Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad...

14
Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Informati on Security Lab Cloud based Secure and Privacy Enhanced Authentication & Authorization Protocol Umer Khalid Dr. Abdul Ghafoor Abbasi Misbah Irum Dr. Awais Shibli

TAGS:

Transcript of Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad...

Page 1: Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab Cloud based Secure.

Department of Computing, School of Electrical Engineering and Computer

Sciences, NUST - Islamabad

KTH Applied

Information Security

Lab

Cloud based Secure and Privacy Enhanced Authentication &Authorization Protocol

Umer Khalid

Dr. Abdul Ghafoor Abbasi

Misbah Irum

Dr. Awais Shibli

Page 2: Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab Cloud based Secure.

Department of Computing, School of Electrical Engineering and Computer

Sciences, NUST - Islamabad

KTH Applied

Information Security

Lab

Outline

1. Introduction 2. Problems with existing security

mechanisms3. Selection of components4. Modifications5. Workflow6. Conclusion

Page 3: Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab Cloud based Secure.

Department of Computing, School of Electrical Engineering and Computer

Sciences, NUST - Islamabad

KTH Applied

Information Security

Lab

1. Introduction1. Introduction

Traditional Security Mechanisms– Authentication System

• Password Based Authentication• Kerberos • Zero knowledge Proofs

– Authorization • Access control• OTP

Page 4: Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab Cloud based Secure.

Department of Computing, School of Electrical Engineering and Computer

Sciences, NUST - Islamabad

KTH Applied

Information Security

Lab

2.Problems

Easily compromised– Lengthy passwords – Leakage risks– Based on a single factor– No anonymity

Solution – Multi factor authentication – Access control

Page 5: Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab Cloud based Secure.

Department of Computing, School of Electrical Engineering and Computer

Sciences, NUST - Islamabad

KTH Applied

Information Security

Lab

3. Solution Multi-factor authentication

– Based on what you have and what you posses:

• Certificates• PINs• Smart cards• Biometrics

Flexible Authorization– Access Control based on:

• Roles• Attributes• Combination of multiple conditions

Page 6: Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab Cloud based Secure.

Department of Computing, School of Electrical Engineering and Computer

Sciences, NUST - Islamabad

KTH Applied

Information Security

Lab

2.Problems Revisited Lengthy passwords Leakage risks Based on a single factor Anonymity

Identity information binding.Information only protected in transit.Still does not cater for anonymity.

Page 7: Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab Cloud based Secure.

Department of Computing, School of Electrical Engineering and Computer

Sciences, NUST - Islamabad

KTH Applied

Information Security

Lab

Current Challenges Different organizations are now shifting data

assets to the cloud such as:– E-Government – Health Care

Cloud offers significant cut down in infrastructure costs at the risk of:– Privacy (Identity Linking)

– Data leakage Problem gets further amplified as data owners

are not the only ones with the data – Cloud service providers also posses the same data– Service provider can easily link identity information to this

data

Page 8: Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab Cloud based Secure.

Department of Computing, School of Electrical Engineering and Computer

Sciences, NUST - Islamabad

KTH Applied

Information Security

Lab

Design of a Anonymous Authentication & Authorization Protocol Choice of components:

Design a completely new approach Build on existing robust protocols Separate mechanisms for authentication and

authorization Modify the protocols to achieve anonymity

Authentication: Strong authentication based server with support for

anonymity Authorization:

XACML based PDP server for authorization PEP at multiple points

Page 9: Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab Cloud based Secure.

Department of Computing, School of Electrical Engineering and Computer

Sciences, NUST - Islamabad

KTH Applied

Information Security

Lab

Authentication

Strong authentication server with support for multi-factor authentication:

CertificatesRevocableTraceable

Partial Anonymity

CertificatesPINs

Smart cardsBiometrics

Page 10: Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab Cloud based Secure.

Department of Computing, School of Electrical Engineering and Computer

Sciences, NUST - Islamabad

KTH Applied

Information Security

Lab

Anonymous Digital Certificates

Certificate Anonymous Certificate

Page 11: Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab Cloud based Secure.

Department of Computing, School of Electrical Engineering and Computer

Sciences, NUST - Islamabad

KTH Applied

Information Security

Lab

Anonymous Digital Certificates

Page 12: Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab Cloud based Secure.

Department of Computing, School of Electrical Engineering and Computer

Sciences, NUST - Islamabad

KTH Applied

Information Security

Lab

Certificate based Strong Authentication

Client

SA Server

Page 13: Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab Cloud based Secure.

Department of Computing, School of Electrical Engineering and Computer

Sciences, NUST - Islamabad

KTH Applied

Information Security

Lab

Improvements

[Cert A]

Tok ID|RND B

LCA

IDMSTok ID|RND B|RND A

Page 14: Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab Cloud based Secure.

Department of Computing, School of Electrical Engineering and Computer

Sciences, NUST - Islamabad

KTH Applied

Information Security

Lab

2. Results 2. Results

TAG Description Example

@author Identifies the author of a class.

@author Ali

@exception Identifies an exception thrown by a method

@exception exception-name explanation

@param Documents a method's parameter.

@param parameter-name explanation

@return Documents a method's return value.

