Docstoc

Privacy and Identity Management in Cloud

Document Sample
Privacy and Identity Management in Cloud Powered By Docstoc
					     Privacy and Identity
    Management in Cloud
Rohit Ranchal, Bharat Bhargava, Pelin Angin, Noopur Singh,
            Lotfi Ben Othmane, Leszek Lilien

              Department of Computer Science
      Purdue University, Western Michigan University
 {rranchal, bbshail}@purdue.edu, leszek.lilien@wmich.edu

                     Mark Linderman
                 mark.linderman@rl.af.mil
              Air Force Research Laboratory
                      Rome, NY, USA

This research was supported by AFRL Rome, USA and NGC
               Outline
 Motivation
 Identity Management (IDM)
 Goals of Proposed User-Centric IDM
 Mechanisms
 Description of proposed solution
 Advantages of the Proposed Scheme
 Conclusion & Future Work
 References
 Questions?
                       Motivation

    User on
    Amazon Cloud
                        •   Name
                        •   E-mail
                        •   Password
                        •   Billing Address                       •   Name
                        •   Shipping Address                      •   Billing Address
                        •   Credit Card                           •   Credit Card
•   Name
•   E-mail
•   Password
•   Billing Address
•   Shipping Address
•   Credit Card
                                                       •   Name
                                                       •   E-mail
                                                       •   Shipping Address


                                •   Name
                                •   E-mail
                                •   Shipping Address
                       Motivation

    User on
    Amazon Cloud
                        •   Name
                        •   E-mail
                        •   Password
                        •   Billing Address                        •   Name
                        •   Shipping Address                       •   Billing Address
                        •   Credit Card                            •   Credit Card
•   Name
•   E-mail
•   Password
•   Billing Address
•   Shipping Address
•   Credit Card
                                                       •   Name
                                                       •   E-mail
                                                       •   Shipping Address


                                •   Name
                                •   E-mail
                                •   Shipping Address
                     Motivation
 The migration of web applications to Cloud computing platform
  has raised concerns about the privacy of sensitive data
  belonging to the consumers of cloud services.
 How can consumers verify that a service provider conform to
  the privacy laws and protect consumer’s digital identity.
 The username/password security token used by most service
  providers to authenticate consumers, leaves the consumer
  vulnerable to phishing attacks.
 The solution to address the above problems can be the use of
  an Identity Management (IDM) System. The solution should help
  the consumer in making a proactive choice about how and what
  personal information they disclose, control how their
  information can be used, cancel their subscription to the
  service, and monitor to verify that a service provider applies
  required privacy policies.
          Identity Management (IDM)
       IDM in traditional application-centric IDM model
    ◦     Each service keeps track of identifying information of its
          users.
       Existing IDM Systems
    ◦     Microsoft Windows CardSpace [W. A. Alrodhan]
    ◦     OpenID [http://openid.net]
    ◦     PRIME [S. F. Hubner, Karlstad Univ]

These systems require a trusted third party and do not work on
an untrusted host.

If Trusted Third Party is compromised, all the identifying information
of the users is also compromised leading to serious problems like
Identity Theft.
                                                  [AT&T iPad leak]
Identity Management (IDM)
 Microsoft Windows CardSpace
Windows CardSpace is an Identity-metasystem which provides
  a way, for managing multiple digital identities of a user. It is
  claims based access platform/ architecture, developed for
  windows XP. It uses a plug-in for Internet explorer 7
  browser.
 OpenID
With OpenID a user uses one username and one password to
  access many web applications. The user authenticate to an
  OpenID server to get his/her OpenID token in order to
  authenticate itself to web applications.
 PRIME (Privacy and Identity Management for Europe)
PRIME, is an application -the PRIME Console middleware
  running on a user’s machine, It handles management and
  disclosure of personal data for the user.
      IDM in Cloud Computing
   Cloud introduces several issues to IDM
    ◦ Collusion between Cloud Services
      Users have multiple accounts associated with multiple service
       providers.
      Sharing sensitive identity information between services can lead to
       undesirable mapping of the identities to the user.
    ◦ Lack of trust
       Cloud hosts are untrusted
       Use of Trusted Third Party is not an option
    ◦ Loss of control
       Service-centric IDM Model

     IDM in Cloud needs to be user-centric
  Goals of Proposed User-Centric
        IDM for the Cloud
1. Authenticate   without disclosing
   identifying information
2. Ability to securely use a service while on
   an untrusted host (VM on the cloud)
3. Minimal disclosure and minimized risk of
   disclosure during communication
   between user and service provider
   (Man in the Middle, Side Channel and
   Correlation Attacks)
4. Independence of Trusted Third Party for
   identity information
     Mechanisms in Proposed IDM

