Abstract
Nowadays, we are moving quickly to a new Identity concept due to the cloud computing paradigm called Identity as a Service (IDaaS). However, the one Identity adoption for all services access does not bring only good news. Hackers are increasing more and more their attacks based Identity theft. This means that the security of Identity itself becomes a threat vector. Therefore, this paper focuses on the concept of using Virtual Identity (\(V_{ID}\)) under the framework of IDaaS. This IDaaS is well known for Software as a Service (SaaS) cloud deployment model authentication. It can be delivered by a a third party Identity providers for the whole identity management approach including the creation process, the authentication mechanism and the identity privacy assurance level. Moreover, the proposed \(V_{ID}\) mechanism for IDaaS framework is considered as a new realization for anonymous Single Sign On (SSO) in this distributed cloud services environments. Actually, we proposed the \(V_{ID}\) creation framework using Elliptic Curve Cryptography (ECC). After we designed the two approaches either Identity Based Encryption (IBE) or Pseudonym Based Encryption (PBE), we implemented them by MIRACL security library. In order to judge on our solutions security measure, we used the (AVISPA) tool to assess the IBE and PBE protocols vulnerabilities. AVISPA: Automated Validation of Internet Security Protocols and Applications uses a group of applications to build and analyze the formal models of many known or designed security protocols. Through its language structure, we built our communication protocols in a descriptive way. The analysis of our \(V_{ID}\) proposed approaches based on IBE and PBE using AVISPA back-ends indicated that both of them are safe (i.e. no attacks found). So, the \(V_{ID}\) proposed approaches based on IBE and PBE are suitable and scalable enough to secure the anonymous communication in cloud services environment comparing to the state of the art solutions.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
TechVision Reserch report, The Future of Identity Management (2018-2023), Available Online: (Last Access: June 2020)
Gomaa, I. A., & Abd-Elrahman, E. (2015). A novel virtual identity implementation for anonymous communication in cloud environments. Procedia Computer Science, 63, 32–39.
MIRACL Library. [Avilable Online June 2020]. https://libraries.docs.miracl.com/
Aranha, D., Barreto, P., Pereira, R., & Ricardini, J. (2020). A note on high-security general-purpose elliptic curves. https://eprint.iacr.org/2013/647.pdf [Avilable Online June 2020]
AVISPA. [Avilable Online June 2020]. http://www.avispa-project.org/
Boneh, D., & Franklin, M. (2003). Identity-based encryption from the weil pairing. SIAM Journal on Computing, 32(3), 586–615.
Huang, D. (2007). Pseudonym-based cryptography for anonymous communications in mobile ad hoc networks. International Journal of Security and Networks, 2(3–4), 272–283.
Chaum, D. L. (1981). Untraceable electronic mail, return addresses, and digital pseudonyms. Communications of the ACM, 24(2), 84–90.
Danezis, G., Dingledine, R., & Mathewson, N. (2003). Mixminion: Design of a Type III Anonymous Remailer Protocol. In Proceedings of the 2003 IEEE Symposium on Security and Privacy (pp. 2–15). DC, USA: Washington.
Syverson, P. F., Goldschlag, D. M., & Reed, M. G. (1997). Anonymous connections and onion routing. In Proceedings of the 1997 IEEE Symposium on Security and Privacy (pp. 482–494). DC, USA: Washington.
Reiter, M. K., & Rubin, A. D. (1997). Crowds: Anonymity for Web Transactions. ACM Transactions on Information and System Security, 1, 66–92.
Chaum, D. (1988). The dining cryptographers problem: Unconditional sender and recipient untraceability. Journal of cryptology, 1(1), 65–75.
Ren, J., Harn, L., & Li, T. ( 2007). A novel provably secure anonymous communication (PSAC) scheme. In International Conference on Wireless Algorithms, Systems and Applications (WASA 2007), 2007, (pp. 275–280).
Yao, Y., Chang, X., Misic, J., & Misic, V. B. (2020). Lightweight and privacy-preserving ID-as-a-service provisioning in vehicular cloud computing. IEEE Transactions on Vehicular Technology, 69(2), 2185–2194.
Kaur, K., Garg, S., Kaddoum, G., Guizani, M., & Jayakody, D. N. K. (2019). A lightweight and privacy-preserving authentication protocol for mobile edge computing. In 2019 IEEE Global Communications Conference (GLOBECOM) (pp. 1–6). HI, USA: Waikoloa.
Vo, T. H., Fuhrmann, F. W., Fischer-Hellmann, K. P., & Furnell, S. (2019). Identity-as-a-service: An adaptive security infrastructure and privacy-preserving user identity for the cloud environment. Future Internet, 11(116), 1–25.
Shunmuganathan, S., Saravanan, R. D., & Palanichamy, Y. (2015). Secure and efficient smart-cardbased remote user authentication scheme for multiserver environment. Canadian Journal of Electrical and Computer Engineering, 38(1), 20–30.
Jangirala, S., Mukhopadhyay, S., & Das, A. K. (2017). A multi-server environment with secure and efficient remote user authentication scheme based on dynamic ID using smart cards. Wireless Personal Communications, 95(3), 2735–2767.
Sahoo, S. S., Mohanty, S., & Majhi, B. (2018). An improved and secure two-factor dynamic ID based authenticated key agreement scheme for multiserver environment. Wireless Personal Communications, 101(3), 1307–1333.
Rivest, R. L., Shamir, A., & Tauman, Y. (2001). How to Leak a Secret. In Advances in Cryptology - ASIACRYPT 2001 (pp. 552–565). Berlin, Heidelberg: Springer.
Huang, D. (2007). Pseudonym-based cryptography for anonymous communications in mobile ad hoc networks. International Journal of Security and Networks, 2(3–4), 272–283.
Gomaa, I., Said, A., Abd-Elrahman, E., Hamdy, A., & Saad, E. (2017). Performance evaluation of virtual identity approaches for anonymous communication in distributed environments. Procedia Computer Science, 109, 710–717.
Moller, B. (2003). Provably secure public-key encryption for length-preserving chaumian mixes. In Proceedings of the 2003 RSA Conference on The Cryptographers’ Track (pp. 244–262). Heidelberg: Berlin.
Gomaa, I. A., Hamdy, A., Saad, E. M., & Abd-Elrahman, E. (2017). Security assessment of virtual identity approaches. In 2017 International Conference on Electrical and Computing Technologies and Applications (ICECTA) (pp. 1-5), Ras Al Khaimah.
Jacquemard, F., Rusinowitch, M., & Vigneron, L. (2000). Compiling and verifying security protocols. In Proceedings of LPAR 2000, LNCS 1955, (pp. 131–160), Springer
Vigano, L. (2006). Automated Security Protocol Analysis With the AVISPA Tool. Electronic Notes in Theoretical Computer Science, 155, 61–86.
Heather, J., Lowe, G., Schneider, S. (2000). How to prevent type flaw attacks on security protocols. In CSFW’00 (pp. 255), Chicago: IEEE Computer Society Press. https://doi.org/10.1145/352600.352607.
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Gomaa, I., Abd-Elrahman, E., Hamdy, A. et al. Automated Security Assessment for IDaaS Framework. Wireless Pers Commun 116, 3465–3490 (2021). https://doi.org/10.1007/s11277-020-07860-8
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11277-020-07860-8