable Information (PII) during the exchange of authentication and authorization messages. This research provides the design and implementation of an anonymous authentication and authorization protocol as a solution to these problems. The solution consists of carefully selected components such as, FIPS 196 for a proven and robust authentication mechanism, whereas, XACML based Policy Enforcement Point (PEP) for authorization. An identity management system (IDMS) is chosen in order to maintain a record of the registered users. For anonymity, the designed protocol uses traceable anonymous certificates (TAC’s) instead of simple public key certificates generated using anonymous identities (AID). A client side application passes these certificates as initial parameters for authentication to a strong authentication server (SA server). Certificates are modified further such that they do not leak any Personal Identifiable Information (PII) about the users. Authorization is provided using standard XACML based access control policies which are binded to the anonymous identities of the registered users instead of real identities. Hence using this protocol, threats such as identity theft and leakage can be mitigated with minimal changes to existing setups. In order to validate the designed protocol, Scyther is used. After validation, it is verified that our security protocol resists against man-in-the-middle, replay and attacks on confidentiality of user’s credentials.

More Related Content

DOCX
Security and privacy preserving challenges of e-health solutions in cloud com...
Venkat Projects
 
PPTX
Using Microsoft Dynamic Access Control to create Information Barriers for SEC...
NextLabs, Inc.
 
PDF
Privacy protection for role based access control in service oriented architec...
IJNSA Journal
 
PPTX
Database modeling and security
Neeharika Nidadavolu
 
PDF
What is Two Factor Authentication
ArrayShield Technologies Private Limited
 
PDF
Bluedog white paper - Our WebObjects Web Security Model
tom termini
 
ODP
Securing The Cloud
george.james
 
PDF
[EMC] Source Code Protection
Perforce
 
Security and privacy preserving challenges of e-health solutions in cloud com...
Venkat Projects
 
Using Microsoft Dynamic Access Control to create Information Barriers for SEC...
NextLabs, Inc.
 
Privacy protection for role based access control in service oriented architec...
IJNSA Journal
 
Database modeling and security
Neeharika Nidadavolu
 
What is Two Factor Authentication
ArrayShield Technologies Private Limited
 
Bluedog white paper - Our WebObjects Web Security Model
tom termini
 
Securing The Cloud
george.james
 
[EMC] Source Code Protection
Perforce
 

What's hot (19)

PDF
Database security
keerthusandeepreddy
 
PDF
Ingres database and compliance
Actian Corporation
 
PPTX
Database Security
ShingalaKrupa
 
PDF
Cybersecurity 101 - Auditing Cyber Security
Eryk Budi Pratama
 
POT
Automation alley day in the cloud presentation - formatted
Matthew Moldvan
 
PPT
DB security
ERSHUBHAM TIWARI
 
PDF
IT SECURITY PLAN FOR FLIGHT SIMULATION PROGRAM
IJCSEA Journal
 
PDF
Addressing Insider Threat using "Where You Are" as Fourth Factor Authentication
Peter Choi
 
PPT
Finding Your Lost Keys
trueidentity
 
DOCX
Cloud assisted mobile-access of health data with privacy and auditability
Adz91 Digital Ads Pvt Ltd
 
PDF
Some Studies on Protection for the Hidden Attribute Based Signatures without ...
ijtsrd
 
PDF
Cloud assisted mobile-access of health data with privacy and auditability
Shakas Technologies
 
PDF
Ppt security-database-overview-11g r2
Oracle BH
 
PPTX
Database security
Arpana shree
 
PPT
Security and information assurance
bdemchak
 
PDF
Dit yvol3iss33
Rick Lemieux
 
PPTX
01 database security ent-db
uncleRhyme
 
PPTX
Security and Privacy Challenges in Cloud Computing Environments
Eyob Seyfu
 
PDF
(2007) Privacy Preserving Multi-Factor Authentication with Biometrics
International Center for Biometric Research
 
Database security
keerthusandeepreddy
 
Ingres database and compliance
Actian Corporation
 
Database Security
ShingalaKrupa
 
Cybersecurity 101 - Auditing Cyber Security
Eryk Budi Pratama
 
Automation alley day in the cloud presentation - formatted
Matthew Moldvan
 
DB security
ERSHUBHAM TIWARI
 
IT SECURITY PLAN FOR FLIGHT SIMULATION PROGRAM
IJCSEA Journal
 
Addressing Insider Threat using "Where You Are" as Fourth Factor Authentication
Peter Choi
 
