Armazenamento Seguro de Credenciais e Atributos de Usuários em Federação de Clouds
Abstract
The use of cloud computing and cloud federations has been the focus of studies. Many of these infrastructures delegate their authentication to Identity Providers. Once these services are available through the Internet, concerns about the confidentiality of user credentials and attributes are high. The main focus of this work is the security of the credentials and user attributes in authentication infrastructure, exploring secrets sharing techniques and using clouds federation as a base for the storage of this information.
References
Angin, P., Bhargava, B., Ranchal, R., et al. (oct 2010). An Entity-Centric Approach for Privacy and Identity Management in Cloud Computing. 2010 29th IEEE Symposium on Reliable Distributed Systems, p. 177–183.
Barreto, L., Siqueira, F., Fraga, J. and Feitosa, E. (2013). An Intrusion Tolerant Identity Management Infrastructure for Cloud Computing Services. In 2013 IEEE International Conference On Web Services.
Bertino, E., Lafayette, W., Paci, F. and Ferrini, R. (2009). Privacy-preserving Digital Identity Management for Cloud Computing. Identity, v. 32, p. 1–7.
Bessani, A., Correia, M., Quaresma, B. and Sousa, P. (2011). DEPSKY: Dependable and Secure Storage in a Cloud-of-Clouds. European Systems Conference.
Böger, D., Barreto, L., Fraga, J., et al. (2011). User-Centric Identity Management Based on Secure Elements. n. 590047.
Boneh, D., Boyen, X. and Shacham, H. (2004). Short Group Signatures. Advances in Cryptology - CRYPTO 2004, v. 3152, p. 227–242.
Burr, W. E., Dodson, D. F. and Polk, W. T. (2006). Electronic authentication guideline. NIST Special Publication, v. 800:63.
Celesti, A., Tusa, F., Villari, M. and Puliafito, A. (2010). How to Enhance Cloud Architectures to Enable Cross-Federation. In Cloud Computing (CLOUD), 2010 IEEE 3rd International Conference on.
Chow, S., He, Y., Hui, L. and Yiu, S. (2012). Spice–simple privacy-preserving identity-management for cloud environment. Applied Cryptography and Network, p.526–543.
Grozev, N. and Buyya, R. (2012). Inter-Cloud architectures and application brokering: taxonomy and survey. Software: Practice and Experience, p. 1–22.
Jøsang, A., Fabre, J., Hay, B., Dalziel, J. and Pope, S. (2005). Trust requirements in identity management. CRPIT ’44: Proceedings of the 2005 Australasian workshop on Grid computing and e-research, p. 99–108.
Nuñez, D. and Agudo, I. (2014). BlindIdM: A privacy-preserving approach for identity management as a service. International Journal of Information Security, p. 199–215.
Rabin, M. O. (1989). Efficient dispersal of information for security, load balancing, and fault tolerance. Journal of the ACM, v. 36, n. 2, p. 335–348.
Schoenmakers, B. (1999). A Simple Publicly Verifiable Secret Sharing Scheme and its Application to Electronic Voting. Advances in Cryptology (CRYPTO99), p. 148–164.
Shamir, A. (1979). How to share a secret. Communications of the ACM, p. 612–613.
Sujana, B., Tejaswini, P., Srinivasulu, G. and Karimulla, S. (2013). Secure Framework for Data Storage from Single to Multi clouds in Cloud Networking. v. 2, n. 2.
Yan, L., Rong, C. and Zhao, G. (2009). Strengthen cloud computing security with federal identity management using hierarchical identity-based cryptography. p. 167–177.
Barreto, L., Siqueira, F., Fraga, J. and Feitosa, E. (2013). An Intrusion Tolerant Identity Management Infrastructure for Cloud Computing Services. In 2013 IEEE International Conference On Web Services.
Bertino, E., Lafayette, W., Paci, F. and Ferrini, R. (2009). Privacy-preserving Digital Identity Management for Cloud Computing. Identity, v. 32, p. 1–7.
Bessani, A., Correia, M., Quaresma, B. and Sousa, P. (2011). DEPSKY: Dependable and Secure Storage in a Cloud-of-Clouds. European Systems Conference.
Böger, D., Barreto, L., Fraga, J., et al. (2011). User-Centric Identity Management Based on Secure Elements. n. 590047.
Boneh, D., Boyen, X. and Shacham, H. (2004). Short Group Signatures. Advances in Cryptology - CRYPTO 2004, v. 3152, p. 227–242.
Burr, W. E., Dodson, D. F. and Polk, W. T. (2006). Electronic authentication guideline. NIST Special Publication, v. 800:63.
Celesti, A., Tusa, F., Villari, M. and Puliafito, A. (2010). How to Enhance Cloud Architectures to Enable Cross-Federation. In Cloud Computing (CLOUD), 2010 IEEE 3rd International Conference on.
Chow, S., He, Y., Hui, L. and Yiu, S. (2012). Spice–simple privacy-preserving identity-management for cloud environment. Applied Cryptography and Network, p.526–543.
Grozev, N. and Buyya, R. (2012). Inter-Cloud architectures and application brokering: taxonomy and survey. Software: Practice and Experience, p. 1–22.
Jøsang, A., Fabre, J., Hay, B., Dalziel, J. and Pope, S. (2005). Trust requirements in identity management. CRPIT ’44: Proceedings of the 2005 Australasian workshop on Grid computing and e-research, p. 99–108.
Nuñez, D. and Agudo, I. (2014). BlindIdM: A privacy-preserving approach for identity management as a service. International Journal of Information Security, p. 199–215.
Rabin, M. O. (1989). Efficient dispersal of information for security, load balancing, and fault tolerance. Journal of the ACM, v. 36, n. 2, p. 335–348.
Schoenmakers, B. (1999). A Simple Publicly Verifiable Secret Sharing Scheme and its Application to Electronic Voting. Advances in Cryptology (CRYPTO99), p. 148–164.
Shamir, A. (1979). How to share a secret. Communications of the ACM, p. 612–613.
Sujana, B., Tejaswini, P., Srinivasulu, G. and Karimulla, S. (2013). Secure Framework for Data Storage from Single to Multi clouds in Cloud Networking. v. 2, n. 2.
Yan, L., Rong, C. and Zhao, G. (2009). Strengthen cloud computing security with federal identity management using hierarchical identity-based cryptography. p. 167–177.
Published
2016-11-07
How to Cite
BARRETO, Luciano; SCHEUNEMANN, Leomar; FRAGA, Jonice da Silva; SIQUEIRA, Frank.
Armazenamento Seguro de Credenciais e Atributos de Usuários em Federação de Clouds. In: BRAZILIAN SYMPOSIUM ON CYBERSECURITY (SBSEG), 16. , 2016, Niterói.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2016
.
p. 254-267.
DOI: https://doi.org/10.5753/sbseg.2016.19312.
