SAML based context aware IDM a fine-grained proxy re-encryption approach to improve the privacy of users identity data in cloud environment

  • Authors

    • T S Srinivasa Reddy Modugula
    • B Vijaya Babu
    • Sunitha Pachala
    • Rupa Chiramdasu
    • L Sumalatha
    2018-03-18
    https://doi.org/10.14419/ijet.v7i2.7.10274
  • Cloud computing, Identity management, privacy-enhancing, cloud security, data protection, securing digital identities.
  • Cloud computing has made tremendous changes in IT industry by offering various services ranging from Iaas, Saas, Paas, Daas, IDaas to Xaas i.e. everything as a service. Identity as a service is one of the popular service offered by cloud providers which is used for Identity and Access Management which reduces the burden of identity management to companies. As the Identity data of user's moves out of organizational boundaries to cloud servers, the control over identity data is lost thereby security and privacy issues arise. To address these issues many Identity management systems have been proposed but none of them provided privacy at the fine-grained level. In this paper, we propose a SAML based ContextawareIdM, a model for fine-grained privacy-preserving identity as a service which employs Identity-based conditional proxy re-encryption to maintain and operate identity data's privacy at a fine-grained level.

  • References

    1. [1] Blaze M, Bleumer G, Strauss M, 1998 Divertible Protocols and Atomic Proxy Cryptography in Proc. Int. Conf. Theory Appl. Cryptographic Techn: Adv.Cryptol: 127-144.

      [2] Yevgeniy Dodis and Anca Ivan,2003 Proxy cryptography revisited. In Proceedings of the Tenth Network and Distributed System Security Symposium.

      [3] Mambo M, Okamoto E,1997 Proxy Cryptosystems: Delegation of the Power to Decrypt Ciphertexts, IEICE Trans. Fundamentals of Electronics, Comm. and Computer Sciences, 80(1):54-63.

      [4] Giuseppe Ateniese, Kevin Fu, Matthew Green, Susan Hohenberger, 2005, Improved proxy re-encryption schemes with applications to secure distributed storage, In Proceedings of the 12th Annual Network and Distributed System Security Symposium:29-44.

      [5] Green M., Ateniese G, 2007, Identity-Based Proxy Re-encryption. In: Katz J., Yung M. (eds) Applied Cryptography and Network Security. Lecture Notes in Computer Science, volume 4521:288-306. Springer, Berlin, Heidelberg.

      [6] Chu CK., Weng J, Chow S.S.M, Zhou, Deng R.H, 2009, Conditional Proxy Broadcast Re-Encryption. In: Boyd C., Gonzalez Nieto J. (eds) Information Security and Privacy. Australasian Conference on Information Security and Privacy Lecture Notes in Computer Science, volume 5594: 327-342, Springer, Berlin, Heidelberg.

      [7] Ateniese G, Benson K, Hohenberger S, 2009, Key-Private Proxy Re-encryption. In: Fischlin M. (eds) Topics in Cryptology – CT-RSA 2009. Lecture Notes in Computer Science, volume 5473: 279-294, Springer, Berlin, Heidelberg.

      [8] Qiang Tang, 2008, Type-Based Proxy Re-Encryption and Its Construction, Proceeding INDOCRYPT, 08 Proceedings of the 9th International Conference on Cryptology in India: Progress in Cryptology:130–144, Springer-Verlag Berlin, Heidelberg.

      [9] Goyal V, Pandey O, Sahai A, and Waters B,2006, Attribute-Based Encryption for Fine-Grained Access Control of Encrypted Data, Proceeding CCS '06 Proceedings of the 13th ACM conference on Computer and communications security: 89-98.

      [10] Sahai A, Waters B, 2005, Fuzzy identity-based encryption, in Proc. EUROCRYPT 05, volume 3494 of Lecture Notes in Computer Science:457-473, Springer, Heidelberg.

      [11] Emura K, Miyaji A, Omote K, 2011, A timed-release proxy re-encryption scheme IEICE Transactions on fundamentals of electronics, communications and computer sciences, E- 94-A (8):1682-1695.

      [12] Saduqulla S and Karimulla S, 2013, Threshold Proxy Re-Encryption in Cloud Storage System, International Journal of Advanced Research in Computer Science and Software Engineering, Volume3, Issue 11.