   Active Bundle [L. Othmane, R. Ranchal]
   Anonymous Identification [A. Shamir]
   Computing Predicates with encrypted data [E. Shi]
   Multi-Party Computing [A. Shamir]
   Selective Disclosure [B. Laurie]
                        Active Bundle
•   Active bundle (AB)
    – An encapsulating mechanism protecting data carried within
      it
    – Includes data
    – Includes metadata used for managing confidentiality
         • Both privacy of data and privacy of the whole AB
    – Includes Virtual Machine (VM)
         • performing a set of operations
         • protecting its confidentiality
•   Active Bundles—Operations
    – Self-Integrity check
          E.g., Uses a hash function
    – Evaporation/ Filtering
       Self-destroys (a part of) AB’s sensitive data when threatened with a disclosure
    – Apoptosis
       Self-destructs AB’s completely
                 Active Bundle Scheme
                                       – Metadata:
                                          •   Access control policies
                                          •   Data integrity checks
                                          •   Dissemination policies
                                          •   Life duration
                                          •   ID of a trust server
                                          •   ID of a security server
             •
                                              App-dependent information
                 E(Name)
             •   E(E-mail)                •
             •   E(Password)              • …
             •   E(Shipping Address)
             •   E(Billing Address)
             •
             •
                 E(Credit Card)
                 …
                                         – Sensitive Data:
                                              • Identity Information
                                              • ...

                                       – Virtual Machine (algorithm):
                                          • Interprets metadata
                                          • Checks active bundle integrity
                                          • Enforces access and
                                            dissemination control policies
                                          • …
* E( ) - Encrypted Information
     Anonymous Identification
• Use of Zero-knowledge proofing for user
  authentication without disclosing its identifier.


     User on Amazon
     Cloud            ZKP Interactive Protocol

                         User Request for service

                         Function f and number k
                                                    1. E-mail
                         fk(E-mail, Password) = R   2. Password
    1. E-mail              Authenticated
    2. Password
Interaction using Active Bundle
                                                  AB information disclosure

                                                      Active Bundle Destination


     User Application
                                                  Active Bundle
   Active Bundle          Active
      Creator           Bundle (AB)




                                      Security Services           Audit Services
                                        Agent (SSA)                Agent (ASA)

   Directory
   Facilitator

                                       Trust Evaluation
Active Bundle Coordinator                Agent (TEA)


                            Active Bundle Services
    Predicate over Encrypted Data
•   Verification without disclosing unencrypted identity data.




                               Predicate Request*

     •   E-mail
                                                    •   E(Name)
     •   Password
                                                    •   E(Billing Address)
     •   E(Name)
                                                    •   E(Credit Card)
     •   E(Shipping Address)
     •   E(Billing Address)
     •   E(Credit Card)




*Age Verification Request
*Credit Card Verification Request
             Multi-Party Computing
•    To become independent of a trusted third party
     •    Multiple Services hold shares of the secret key
     •    Minimize the risk


                        Predicate Request


                                            •   E(Name)
                                            •   E(Billing Address)
                                            •   E(Credit Card)




                 K ’1                K ’2               K ’3         K ’n


                             Key Management Services




* Decryption of information is handled by the Key Management services
             Multi-Party Computing
   •   To become independent of a trusted third party
       •   Multiple Services hold shares of the secret key
       •   Minimize the risk


                        Predicate Reply*


                                           •   Name
                                           •   Billing Address
                                           •   Credit Card




                 K ’1               K ’2               K ’3      K ’n


                             Key Management Services

*Age Verified
*Credit Card Verified
                     Selective Disclosure
  •    User Policies in the Active Bundle dictate dissemination




                                   Selective disclosure*

         •   E-mail                                        •   E-mail
         •   Password                                      •   E(Name)
         •   E(Name)                                       •   E(Shipping Address)
         •   E(Shipping Address)
         •   E(Billing Address)
         •   E(Credit Card)




*e-bay shares the encrypted information based on the user policy
                    Selective Disclosure


                                     Selective disclosure*

           •   E-mail                                        •   E(Name)
           •   E(Name)                                       •   E(Shipping Address)
           •   E(Shipping Address)




*e-bay seller shares the encrypted information based on the user policy
                 Selective Disclosure


                                  Selective disclosure

        •   E-mail                                       •   Name
        •   E(Name)                                      •   Shipping Address
        •   E(Shipping Address)




•   Decryption handled by Multi-Party Computing as in the previous slides
                 Selective Disclosure


                                  Selective disclosure

        •   E-mail                                       •   Name
        •   E(Name)                                      •   Shipping Address
        •   E(Shipping Address)




•   Fed-Ex can now send the package to the user
               Identity in the Cloud

    User on Amazon
    Cloud
                       •   E-mail
                       •   Password

                                                              •    Name
                                                              •    Billing Address
                                                              •    Credit Card
•   Name
•   E-mail
•   Password
•   Billing Address
•   Shipping Address
•   Credit Card
                                                      •   E-mail




