KTH-SEECS Applied Information Security Lab

National University of Sciences and Technology (NUST)

Cross-domain identity management system for cloud environment

Domain:Cloud Computing Security
Status:  Completed 
Contact Person(s): Umme Habiba , Rahat Masood, Awais Shibli

Date of Completion: March, 2014 

Cloud based identity management is a significant domain with many security challenges that are still needed to be addressed. Proliferation of identity and Personally Identifiable Information (PII) across multiple Cloud environments/sites raises many privacy issues (e.g. compliance to multiple legislations, importance of location, etc.) including the distrust about appropriate handling of user consent and revocation along with effective control of identity data. Therefore it is required to develop security based identity management systems that facilitates the communication among the Cloud Service Providers (CSP); Enterprise Cloud Subscribers (ECS) and Cloud Service Consumers (CSC) along with the assurance of secure management and exchange of the identity credentials. 

 
In this project, we aim to provide a cross-domain identity management system that will ensure adequate handling of user identity credentials within and among multiple Cloud environments. A centralized IDM system will be developed that will function as Identity as a Service at (IDaaS) layer and provide identity management services to Cloud service providers and CSPs, ECSs and CSCs. Externalizing the identity information raise many security challenges so our objective is to ensure secure transmission of Identity information among and in and out of Cloud. Moreover, our solution intends to guarantee delegation of access rights, federation of identity information across multiple Clouds along with the existing features like integrity of identity credentials and provisioning while moving sensitive identity data in Cloud (off-site).  
                  
 

  
Major goals of the proposed system are:

  • Secure exchange and management of user credentials across multiple domains with greater flexibility and ease. 
  • Federation of identities to multiple servers in order to provide security against various attacks on privacy and confidentiality. Identity information is distributed at multiple locations thus in case of any security breach such as theft of identity; loss impact will be minimal.
  • Secure transmission of user identity information across multiple Cloud service providers and Cloud service consumers.
  • A centralized identity management system that will ensure the availability of user personal credentials across multiple Cloud service providers.
  • Fast and easy user movement in and out of Cloud.

 


Project Documents:

  1. Absract  (PDF)
  2. Presentation  (PDF)
  3. Publications

       ►"Assessment Criteria for Cloud Identity Management Systems" (Link)

       ►"Secure Identity Management System for Federated Cloud Environment" (Link)

       ►"Cloud Identity Management Security Issues & Solutions: A Taxonomy" (Link)