      [13] Praveen Chandar P, Muthuraman D, Rathinrai M, 2014, Hierarchical Attribute-Based Proxy Re-Encryption Access Control in Cloud Computing 2014 International Conference on Circuit, Power and Computing Technologies [ICCPCT].

      [14] Liming Fang, Willy Susilo, Chunpeng Ge, Jiandong Wang, 2012, Hierarchical conditional proxy re-encryption, Elsevier, Computer Standards & Interfaces, Volume 34, Issue 4:380-389.

      [15] Weng J, Yang Y, Tang Q, Deng R.H, Bao F, 2009, Efficient Conditional Proxy Re-encryption with Chosen-Ciphertext Security. In: Samarati P., Yung M., Martinelli F., Ardagna C.A. (eds) Information Security. ISC 2009. Lecture Notes in Computer Science, volume 5735:151-166 Springer, Berlin, Heidelberg.

      [16] Jae Woo Seo, Dae Hyun Yum, Pil Joong Lee, 2013, Proxy-invisible CCA-secure type-based proxy re-encryption without random oracles, Theoretical Computer Science, Volume 491, 17 :83-93, Elsevier.

      [17] Shao J, Wei G, Ling Y, Xie M, 2011, Identity-based Conditional Proxy Re-encryption. Proceedings of IEEE ICC 2011, Kyoto, Japan, 5-9 June:1-5. IEEE, USA.

      [18] Kaitai Liang, Zhen Liu, Xiao Tan, Duncan S. Wong, Chunming Tang, 2013, A CCA-Secure Identity- Based Conditional Proxy Re-Encryption without Random Oracles. Proceedings of ICISC 2012, Seoul, Korea, 28-30 November:231-246, Springer-Verlag, Berlin.

      [19] Chunpeng Ge, Willy Susilo, Jiandong Wang, Liming Fang, 2017, Identity-based conditional proxy re-encryption with fine grain policy, Computer Standards & Interfaces, Volume 52, May 2017:1–9, Elsevier.

      [20] Kaitai Liang, Joseph K. Liu, Duncan S. Wong, Willy Susilo, 2014, An Efficient Cloud-Based Revocable Identity-Based Proxy Re-encryption Scheme for Public Clouds Data Sharing. In: Kutyłowski M., Vaidya J. (eds) Computer Security-ESORICS 2014.Lecture Notes in Computer Science, vol 8712, Springer.

      [21] JunJie Qiu, YoungSil Lee, HoonJae Lee, 2014, Identity-based Conditional Proxy Re-Encryption Without Random Oracles, International Conference on Information and Communication Technology Convergence (ICTC), IEEE-2014.

      [22] Josang A, Fabre J, Hay B, Dalziel J, and Pope S, 2005, Trust Requirements in Identity Management. Proceedings of the 2005 Australasian workshop on Grid computing and e-research: 99–108.

      [23] Josang A and Pope S, 2005, User Centric Identity Management. AusCERT 2005.

      [24] Josang A, Zomai M.A, and Suriadi S. 2007, Usability and privacy in identity management architectures. In Proceedings of the fifth Australasian Symposium on ACSW frontiers - Volume 68:143-152.

      [25] Cao Y and Yang L ,2010, A survey of Identity Management technology. In IEEE ICITIS 2010:287– 293, IEEE.

      [26] Bernd Zwattendorfer, Thomas Zefferer, Klaus Stranacher, 2014, An Overview of Cloud Identity Management-Models, 10th International Conference on Web Information Systems and Technologies (WEBIST):82-92.

      [27] David Nunez, Isaac Agudo, 2014, BlindIdM: A privacy-preserving approach for identity management as a service, International Journal of Information Security Archive Volume 13, Issue 2:199-215, Springer-Verlag Berlin, Heidelberg.

      [28] Nunez D, Agudo I, and Lopez J, 2012, Integrating OpenID with Proxy Re-Encryption to enhance privacy in cloud-based identity services, IEEE CloudCom 2012: 241 – 248.

  • Downloads

  • How to Cite

    S Srinivasa Reddy Modugula, T., Vijaya Babu, B., Pachala, S., Chiramdasu, R., & Sumalatha, L. (2018). SAML based context aware IDM a fine-grained proxy re-encryption approach to improve the privacy of users identity data in cloud environment. International Journal of Engineering & Technology, 7(2.7), 108-113. https://doi.org/10.14419/ijet.v7i2.7.10274