Automated Security Assessment for IDaaS Framework
- PDF / 3,010,407 Bytes
- 26 Pages / 439.37 x 666.142 pts Page_size
- 26 Downloads / 238 Views
Automated Security Assessment for IDaaS Framework Ibrahim Gomaa1 · Emad Abd‑Elrahman2 · Alaa Hamdy1 · Elsayed M. Saad1 Accepted: 29 October 2020 © Springer Science+Business Media, LLC, part of Springer Nature 2020
Abstract Nowadays, we are moving quickly to a new Identity concept due to the cloud computing paradigm called Identity as a Service (IDaaS). However, the one Identity adoption for all services access does not bring only good news. Hackers are increasing more and more their attacks based Identity theft. This means that the security of Identity itself becomes a threat vector. Therefore, this paper focuses on the concept of using Virtual Identity ( VID ) under the framework of IDaaS. This IDaaS is well known for Software as a Service (SaaS) cloud deployment model authentication. It can be delivered by a a third party Identity providers for the whole identity management approach including the creation process, the authentication mechanism and the identity privacy assurance level. Moreover, the proposed VID mechanism for IDaaS framework is considered as a new realization for anonymous Single Sign On (SSO) in this distributed cloud services environments. Actually, we proposed the VID creation framework using Elliptic Curve Cryptography (ECC). After we designed the two approaches either Identity Based Encryption (IBE) or Pseudonym Based Encryption (PBE), we implemented them by MIRACL security library. In order to judge on our solutions security measure, we used the (AVISPA) tool to assess the IBE and PBE protocols vulnerabilities. AVISPA: Automated Validation of Internet Security Protocols and Applications uses a group of applications to build and analyze the formal models of many known or designed security protocols. Through its language structure, we built our communication protocols in a descriptive way. The analysis of our VID proposed approaches based on IBE and PBE using AVISPA back-ends indicated that both of them are safe (i.e. no attacks found). So, the VID proposed approaches based on IBE and PBE are suitable and scalable enough to secure the anonymous communication in cloud services environment comparing to the state of the art solutions.
* Ibrahim Gomaa [email protected] Emad Abd‑Elrahman [email protected] Alaa Hamdy [email protected] Elsayed M. Saad [email protected] 1
Faculty of Engineering, Helwan University, Cairo, Egypt
2
National Telecommunication Institute, 5 Mahmoud El‑miligy st., Nasr City, Cairo 11768, Egypt
13
Vol.:(0123456789)
I. Gomaa et al.
Keywords Identity Management · Security Assessment · IBE · PBE
1 Introduction According to the forecasting for future identity management, digital transformation era for most business enterprises will depend on identity access [1]. Identity management represents one of big challenges in services’ access over Internet. With the cloud computing revolution, the IDaaS solution appeared as a Single Sign On (SSO) solution for cloud infrastructure authentication. However, the idea of using one single Identity instead of m
Data Loading...
