cross-domain identity management system for cloud environment ( )
DESCRIPTION
Cross-domain Identity Management System for Cloud Environment ( ). November 5, 2013. Healthcare as a case study. Agenda. Introduction Motivation Contributions Research Methodology Implementation Demonstration Future Directions References. - PowerPoint PPT PresentationTRANSCRIPT
CROSS-DOMAIN IDENTITY MANAGEMENT SYSTEM FOR CLOUD ENVIRONMENT
( ) Healthcare as a case
study
November 5, 2013
Introduction Motivation Contributions Research Methodology Implementation Demonstration Future Directions References
Agenda2
User Provisioning & De-provisioningAuthenticationAuthorizationFederated Identity ManagementSingle-Sign-OnSelf-serviceAccess Right DelegationIdentity Info. SynchronizationAuditing and Reporting
Introduction : Identity is at the Core of Every Service
3
Challenges for IDMSs in Cloud4
Auditing &
Accountability
Authentication
Self-ServiceIdentificatio
n Privacy
Authorization
Access Right Delegation
Literature Review - State-of-the-Art
5
Security Perspective Industrial Perspective
UnboundID Hitachi ID ORACLE Identity Management Ping Identity RSA- Secure ID Kantara Initiative Okta Symplified - The Cloud Security
Experts
Conference & Journal papers Cloud Identity Management Pressing Need of securing Identity
credentials at Cloud International IDMS Security Standards
Emerging Security Trends Widely Adopted Security Standards
Best Practices State-of-the-art Technologies
Research Methodology
6
Cont..7
In order to address the security, interoperability, and privacy concerns in Cloud domain we are proposing SCIM based cross-domain Identity Management System for Cloud environment that will ensure seamless integration and utilization of identity credentials. In addition to basic identity management features, we intend to provide advanced security features including access right delegation, communication level security, synchronization and self-service in Cloud computing scenarios.
Problem Statement8
Our Contribution is twofold, which includes: 1.Establishment of a benchmark to ensure the security of Identity credentials at Cloud.
2.Implementation of cross-domain Identity Management System for Cloud, in particular of enhancing SCIM open source protocol.
Contribution9
Survey PaperUmme Habiba, A. Ghafoor Abbasi, Rahat Masood, M. Awais Shibli,
“Assessment Criteria for Cloud Identity Management Systems”, Proceedings of The 19th IEEE Pacific Rim International Symposium on Dependable Computing (PRDC-2013), Vancouver, BC, Canada, December 2-4, 2013
Conceptual PaperUmme Habiba, Rahat Masood, M. Awais Shibli, “Cross-domain Identity
Management Systems for Cloud”, In the proceedings of 22nd Euromicro International Conference on Parallel, Distributed and Network-based Processing (PDP-2014), Turin , Italy, February 12-14, 2014.
Research Perspective10
Proposed Benchmark11 Features
Categories
Identity Management Systems
Authentication
AuthorizationIdentity
FederationConsistent Experience
Self-Service
Audit
&Complianc
e
Limited
Disclosure
Multiple
Operators & Technology
IsolatedIDMS
A Strong User Authentication Framework for CC High
Low High
Low
Medium
Low
High
Low
Protection of Identity Info. in CC without TTP
Medium
Low High High
Low
Medium High
Low
CentralizedIDMS
An Identity-Centric Internet: Identity in the Cloud, IDaaS High High
High High High
Medium
Low High
Distributed Identity for Secure Service Interaction
Medium High
High High High
Low High High
Federated
IDMS
Security and Cloud Computing: ICIMI High
Low High
Low
Low
Low High High
Strengthen Cloud Computing Security with FIM Using HIBC
High
Low High
Low
Low
Low High High
Chord Based IdM for e-Healthcare Cloud Apps High High High
Low
Low
Low High High
Security APIs for My Private Cloud
High
High
High High
Low
Medium
Low High
AnonymousIDMS
An Identity-Based OTP Scheme with Anonymous Authentication Medium High High Low Medium Low High Low
UIMM Based on Anonymous Credentials
Medium
High
Low High High
Low High High
An Entity-centric Approach for Privacy & IDM in CC
Medium
Low
Low
Low
Low
Medium High
Low
Implement a secure Identity management system based on underlying SCIM protocol to ensure:
1) Credentials Synchronization across CSPs.2) Communication level security.3) User-centricity (Privacy concerns).
Implementation Perspective12
SCIM features by UnboundID13
Unbound SCIM SDK is Open sourceCustomizableWidely adoptedUser friendlyGeneric
Why UnbounID SCIM Reference SDK ?