                               •   Name
                               •   Shipping Address
    Characteristics and Advantages
    Ability to use Identity data on untrusted hosts
     •   Self Integrity Check
     •   Integrity compromised- apoptosis or evaporation
     •   Data should not be on this host
    Establishes the trust of users in IDM
     ◦   Through putting the user in control of who has his data
         and how is is used
     ◦   Identity is being used in the process of authentication,
         negotiation, and data exchange.
    Independent of Third Party for Identity Information
     ◦   Minimizes correlation attacks
    Minimal disclosure to the SP
     ◦   SP receives only necessary information.
      Conclusion & Future Work
   Problems with IDM in Cloud Computing
    ◦ Collusion of Identity Information
    ◦ Prohibited Untrusted Hosts
    ◦ Usage of Trusted Third Party
   Proposed Approaches
    ◦ IDM based on Anonymous Identification
    ◦ IDM based on Predicate over Encrypted data
    ◦ IDM based on Multi-Party Computing
   Future work
    ◦ Develop the prototype, conduct experiments and
      evaluate the approach
                                 References
[1] C. Sample and D. Kelley. Cloud Computing Security: Routing and DNS Threats,
    http://www.securitycurve.com/wordpress/, June 23,2009.
[2] W. A. Alrodhan and C. J. Mitchell. Improving the Security of CardSpace, EURASIP Journal on
    Information Security Vol. 2009, doi:10.1155/2009/167216, 2009.
[3] OPENID, http://openid.net/, 2010.
[4] S. F. Hubner. HCI work in PRIME, https://www.prime-project.eu/, 2008.
[5] A. Gopalakrishnan, Cloud Computing Identity Management, SETLabsBriefings,Vol7,
    http://www.infosys.com/research/, 2009.
[6] A. Barth, A. Datta, J. Mitchell and H. Nissenbaum. Privacy and Contextual
    Integrity: Framework and Applications, Proc. of the 2006 IEEE Symposium on Security and
    Privacy, 184-198.
[7] L. Othmane, Active Bundles for Protecting Confidentiality of Sensitive Data throughout Their
    Lifecycle, PhD Thesis, Western Michigan Univ, 2010.
[8] A. Fiat and A. Shamir, How to prove yourself: Practical Solutions to Identification and
    Signature Problems, CRYPTO, 1986.
[9] A. Shamir, How to Share a Secret, Communications of the ACM, 1979.
[10] M. Ben-Or, S. Goldwasser and A. Wigderson, Completeness theorems for non-
   cryptographic fault-tolerant distributed computation, ACM Symposium on Theory of
   Computing, 1988.
[11] E. Shi, Evaluating Predicates over Encrypted Data, PhD Thesis, CMU, 2008.
 Thank you!

Any question?
                      Approach - 1
       IDM Wallet:
    ◦    Use of AB scheme to protect PII from untrusted
         hosts.


       Anonymous Identification:
    ◦    Use of Zero-knowledge proofing for authentication
         of an entity without disclosing its identifier.
     Components of Active Bundle
          (Approach – 1)
   Identity data: Data used during authentication,
    getting service, using service (i.e. SSN, Date of
    Birth).
   Disclosure policy: A set of rules for choosing
    Identity data from a set of identities in IDM
    Wallet.
   Disclosure history: Used for logging and
    auditing purposes.
   Negotiation policy: This is Anonymous
    Identification, based on the Zero Knowledge
    Proofing.
   Virtual Machine: Code for protecting data on
    untrusted hosts. It enforces the disclosure
    policies.
        Anonymous Identification
            (Approach – 1)
Anonymous Identification
(Shamir's approach for Credit Cards)
   IdP provides Encrypted Identity
    Information to the user and SP.
   SP and User interact
   Both run IdP's public function on the
    certain bits of the Encrypted data.
   Both exchange results and agree if it
    matches.
Usage Scenario (Approach – 1)
              Approach - 2
   Active Bundle scheme to protect PII
    from untrusted hosts
   Predicates over encrypted data to
    authenticate without disclosing
    unencrypted identity data.
   Multi-party computing to be independent
    of a trusted third party
    Usage Scenario (Approach – 2)
    Owner O encrypts Identity Data(PII) using
     algorithm Encrypt and O’s public key PK. Encrypt
     outputs CT—the encrypted PII.
    SP transforms his request for PII to a predicate
     represented by function p.
    SP sends shares of p to the n parties who hold
     the shares of MSK.
    n parties execute together KeyGen using PK,
     MSK, and p, and return TKp to SP.
    SP calls the algorithm Query that takes as input
     PK, CT, TKp and produces p(PII) which is the
     evaluation of the predicate.
    The owner O is allowed to use the service only
     when the predicate evaluates to “true”.
Representation of identity
information for negotiation
 Token/Pseudonym
 Identity Information in clear plain text
 Active Bundle
            Motivation:
  Authentication Process using PII




Problem: Which information to disclose and how to
         disclose it.

				
DOCUMENT INFO
Shared By:
Categories:
Tags:
Stats:
views:33
posted:6/6/2012
language:English
pages:34