Browse > Article
http://dx.doi.org/10.3837/tiis.2014.01.017

PRIAM: Privacy Preserving Identity and Access Management Scheme in Cloud  

Xiong, Jinbo (Faculty of Software, Fujian Normal University)
Yao, Zhiqiang (Faculty of Software, Fujian Normal University)
Ma, Jianfeng (Faculty of Software, Fujian Normal University)
Liu, Ximeng (School of Computer Science and Technology, Xidian University)
Li, Qi (School of Computer Science and Technology, Xidian University)
Ma, Jun (School of Computer Science and Technology, Xidian University)
Publication Information
KSII Transactions on Internet and Information Systems (TIIS) / v.8, no.1, 2014 , pp. 282-304 More about this Journal
Abstract
Each cloud service has numerous owners and tenants, so it is necessary to construct a privacy preserving identity management and access control mechanism for cloud computing. On one hand, cloud service providers (CSP) depend on tenant's identity information to enforce appropriate access control so that cloud resources are only accessed by the authorized tenants who are willing to pay. On the other hand, tenants wish to protect their personalized service access patterns, identity privacy information and accessing newfangled cloud services by on-demand ways within the scope of their permissions. There are many identity authentication and access control schemes to address these challenges to some degree, however, there are still some limitations. In this paper, we propose a new comprehensive approach, called Privacy pReserving Identity and Access Management scheme, referred to as PRIAM, which is able to satisfy all the desirable security requirements in cloud computing. The main contributions of the proposed PRIAM scheme are threefold. First, it leverages blind signature and hash chain to protect tenant's identity privacy and implement secure mutual authentication. Second, it employs the service-level agreements to provide flexible and on-demand access control for both tenants and cloud services. Third, it makes use of the BAN logic to formally verify the correctness of the proposed protocols. As a result, our proposed PRIAM scheme is suitable to cloud computing thanks to its simplicity, correctness, low overhead, and efficiency.
Keywords
Privacy preserving; identity authentication; on-demand access control; cloud security; service-level agreement;
Citations & Related Records
Times Cited By KSCI : 2  (Citation Analysis)
연도 인용수 순위
1 J. Xiong, Z. Yao, and J. Ma, "Multilevel access control model for video database," Journal on Communications, vol.33, no.8, pp.147-154, 2012. http://www.joconline.com.cn/ch/reader/view_abstract.aspx?file_no=20120818
2 A. Weimerskirch and D. Westhoff, "Zero common-knowledge authentication for pervasive networks," in Proc. of ACM SAC '03, pp.73-87, 2003.
3 S. Xu and M. Yung, "K-anonymous secret handshakes with reusable credentials," in Proc. of ACM CCS '04, pp.158-167, 2004.
4 J. Kolter, R. Schillinger, and G. Pernul, "A privacy-enhanced attribute-based access control system," in Proc. of DAS XXI '07, pp.129-143, 2007.
5 A. A. Almutairi, M. I. Sarfraz, S. Basalamah, W. G. Aref, and A. Ghafoor, "A distributed access control architecture for cloud computing," IEEE Software, vol.29, pp.36-44, 2012.   DOI   ScienceOn
6 R. Lu, X. Lin, and X. Shen, "SPOC: A secure and privacy-preserving opportunistic computing framework for mobile-healthcare emergency," IEEE Transactions on Parallel and Distributed Systems, vol.24, no.3, pp.614-624, 2013.   DOI   ScienceOn
7 X. Lin, R. Lu, X. Shen, Y. Nemoto and N. Kato, "SAGE: A strong privacy-preserving scheme against global eavesdropping for eHealth systems," IEEE Journal on Selected Areas in Communications, vol.27, no.4, pp.365-378, 2009.   DOI   ScienceOn
8 K. Ren, W. Lou, K. Kim, and R. Deng, "A novel privacy preserving authentication and access control scheme for pervasive computing environments," IEEE Transactions on Vehicular Technology, vol. 55, pp.1373-1384, 2006.   DOI   ScienceOn
9 C. T. Li, M. S. Hwang, and Y. P. Chu, "Further improvement on a novel privacy preserving authentication and access control scheme for pervasive computing environments," Computer Communications, vol. 31, pp. 4255-4258, 2008.   DOI   ScienceOn
10 Z. Tan, "A lightweight conditional privacy-preserving authentication and access control scheme for pervasive computing environments," Journal of Network and Computer Applications, vol. 35, pp. 1839-1846, 2012.   DOI   ScienceOn