Documents a method's return value.

@since States the release when a specific change was introduced.

@since release


NUST Giving Contents

NUST Giving Contents

NUST Library eIFL FOSS SubjectsPlus National Workshop NUST Library 13 December 2011 Amos Kujenga Systems Analyst NUST Library Bulawayo,

NUST Library eIFL FOSS SubjectsPlus National Workshop NUST Library 13 December 2011 Amos Kujenga Systems Analyst NUST Library Bulawayo,

Virtual Reality Simulators for Minimal Invasive Surgery Training Shamyl Bin Mansoor, SMART Lab, SEECS, NUST, Islamabad School of Electrical Engineering.

Virtual Reality Simulators for Minimal Invasive Surgery Training Shamyl Bin Mansoor, SMART Lab, SEECS, NUST, Islamabad School of Electrical Engineering.

Challenges in Surgical Simulators Muhammad Muddassir Malik Muhammad Adil Usman SEECS, NUST, Islamabad School of Electrical Engineering & Computer Science,

Challenges in Surgical Simulators Muhammad Muddassir Malik Muhammad Adil Usman SEECS, NUST, Islamabad School of Electrical Engineering & Computer Science,

Student Guide NUST SEECS AA Scholarship Programseecs.nust.edu.pk/Student-Affairs/Alumni/data/NUST_SEECS_AA_SP_Student... · NUST SEECS AA Scholarship Program Overview NUST SEECS Alumni

Student Guide NUST SEECS AA Scholarship Programseecs.nust.edu.pk/Student-Affairs/Alumni/data/NUST_SEECS_AA_SP_Student... · NUST SEECS AA Scholarship Program Overview NUST SEECS Alumni

National Centre of Artificial Intelligence · National Centre of Artificial Intelligence National Centre of Artificial Intelligence Opp SMME, NUST Headquarters H-12 Islamabad, Pakistan

National Centre of Artificial Intelligence · National Centre of Artificial Intelligence National Centre of Artificial Intelligence Opp SMME, NUST Headquarters H-12 Islamabad, Pakistan

Nust Student Handbook

Nust Student Handbook

Visual Place Recognition for Aerial Robotics: Exploring ...repository.essex.ac.uk/26958/1/1908.00258v1.pdf3rd Sania Waheed National University of Sciences and Technology (NUST) Islamabad,

Visual Place Recognition for Aerial Robotics: Exploring ...repository.essex.ac.uk/26958/1/1908.00258v1.pdf3rd Sania Waheed National University of Sciences and Technology (NUST) Islamabad,

UMTS lecture @ NUST

UMTS lecture @ NUST

Extensible Access Control Framework for Cloud Applications KTH-SEECS Applied Information Security Lab SEECS NUST Implementation Perspective.

Extensible Access Control Framework for Cloud Applications KTH-SEECS Applied Information Security Lab SEECS NUST Implementation Perspective.

ORIC Training Program NUST. Presenters Ms. Eram ZaidiIP Manager, NUST.

ORIC Training Program NUST. Presenters Ms. Eram ZaidiIP Manager, NUST.

PPAF signs endowment accord with NUST Trust Fund signs endo… · Nation Date: June 24,2016 PPAF signs endowment agreement with NUST Trust Fund —ISLAMABAD (PR): Pakistan Poverty

PPAF signs endowment accord with NUST Trust Fund signs endo… · Nation Date: June 24,2016 PPAF signs endowment agreement with NUST Trust Fund —ISLAMABAD (PR): Pakistan Poverty

International Projects - NUST

International Projects - NUST

 · Tilawat-e-Quran Welcome Address: Rector NUST, Islamabad Remarks by Engr. Jawed Salim Qureshi, Chairman of Pakistan Engineering Council Briefon FEIAPb Dr John Chien-Chun Li, President

 · Tilawat-e-Quran Welcome Address: Rector NUST, Islamabad Remarks by Engr. Jawed Salim Qureshi, Chairman of Pakistan Engineering Council Briefon FEIAPb Dr John Chien-Chun Li, President

Umts Nust Lecture

Umts Nust Lecture

Nust Statutes

Nust Statutes

National Bank of Pakistan cricket team · 1. Mr. Muhammad Sulaiman Jahangir MBA, Bahria University Islamabad (Student Suprevisor) 2. Ms. Areej Anwar MBA, NUST Business School 3. Ms.

National Bank of Pakistan cricket team · 1. Mr. Muhammad Sulaiman Jahangir MBA, Bahria University Islamabad (Student Suprevisor) 2. Ms. Areej Anwar MBA, NUST Business School 3. Ms.

COURSE TOPICS - NUST

COURSE TOPICS - NUST

Loan Centers Detail of Akhuwat · 71 Islamabad Islamabad Islamabad Bari Imam Muslim Coloni Tali Stop near Ranger Post Islamabad 72 Islamabad Islamabad Islamabad Pind Bhagwal Fazaiya

Loan Centers Detail of Akhuwat · 71 Islamabad Islamabad Islamabad Bari Imam Muslim Coloni Tali Stop near Ranger Post Islamabad 72 Islamabad Islamabad Islamabad Pind Bhagwal Fazaiya

NUST NET 2013

NUST NET 2013