Outline Motivation State of the art Results Research Challenges
Privacy-PreservingIdentity Management as a Service
David Nunez
Supervisors: Isaac Agudo, and Javier LopezNetwork, Information and Computer Security Laboratory (NICS Lab)
Universidad de Malaga, SpainEmail: [email protected]
June 4, 2014
Outline Motivation State of the art Results Research Challenges
1. Motivation
2. State of the art
3. Results
4. Research Challenges
Outline Motivation State of the art Results Research Challenges
Introduction
Identity Management is a ubiquitous service
Costly ⇒ specific applications and personnel
Identity Management as a Service (IDaaS)Cloud computing solution to this problem
Organizations can outsource their IdM services to the cloud
Cloud providers specialized in Identity Management
New business opportunities to cloud providers
Outline Motivation State of the art Results Research Challenges
Scenarios
Service ProviderHost Organization(Identity Provider)
Employee
belongs to requestsservice
direct trust
retrieves identity
provides identityinformation
Figure : Federated Identity Management Scenario
Outline Motivation State of the art Results Research Challenges
Scenarios
Cloud Identity Provider Service Provider
Host OrganizationEmployee
belongs to
requestsservice
outsourcesidentity
management
directtrust direct
trust
indirect trust
retrieves identity
provides identityinformation
Figure : Identity Management as a Service Scenario
Outline Motivation State of the art Results Research Challenges
Motivation
Classic problem of cloud computing⇒ The user loses the control of his data
Now we are talking about identity data...⇒ Data protection laws and regulations
Current solution: Service Level Agreements (SLAs)⇒ It is just an agreement not a technical safeguard
Trust problem ⇒ Users are obliged to trust the provider
Outline Motivation State of the art Results Research Challenges
Problem statement
Goal: To define technical safeguards that allow an IdM servicewithout compromising users’ data
This solution must go beyond defining an access control andenforcement layer⇒ Cryptographic safeguards
Solution must not interfere with the service provision
Control must go back to the owner of data
Outline Motivation State of the art Results Research Challenges
Proposal
BlindIDM – A Model for Privacy-preserving IDaaS
Privacy-preserving IDaaS system
Based in SAML 2.0 and Proxy Re-Encryption
Identity attributes are encrypted by the user and decrypted bythe requester
The Identity Provider (IdP) stores encrypted attributes⇒ Still capable of offering an identity service
First proposal that tackles this problem
Outline Motivation State of the art Results Research Challenges
Cryptographic Cloud Storage
Kamara, S., and Lauter, K. (2010). Cryptographic cloud storage. InFinancial Cryptography and Data Security
Outline Motivation State of the art Results Research Challenges
Sticky Policies
Pearson, S., Mont, M. C., Chen, L., and Reed, A. (2011). End-to-endpolicy-based encryption and management of data in the cloud. In IEEECloudCom 2011
Outline Motivation State of the art Results Research Challenges
SAML 2.0
Security Assertion Markup Language
OASIS Standard
Description and exchange of identity information (e.g.,attributes)
Protocols for issuing and exchanging assertions
Outline Motivation State of the art Results Research Challenges
Proxy Re-Encryption: Overview
A PRE scheme is a public-key encryption scheme that permits aproxy to transform ciphertexts under Alice’s public key intociphertexts under Bob’s public key.
The proxy needs a re-encryption key rA→B to make thistransformation possible.
