Outline Motivation State of the art Results Research Challenges

Privacy-PreservingIdentity Management as a Service

David Nunez

Supervisors: Isaac Agudo, and Javier LopezNetwork, Information and Computer Security Laboratory (NICS Lab)

Universidad de Malaga, SpainEmail: dnunez@lcc.uma.es

June 4, 2014

Outline Motivation State of the art Results Research Challenges

1. Motivation

2. State of the art

3. Results

4. Research Challenges

Outline Motivation State of the art Results Research Challenges

Introduction

Identity Management is a ubiquitous service

Costly ⇒ specific applications and personnel

Identity Management as a Service (IDaaS)Cloud computing solution to this problem

Organizations can outsource their IdM services to the cloud

Cloud providers specialized in Identity Management

New business opportunities to cloud providers

Outline Motivation State of the art Results Research Challenges

Scenarios

Service ProviderHost Organization(Identity Provider)

Employee

belongs to requestsservice

direct trust

retrieves identity

provides identityinformation

Figure : Federated Identity Management Scenario

Outline Motivation State of the art Results Research Challenges

Scenarios

Cloud Identity Provider Service Provider

Host OrganizationEmployee

belongs to

requestsservice

outsourcesidentity

management

directtrust direct

trust

indirect trust

retrieves identity

provides identityinformation

Figure : Identity Management as a Service Scenario

Outline Motivation State of the art Results Research Challenges

Motivation

Classic problem of cloud computing⇒ The user loses the control of his data

Now we are talking about identity data...⇒ Data protection laws and regulations

Current solution: Service Level Agreements (SLAs)⇒ It is just an agreement not a technical safeguard

Trust problem ⇒ Users are obliged to trust the provider

Outline Motivation State of the art Results Research Challenges

Problem statement

Goal: To define technical safeguards that allow an IdM servicewithout compromising users’ data

This solution must go beyond defining an access control andenforcement layer⇒ Cryptographic safeguards

Solution must not interfere with the service provision

Control must go back to the owner of data

Outline Motivation State of the art Results Research Challenges

Proposal

BlindIDM – A Model for Privacy-preserving IDaaS

Privacy-preserving IDaaS system

Based in SAML 2.0 and Proxy Re-Encryption

Identity attributes are encrypted by the user and decrypted bythe requester

The Identity Provider (IdP) stores encrypted attributes⇒ Still capable of offering an identity service

First proposal that tackles this problem

Outline Motivation State of the art Results Research Challenges

Cryptographic Cloud Storage

Kamara, S., and Lauter, K. (2010). Cryptographic cloud storage. InFinancial Cryptography and Data Security

Outline Motivation State of the art Results Research Challenges

Sticky Policies

Pearson, S., Mont, M. C., Chen, L., and Reed, A. (2011). End-to-endpolicy-based encryption and management of data in the cloud. In IEEECloudCom 2011

Outline Motivation State of the art Results Research Challenges

SAML 2.0

Security Assertion Markup Language

OASIS Standard

Description and exchange of identity information (e.g.,attributes)

Protocols for issuing and exchanging assertions

Outline Motivation State of the art Results Research Challenges

Proxy Re-Encryption: Overview

A PRE scheme is a public-key encryption scheme that permits aproxy to transform ciphertexts under Alice’s public key intociphertexts under Bob’s public key.

The proxy needs a re-encryption key rA→B to make thistransformation possible.

Figure : Proxy Re-Encryption flow

Outline Motivation State of the art Results Research Challenges

Proxy Re-Encryption: AFGH scheme

Global parameters:

G1,G2 are groups of prime order q

e : G1 ×G1 → G2 is a bilinear pairing

g ∈ G1,Z = e(g , g) ∈ G2

Primitives:

Key Generation: KG () = (sA, pA)

Re-Encryption Key Generation: RKG (sA, pB) = rA→B

First-level Encryption: E1(m, pA) = c1

Second-level Encryption: E2(m, pA) = c2

Re-Encryption: R(c2, rA→B) = c1

First-level Decryption: D1(c1, sA) = m

Second-level Decryption: D2(c2, sA) = m

Outline Motivation State of the art Results Research Challenges

Proxy Re-Encryption: AFGH scheme

Properties:

Unidirectional

Unihop

Collusion-resistant

Outline Motivation State of the art Results Research Challenges

BlindIDM – Privacy-preserving IDaaS

Cloud Identity Provider Service Provider

Host OrganizationEmployee

belongs to

requestsservice

outsourcesidentity

management

directtrust direct

trust

indirect trust

retrieves identity

provides identityinformation

Figure : Identity Management as a Service Scenario

Outline Motivation State of the art Results Research Challenges

BlindIDM – Privacy-preserving IDaaS

Cloud Identity Provider

Service Provider

Host Organization

rH→SP(pH , sH) (pSP , sSP )

ca c�a

Figure : Information flow within our system

Outline Motivation State of the art Results Research Challenges

Assumptions

Honest-but-curious provider: The cloud provider will respectprotocol fulfillment, but will try to read users’ data

Existing trust relationship between users and requesters⇒ Expressed using SAML Metadata

Outline Motivation State of the art Results Research Challenges

Integration with SAML

User agent Service Provider Cloud Identity Provider Host Organization

Request service

Discovery of the IdP

SAML AuthnRequest

AuthnRequest (User redirection)

SAML AuthnRequest

AuthnRequest (User redirection)

User authentication SAML Response

Response (User redirection)

Re-encryption of user attributes and creation of SAML Response

Response (User redirection)

Decryption of user attributes and verification of SAML Response

Access to service

Figure : Modified SAML Authentication sequence

Outline Motivation State of the art Results Research Challenges

Implementation details

We have implemented:

Prototype implementation using OpenSAML library

AFGH Proxy Re-Encryption scheme using Java Pairing-BasedCryptography library (jPBC)1

1A. D. Caro, http://gas.dia.unisa.it/projects/jpbc

Outline Motivation State of the art Results Research Challenges

Economic analysis

Most of proposals do not analyze their economic impact

Cryptographic operations have an economic cost due tocomputation, communication, etc.⇒ Cloud provider incurs in expenses due to energyconsumption, personnel, ...

Our estimations are based on a research from Chen & Sion2

⇒ They give estimations for computation, storage andcommunication costs, expressed in picocents (1 picocent= 10E−12 USD cent)

We estimate the number of CPU cycles to give anapproximation of the costs

2Y. Chen and R. Sion, “On securing untrusted clouds with cryptography” inProc. 9th annual ACM workshop on Privacy in the electronic society

Outline Motivation State of the art Results Research Challenges

Economic analysis: costs

Table : Costs in picocents for the main operations

Operation Cost per operation Operations per cent

Encryption 4.34E+08 2304

Re-encryption 4.79E+08 2087

Decryption 5.70E+08 1755

Outline Motivation State of the art Results Research Challenges

Economic analysis: example scenario

IDaaS provider that handles 1 million attribute requests perday ⇒ 1 million re-encryptions per day

Approx. 2000 USD per year

Reasonable cost for an average-sized company, consideringthat their information is encrypted at the cloud provider

Outline Motivation State of the art Results Research Challenges

Results

IDaaS is a promising paradigm for organizations

Cloud providers are in a privileged position to gain informationabout their users

We need technical safeguards, such as those based incryptography, to ensure users’ privacy

Outline Motivation State of the art Results Research Challenges

Results

We describe an IDaaS system that handles encryptedattributes and still provides an identity service

Our system is based in SAML and Proxy Re-Encryption

The cloud identity provider transforms encrypted attributesfrom the original users to ciphertexts for the requesters usingre-encryption

Implementation and economic analysis is provided

Outline Motivation State of the art Results Research Challenges

Publications

D. Nunez, and I. Agudo, “BlindIdM: A Privacy-PreservingApproach for Identity Management as a Service”, InInternational Journal of Information Security, vol. 13, issue 2,Springer, pp. 199-215, 2014.

D. Nunez, I. Agudo, and J. Lopez, “Integrating OpenID withProxy Re-Encryption to enhance privacy in cloud-basedidentity services”, In IEEE CloudCom 2012, Dec 2012

D. Nunez, I. Agudo, et al., “Identity Management Challengesfor Intercloud Applications”, In STAVE 2011, June, 2011

I. Agudo, D. Nunez, et al., “Cryptography Goes to theCloud”, In STAVE 2011, June, 2011

Outline Motivation State of the art Results Research Challenges

Next steps

Consider the (un)linkability problem

Granular access control

Deployment of prototype in cloud setting

More efficient and secure cryptographic solutions

Outline Motivation State of the art Results Research Challenges

Research Challenges

Leveraging user-centricity in identity management.

Enhancing users’ privacy in digital transactions that involvetheir identity.

Interoperability of the solutions.

Solutions that reduce the trade-off between anonymity andaccountability.

Exploring and devising new cryptographic techniques forprotecting privacy on cloud-based settings.

Outline Motivation State of the art Results Research Challenges

Thank you!