SPICE – Simple Privacy-Preserving Identity-Management for Cloud Environment
Identity security and privacy have been regarded as one of the top seven cloud security threats. There are a few identity management solutions proposed recently trying to tackle these problems. However, none of these can satisfy all desirable properties. In particular, unlinkability ensures that none of the cloud service providers (CSPs), even if they collude, can link the transactions of the same user. On the other hand, delegatable authentication is unique to the cloud platform, in which several CSPs may join together to provide a packaged service, with one of them being the source provider which interacts with the clients and performs authentication while the others will be transparent to the clients. Note that CSPs may have different authentication mechanisms that rely on different attributes. Moreover, each CSP is limited to see only the attributes that it concerns.
This paper presents SPICE – the first digital identity management system that can satisfy these properties in addition to other desirable properties. The novelty of our scheme stems from combining and exploiting two group signatures so that we can randomize the signature to make the same signature look different for multiple uses of it and hide some parts of the messages which are not the concerns of the CSP. Our scheme is quite applicable to cloud systems due to its simplicity and efficiency.
KeywordsCloud Computing Digital Identity Management Interoperability Delegation Privacy Unlinkability
Unable to display preview. Download preview PDF.
- 1.Shibboleth, http://shibboleth.internet2.edu
- 3.Alliance, C.S.: Top Threats to Cloud Computing V1.0 (March 2010), https://cloudsecurityalliance.org/topthreats/csathreats.v1.0.pdf
- 4.Angin, P., Bhargava, B.K., Ranchal, R., Singh, N., Linderman, M., Othmane, L.B., Lilien, L.: An Entity-Centric Approach for Privacy and Identity Management in Cloud Computing. In: IEEE Symposium on Reliable Distributed Systems (SRDS), pp. 177–183 (2010)Google Scholar
- 6.Bertino, E., Paci, F., Ferrini, R., Shang, N.: Privacy-preserving Digital Identity Management for Cloud Computing. IEEE Data Eng. Bull. 32(1), 21–27 (2009)Google Scholar
- 7.Boneh, D., Boyen, X., Shacham, H.: Short Group Signatures. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 41–55. Springer, Heidelberg (2004)Google Scholar
- 11.Celesti, A., Tusa, F., Villari, M., Puliafito, A.: Security and Cloud Computing: InterCloud Identity Management Infrastructure. In: WETICE, pp. 263–265. IEEE Computer Society (2010)Google Scholar
- 16.Hussain, M.: The Design and Applications of a Privacy-Preserving Identity and Trust-Management System. PhD thesis, School of Computing, Queen’s University, Canada (2010), http://hdl.handle.net/1974/5520
- 19.Ranchal, R., Bhargava, B.K., Othmane, L.B., Lilien, L., Kim, A., Kang, M.H., Linderman, M.: Protection of Identity Information in Cloud Computing without Trusted Third Party. In: IEEE Symposium on Reliable Distributed Systems (SRDS), pp. 368–372 (2010)Google Scholar
- 20.Rocha, F., Correia, M.: Lucy in the Sky without Diamonds: Stealing Confidential Data in the Cloud. In: DSN Workshop – Dependability of Clouds, Data Centers and Virtual Computing Env., pp. 129–134 (2011)Google Scholar