Figure : Proxy Re-Encryption flow
Outline Motivation State of the art Results Research Challenges
Proxy Re-Encryption: AFGH scheme
Global parameters:
G1,G2 are groups of prime order q
e : G1 ×G1 → G2 is a bilinear pairing
g ∈ G1,Z = e(g , g) ∈ G2
Primitives:
Key Generation: KG () = (sA, pA)
Re-Encryption Key Generation: RKG (sA, pB) = rA→B
First-level Encryption: E1(m, pA) = c1
Second-level Encryption: E2(m, pA) = c2
Re-Encryption: R(c2, rA→B) = c1
First-level Decryption: D1(c1, sA) = m
Second-level Decryption: D2(c2, sA) = m
Outline Motivation State of the art Results Research Challenges
Proxy Re-Encryption: AFGH scheme
Properties:
Unidirectional
Unihop
Collusion-resistant
Outline Motivation State of the art Results Research Challenges
BlindIDM – Privacy-preserving IDaaS
Cloud Identity Provider Service Provider
Host OrganizationEmployee
belongs to
requestsservice
outsourcesidentity
management
directtrust direct
trust
indirect trust
retrieves identity
provides identityinformation
Figure : Identity Management as a Service Scenario
Outline Motivation State of the art Results Research Challenges
BlindIDM – Privacy-preserving IDaaS
Cloud Identity Provider
Service Provider
Host Organization
rH→SP(pH , sH) (pSP , sSP )
ca c�a
Figure : Information flow within our system
Outline Motivation State of the art Results Research Challenges
Assumptions
Honest-but-curious provider: The cloud provider will respectprotocol fulfillment, but will try to read users’ data
Existing trust relationship between users and requesters⇒ Expressed using SAML Metadata
Outline Motivation State of the art Results Research Challenges
Integration with SAML
User agent Service Provider Cloud Identity Provider Host Organization
Request service
Discovery of the IdP
SAML AuthnRequest
AuthnRequest (User redirection)
SAML AuthnRequest
AuthnRequest (User redirection)
User authentication SAML Response
Response (User redirection)
Re-encryption of user attributes and creation of SAML Response
Response (User redirection)
Decryption of user attributes and verification of SAML Response
Access to service
Figure : Modified SAML Authentication sequence
Outline Motivation State of the art Results Research Challenges
Implementation details
We have implemented:
Prototype implementation using OpenSAML library
AFGH Proxy Re-Encryption scheme using Java Pairing-BasedCryptography library (jPBC)1
1A. D. Caro, http://gas.dia.unisa.it/projects/jpbc
Outline Motivation State of the art Results Research Challenges
Economic analysis
Most of proposals do not analyze their economic impact
Cryptographic operations have an economic cost due tocomputation, communication, etc.⇒ Cloud provider incurs in expenses due to energyconsumption, personnel, ...
Our estimations are based on a research from Chen & Sion2
⇒ They give estimations for computation, storage andcommunication costs, expressed in picocents (1 picocent= 10E−12 USD cent)
We estimate the number of CPU cycles to give anapproximation of the costs
2Y. Chen and R. Sion, “On securing untrusted clouds with cryptography” inProc. 9th annual ACM workshop on Privacy in the electronic society
Outline Motivation State of the art Results Research Challenges
Economic analysis: costs
Table : Costs in picocents for the main operations
Operation Cost per operation Operations per cent
Encryption 4.34E+08 2304
Re-encryption 4.79E+08 2087
Decryption 5.70E+08 1755
Outline Motivation State of the art Results Research Challenges
Economic analysis: example scenario
IDaaS provider that handles 1 million attribute requests perday ⇒ 1 million re-encryptions per day
Approx. 2000 USD per year
Reasonable cost for an average-sized company, consideringthat their information is encrypted at the cloud provider
Outline Motivation State of the art Results Research Challenges
Results
IDaaS is a promising paradigm for organizations
Cloud providers are in a privileged position to gain informationabout their users
We need technical safeguards, such as those based incryptography, to ensure users’ privacy
Outline Motivation State of the art Results Research Challenges
Results
We describe an IDaaS system that handles encryptedattributes and still provides an identity service
Our system is based in SAML and Proxy Re-Encryption
The cloud identity provider transforms encrypted attributesfrom the original users to ciphertexts for the requesters usingre-encryption
Implementation and economic analysis is provided
Outline Motivation State of the art Results Research Challenges
Publications
D. Nunez, and I. Agudo, “BlindIdM: A Privacy-PreservingApproach for Identity Management as a Service”, InInternational Journal of Information Security, vol. 13, issue 2,Springer, pp. 199-215, 2014.
D. Nunez, I. Agudo, and J. Lopez, “Integrating OpenID withProxy Re-Encryption to enhance privacy in cloud-basedidentity services”, In IEEE CloudCom 2012, Dec 2012
D. Nunez, I. Agudo, et al., “Identity Management Challengesfor Intercloud Applications”, In STAVE 2011, June, 2011
I. Agudo, D. Nunez, et al., “Cryptography Goes to theCloud”, In STAVE 2011, June, 2011
Outline Motivation State of the art Results Research Challenges
Next steps
Consider the (un)linkability problem
Granular access control
Deployment of prototype in cloud setting
More efficient and secure cryptographic solutions
Outline Motivation State of the art Results Research Challenges
Research Challenges
Leveraging user-centricity in identity management.
Enhancing users’ privacy in digital transactions that involvetheir identity.
Interoperability of the solutions.
Solutions that reduce the trade-off between anonymity andaccountability.
Exploring and devising new cryptographic techniques forprotecting privacy on cloud-based settings.
Outline Motivation State of the art Results Research Challenges
Thank you!