Spice €“ Simple Privacy-Preserving Identity-Management For Cloud Environment Free Download UPDATED

Spice €" Simple Privacy-Preserving Identity-Management For Cloud Environment Free Download

Secure and Privacy-Preserving Identity Management in the Cloud

by Bernd Zwattendorfer, Stephan Krenn and Thomas Lorünser

CREDENTIAL is an EU H2020 funded research project that is developing, testing, and showcasing innovative cloud-based services for storing, managing, and sharing digital identity information and other highly disquisitional personal data with a demonstrably higher level of security and privacy than other current solutions. This is achieved by advancing novel cryptographic technologies and improving stiff authentication mechanisms.

Digital identity management (IdM) is an essential tool for managing access to it (It) resources and is an enabler for seamless interaction between systems, organizations, and terminate users in the time to come. However, in lodge to be fully and broadly accepted, IdM must involve secure identification and authentication processes and protect user privacy. This is especially true for high-assurance application domains such as east-Concern, due east-Regime, or east-Health, which take a superior demand for security and privacy due to the damage a potential breach or identity theft could cause.

Identity direction is currently experiencing a image shift, and existing solutions fall brusk in many aspects when it comes to federated and heterogeneous environments. In the past, IdM was mainly a local event and most organizations operated their own, custom-tailored identity direction systems within the organization'due south domain boundaries. The use of external IdM systems was the exceptional instance. Today, we oft see mixed systems, mainly because of the increasing utilize of distributed and inter-connected applications integrating internal and external components, e.g., as in hybrid cloud applications. This situation leads to fragmented, non-standard authentication situations on the IdM level and causes high authoritative costs compared with integrated solutions. Many "identity islands" take to be managed exterior the corporate It surroundings, and the advantages of integrated identity and access management (IAM) solutions are lost. Important features similar single sign-on as well as easy and centralized provisioning/de-provisioning, audit, and command of identities are not possible anymore. For these reasons in that location exists a strong demand for the development and integration of trustworthy IAM systems. Ideally these systems would provide the necessary security and privacy guarantees aspired in federated concern environments with the strongest guarantees possible, past cryptography.

Effigy one: Privacy preserving IAM workflow.

The transformation in the identity management earth goes hand in paw with the tremendous shift to cloud computing that has shaped the ICT earth during contempo years. Past at present, numerous IdM systems and solutions are available as cloud services, providing identity services to applications operated both in closed domains and in the public cloud. This service model is oftentimes referred to every bit Identity (and Access) Management as a Service (IDMaaS). Popular examples for cloud IDMaaS providers are big companies from the sectors of social networks (Facebook, LinkedIn), search engines (Google), business organisation solutions (Microsoft, Salesforce), and online retailers (Amazon). Even so, no satisfactory approaches currently exist which allow the storage and sharing of identity data by service providers in a privacy preserving manner – meaning without the identity provider learning the credentials and associated data.

The vision of CREDENTIAL is to make full this gap and develop a more trustworthy solution by combining secure and efficient identity direction technologies with cryptography for cloud computing [1,two,3]. Users will exist able to store identity data in a deject-based IDMaaS organization of an identity provider such that the confidentiality and authenticity of the data is upheld even from the provider. At present, if a user wants to access a specific service at a dissimilar provider or from the enterprise environment, she can advise the identity provider to select specific data items and re-encrypt them for the service provider such that (afterward transmission) the service provider remains the only party capable of accessing the data items in apparently text.

In comparison to current IDMaaS systems, which have full access to the identity information they are hosting, the CREDENTIAL solution will significantly improve the privacy of cloud identity service users, whilst maintaining a loftier degree of usability in order to motivate secure treatment of services. Data volition exist protected with terminate-to-end encryption, while the authentication of the users confronting the identity service provider will be secured with efficient and strong state-of-the-fine art multifactor authentication mechanisms within a consistent and holistic security approach.

CREDENTIAL had its kick-off in October 2015 and volition last for 3 years. The consortium is currently doing a engineering science assessment and a requirements elicitation for a secure and privacy-preserving IDMaaS solution in the cloud. The CREDENTIAL consortium consists of a balanced team from seven EU countries, including half dozen manufacture partners, ii practical research organizations, iii universities, and one SME.

Links:
Website: https://credential.european union/
Twitter: @CredentialH2020
http://twitter.com/CredentialH2020
LinkedIn: https://linkedin.com/in/credential
CORDIS: https://cordis.europa.eu/projection/rcn/194869_en.html

References:
[1] B. Zwattendorfer, D. Slamanig: "Pattern Strategies for a Privacy-Friendly Austrian eID System in the Public Cloud", Computers & Security 2014.
[ii] D. Slamanig, K. Stranacher, B. Zwattendorfer: "User-Centric Identity as a Service-Architecture for eIDs with Selective Attribute Disclosure", in Proc. of SACMAT 2014.
[three] B. Zwattendorfer, A. Tauber: "Secure Cloud Authentication using eIDs", in Proc. of IEEE CCIS 2012.

Delight contact:
Bernd Zwattendorfer
Graz Academy of Applied science
Tel: +43 (0) 316 8735574
E-Mail: This email address is being protected from spambots. Y'all need JavaScript enabled to view it.

Stephan Krenn
AIT Austrian Plant of Technology GmbH
Tel: +43 (0) 664 88256006
E-mail: This e-mail address is being protected from spambots. You need JavaScript enabled to view it.

DOWNLOAD HERE

Posted by: devlinthroughtele.blogspot.com