Finding Your Lost Keys
trueidentity
 
Cloud assisted mobile-access of health data with privacy and auditability
Adz91 Digital Ads Pvt Ltd
 
Some Studies on Protection for the Hidden Attribute Based Signatures without ...
ijtsrd
 
Cloud assisted mobile-access of health data with privacy and auditability
Shakas Technologies
 
Ppt security-database-overview-11g r2
Oracle BH
 
Database security
Arpana shree
 
Security and information assurance
bdemchak
 
Dit yvol3iss33
Rick Lemieux
 
01 database security ent-db
uncleRhyme
 
Security and Privacy Challenges in Cloud Computing Environments
Eyob Seyfu
 
(2007) Privacy Preserving Multi-Factor Authentication with Biometrics
International Center for Biometric Research
 
Ad

Viewers also liked (16)

PPT
Secure and Privacy Enhanced Authentication & Authorization Protocol in Cloud
Umer Khalid
 
PPTX
Extending Authentication and Authorization
Edin Kapic
 
DOCX
Synopsis for Online Railway Railway Reservation System
ZainabNoorGul
 
PDF
Chat Bot Architecture
Yegor Bugayenko
 
PPTX
Chat bot analysis
Aung Thu Rha Hein
 
PPTX
An Introduction To Chat Bots
Sohan Maheshwar
 
DOCX
Artificial intelligence report
Sourabh Sharma
 
PPTX
Artificially Intelligent chatbot Implementation
Rakesh Chintha
 
PDF
Introduction to Chatbots
Daden Limited
 
DOCX
Documentation of railway reservation system
Sandip Murari
 
PDF
Chatbot Artificial Intelligence
Md. Mahedi Mahfuj
 
PDF
The Chatbots Are Coming: A Guide to Chatbots, AI and Conversational Interfaces
TWG
 
DOCX
Online railway reservation system
PIYUSH Dubey
 
PDF
chatbot and messenger as a platform
Daisuke Minamide
 
PPTX
Data security in cloud computing
Prince Chandu
 
PPTX
Presentation on Railway Reservation System
Priyanka Sharma
 
Secure and Privacy Enhanced Authentication & Authorization Protocol in Cloud
Umer Khalid
 
Extending Authentication and Authorization
Edin Kapic
 
Synopsis for Online Railway Railway Reservation System
ZainabNoorGul
 
Chat Bot Architecture
Yegor Bugayenko
 
Chat bot analysis
Aung Thu Rha Hein
 
An Introduction To Chat Bots
Sohan Maheshwar
 
Artificial intelligence report
Sourabh Sharma
 
Artificially Intelligent chatbot Implementation
Rakesh Chintha
 
Introduction to Chatbots
Daden Limited
 
Documentation of railway reservation system
Sandip Murari
 
Chatbot Artificial Intelligence
Md. Mahedi Mahfuj
 
The Chatbots Are Coming: A Guide to Chatbots, AI and Conversational Interfaces
TWG
 
Online railway reservation system
PIYUSH Dubey
 
chatbot and messenger as a platform
Daisuke Minamide
 
Data security in cloud computing
Prince Chandu
 
Presentation on Railway Reservation System
Priyanka Sharma
 
Ad

Similar to Umer Khalid Thesis Abstract (20)

PDF
IRJET - Study Paper on Various Security Mechanism of Cloud Computing
IRJET Journal
 
PDF
IDENTITY PLATFORMS: How central, flexible, deployment of multiple authenticat...
Entrust Datacard
 
PDF
E-Mail Systems In Cloud Computing Environment Privacy,Trust And Security Chal...
IJERA Editor
 
PDF
Design and implementation of a privacy preserved off premises cloud storage
sarfraznawaz
 
DOCX
COST-EFFECTIVE AUTHENTIC AND ANONYMOUS DATA SHARING WITH FORWARD SECURITY
Shakas Technologies
 
DOCX
School of Computer & Information SciencesITS-532 Cloud C.docx
jeffsrosalyn
 
PDF
Dynamic Key Based User Authentication (DKBUA) Framework for MobiCloud Environ...
International Journal of Computer and Communication System Engineering
 
PPTX
I am sharing 'unit 3' with youuuuuu.PPTX
padhaipadhai639
 
PPTX
I am sharing 'unit 3' with youuuuuu.PPTX
padhaipadhai639
 
DOCX
Security policy case study
ashu6
 
PDF
Cyber security and cyber law
Divyank Jindal
 
PDF
50120140502015
IAEME Publication
 
PPTX
2024 Most Influential Cyber Security Technologies_ A Detailed Recap.pptx
infosprintseo
 