14
Netbeans IDE 7.3.1 (JAVA)MySQL Workbench 5.2 CEApache Maven 3.0.5Jetty web ServerUnboundID SCIM SDKCrypto Java APIRESTful Architecture StyleJSON (Data Exchange Format)
Development Toolkit15
Layered Architecture 16
Communication Protocol – HTTP (RESTful API)
Authentication & Authorization Server (XACML)
Identity Management System (SCIM)
Identity Data Store (MySQL Server)
Provisioning
Access Right Delegation
De- provisioning Self-Service SynchronizationA/C Management
Proposed Design17
Proposal for Access Right Delegation
18
20
//localhost:8080
CSP1
Domain 1
Jetty Server
//localhost:8081
CSP2
Domain 2
Jetty Server
SCIM SDKSCIM Service
SCIM Endpoint
SCIM Method
REST based SCIM
Endpoint
Decrypt
Unmarshaller
MySQL DB
Response
MySQL DB
CSC
Detailed Work flow
Credentials synchronization across CSPs. Communication level security Interoperability User-centricity (Privacy)
Goals achieved from IDMS perspective
21
Protocol Enhancements
Single SCIM Endpoint SCIM Schema SDK for CRUD
GUI Encryption – AES JSON Marshaller/Unmarshaller RESTful Architecture style Dual SCIM Endpoint Synchronization
22
Unbound SCIM SDK Enhanced SCIM
Cross-domain Identity Management System for Cloud environment- Healthcare as a Case
Study
Implementation Demo23
Enhanced SCIM Protocol – Healthcare as a Case-study
24
Component
DiagramDecryption
Application Layer
Business LogicLayer
Key Manageme
nt Server
SCIM Patient Interface
Posted to CSP2
Encryption
Key
V/U My Profile
SCIM Administrator
Interface
User Provisioning , De-provisioning, A/C Management
SCIM DoctorInterface
V/U My ProfileV/U Patient
Details
SCIM SDKEncryptio
n/Decryptio
n Module
MySQL DB
StorageLayer
Implementation of Access Right Delegation Module using XACML
Implementation of Key-management server Consumer Cloud -- User-Centric Identity
Management with SAML based SSO-Authentication
Research Directions25
References26
1. Antonio Celesti, Francesco Tusa, Massimo Villari and Antonio Puliafito, “Security and Cloud Computing: InterCloud Identity Management Infrastructure” , Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises, Larissa- Greece 2010 .
2. Liang Yan, Chunming Rong, and Gansen Zhao, "Strengthen Cloud Computing Security with Federal Identity Management Using Hierarchical Identity-Based Cryptography", Springer 1st International Conference on Cloud Computing, Beijing-China 2009.
3. Il Kon Kim, Zeeshan Pervez, Asad Masood Khattak and Sungyoung Lee, “Chord Based Identity Management for e-Healthcare Cloud Applications”, 10th Annual International Symposium on Applications and the Intern IEEE, Seoul-Korea 2010.
4. David W Chadwick and Matteo Casenove, “Security APIs for My Private Cloud Granting access to anyone, from anywhere at any time” , Third IEEE International Conference on Coud Computing Technology and Science, Athens-Greece 2011.
5. Anu Gopalakrishnan, "Cloud Computing Identity Management", SETLabs Briefings VOL 7 NO 7, Business Innovation through Technology, 2009.
6. Yang Zhang and Jun-Liang Chen, “A Delegation Solution for Universal Identity Management in SOA”, IEEE Transactions On Services Computing, Vol. 4, No. 1, January-March 2011
7. R. Sánchez et al., “Enhancing Privacy and Dynamic Federation in IdM for Consumer Cloud Computing”, IEEE Transactions on Consumer Electronics, Vol. 58, No. 1, February 2012
8. Rohit Ranchal, Bharat Bhargava, Lotfi Ben Othmane and Leszek Lilien, “Protection of Identity Information in Cloud Computing without Trusted Third Party”, Published in 29th IEEE International Symposium on Reliable Distributed Systems, New Delhi-India 2010.
9. Mika¨el Ates, Serge Ravet, Abakar Mohamat Ahmat and Jacques Fayolle, “An Identity-Centric Internet: Identity in the Cloud,Identity as a Service and other delights”, Sixth International Conference on Availability, Reliability and Security, Vienna-Austria 2011.
Cont..27
10. Mohammad M. R. Chowdhury, Josef Noll, “Distributed Identity for Secure Service Interaction”, Proceedings of the Third International Conference on Wireless and Mobile Communications (ICWMC'07), Guadeloupe 2007.
11. Amlan Jyoti Choudhury, Pardeep Kumar, Mangal Sain, Hyotaek Lim and Hoon Jae-Lee, “A Strong User Authentication Framework for Cloud Computing” , IEEE Asia -Pacific Services Computing Conference, Jeju Island-South Korea 2011.
12. Albeshri, A, and W Caelli. "Mutual Protection in a Cloud Computing Environment", IEEE 12th International Conference on High Performance Computing and Communications, 2010.
13. Yuan Cao, , and Lin Yang. "A Survey of Identity Management Technology", IEEE International Conference on Information Theory and Information Security, 2010.
14. Song Luo, Jianbin Hu* and Zhong Chen, “An Identity-Based One-Time Password Scheme with Anonymous Authentication”, International Conference on Networks Security, Wireless Communications and Trusted Computing, Wuhan, Hubei –China 2009.
15. Yang Zhang Jun-Liang Chen, “Universal Identity Management Model Based on Anonymous Credentials”, IEEE International Conference on Services Computing, Miami-Florida 2010
16. Pelin Angin, Bharat Bhargava, Mark Linderman and Leszek Lilien ,"An Entity-centric Approach for Privacy and Identity Management in Cloud Computing", 29th IEEE International Symposium on Reliable Distributed Systems, New Delhi-India 2010.
28
Special Thanks to my Supervisor and committee members..