PDF
A Survey on Different Techniques Used in Decentralized Cloud Computing
Editor IJCATR
 
PDF
Kx3518741881
IJERA Editor
 
PDF
Latest Cybersecurity Trends
IRJET Journal
 
PDF
Crush Cloud Complexity, Simplify Security - Shield X
Prime Infoserv
 
PDF
Microsoft 365 eEnterprise E5 Overview
David J Rosenthal
 
PDF
TYPES OF AUTHENTICATIONS IN WEB BASED FRONTEND
ijait
 
PDF
TYPES OF AUTHENTICATIONS IN WEB BASED FRONTEND
ijait
 
IRJET - Study Paper on Various Security Mechanism of Cloud Computing
IRJET Journal
 
IDENTITY PLATFORMS: How central, flexible, deployment of multiple authenticat...
Entrust Datacard
 
E-Mail Systems In Cloud Computing Environment Privacy,Trust And Security Chal...
IJERA Editor
 
Design and implementation of a privacy preserved off premises cloud storage
sarfraznawaz
 
COST-EFFECTIVE AUTHENTIC AND ANONYMOUS DATA SHARING WITH FORWARD SECURITY
Shakas Technologies
 
School of Computer & Information SciencesITS-532 Cloud C.docx
jeffsrosalyn
 
Dynamic Key Based User Authentication (DKBUA) Framework for MobiCloud Environ...
International Journal of Computer and Communication System Engineering
 
I am sharing 'unit 3' with youuuuuu.PPTX
padhaipadhai639
 
I am sharing 'unit 3' with youuuuuu.PPTX
padhaipadhai639
 
Security policy case study
ashu6
 
Cyber security and cyber law
Divyank Jindal
 
50120140502015
IAEME Publication
 
2024 Most Influential Cyber Security Technologies_ A Detailed Recap.pptx
infosprintseo
 
A Survey on Different Techniques Used in Decentralized Cloud Computing
Editor IJCATR
 
Kx3518741881
IJERA Editor
 
Latest Cybersecurity Trends
IRJET Journal
 
Crush Cloud Complexity, Simplify Security - Shield X
Prime Infoserv
 
Microsoft 365 eEnterprise E5 Overview
David J Rosenthal
 
TYPES OF AUTHENTICATIONS IN WEB BASED FRONTEND
ijait
 
TYPES OF AUTHENTICATIONS IN WEB BASED FRONTEND
ijait
 

Umer Khalid Thesis Abstract

  • 1. Secure and Privacy Enhanced Authentication & Authorization in Cloud By Umer Khalid 2011-NUST-MS-CCS-35 Thesis Supervisor Dr. Abdul Ghafoor Department of Computing A thesis submitted in partial fulfillment of the requirements for the degree Of Masters of Science in Computer and Communication Security (MS CCS) In Department of Computing (DoC) School of Electrical Engineering & Computer Science (SEECS) National University of Sciences & Technology (NUST), Islamabad, Pakistan (2014)
  • 2. Abstract. Cloud computing is a general purpose technology that greatly impacts business owners and organizations in terms of energy, cost and efficiency. However, organizations are reluctant about shifting sensitive information such as identity credentials over the cloud environment. Up till now, legacy security standards have been used by organizations for the protection of resources which pose unique threats like identity theft and privacy leaks due to the use of Personally Identifiable Information (PII) during the exchange of authentication and authorization messages. This research provides the design and implementation of an anonymous authentication and authorization protocol as a solution to these problems. The solution consists of carefully selected components such as, FIPS 196 for a proven and robust authentication mechanism, whereas, XACML based Policy Enforcement Point (PEP) for authorization. An identity management system (IDMS) is chosen in order to maintain a record of the registered users. For anonymity, the designed protocol uses traceable anonymous certificates (TAC’s) instead of simple public key certificates generated using anonymous identities (AID). A client side application passes these certificates as initial parameters for authentication to a strong authentication server (SA server). Certificates are modified further such that they do not leak any Personal Identifiable Information (PII) about the users. Authorization is provided using standard XACML based access control policies which are binded to the anonymous identities of the registered users instead of real identities. Hence using this protocol, threats such as identity theft and leakage can be mitigated with minimal changes to existing setups. In order to validate the designed protocol, Scyther is used. After validation, it is verified that our security protocol resists against man-in-the-middle, replay and attacks on confidentiality of user’s credentials.