11 M. Ruckert, and D. Schroder, "Fair partially blind signatures," in Proc. of Africacrypt '10, pp. 34-51, 2010.
12 S. Ruj, M. Stojmenovic, and A. Nayak, "Privacy preserving access control with authentication for securing data in clouds," in Proc. of IEEE/ACM CCGrid '12, pp.556-563, 2012.
13 J. Li, M. H. Au, W. Susilo, D. Xie, and K. Ren, "Attribute-based signature and its applications," in Proc. of ACM ASIACCS '10, pp.60-69, 2010.
14 J. Xiong, Z. Yao, and J. Ma, "PRAM: privacy preserving access management scheme in cloud services," in Proc. of ACM ASIACCS cloudcomputing '13, pp.41-46, 2013.
15 R. C. Merkle, "One way hash functions and DES," in Proc. of CRYPTO '89, pp.428-446, 1990.
16 Q. He, D. Wu, and P. Khosla, "The quest for personal control over mobile location privacy," IEEE Communications Magazine, vol.42, pp.130-136, 2004.   DOI   ScienceOn
17 J. Chen, G. Wu, and Z. Ji, "Secure interoperation of identity managements among different circles of trust," Computer Standards & Interfaces, vol.33, pp.533-540, 2011.   DOI   ScienceOn
18 H. Yang, H. Kim, H. Li, E. Yoon, X. Wang, and X. Ding, "An efficient broadcast authentication scheme with batch verification for ADS-B messages," KSII Transactions on Internet and Information Systems (TIIS), vol.7, no.10, pp.2544-2560, 2013.   DOI   ScienceOn
19 R. Ranchal, B. Bhargava, L. B. Othmane, L. Lilien, A. Kim, and M. Kang, "Protection of identity information in cloud computing without trusted third party," in Proc. IEEE RDS '10, pp. 368-372, 2010.
20 C. T. Li, C. C. Lee, C. Y. Weng, and C. I. Fan, "An extended multi-server-based tenant authentication and key agreement scheme with tenant anonymity," KSII Transactions on Internet and Information Systems (TIIS), vol. 7, no.1, pp.119-131, 2013.   DOI
21 X. Liu, J. Ma, and J. Xiong, "Ciphertext policy weighted attribute based encryption scheme," Journal of Xi'an Jiaotong University, vol.47, no.8, pp.44-48, 2013. http://d.wanfangdata.com.cn/periodical_xajtdxxb201308008.aspx
22 J. Xiong, Z. Yao, and J. Ma, "Action-based multilevel access control for structured document," Journal of Computer Research and Development, vol.50, no.7, pp.1399-1408, 2013. http://d.wanfangdata.com.cn/periodical_jsjyjyfz201307005.aspx
23 G. Wang, Q. Liu, and J. Wu, "Hierarchical attribute-based encryption for fine-grained access control in cloud storage services," in Proc. of ACM CCS '10, pp.735-737, 2010.
24 X. Liu, J. Ma, J. Xiong, and G. Liu, "Ciphertext-policy hierarchical attribute-based encryption for fine-grained access control of encryption data," International Journal of Network Security, vol.16, no.4, pp.351-357, 2014. http://ijns.femto.com.tw/contents/ijns-v16-n6/ijns-2014-v16-n6-p437-443.pdf
25 F. Zhao, T. Nishide, and K. Sakurai, "Realizing fine-grained and flexible access control to outsourced data with attribute-based cryptosystems," in Proc. of ISPEC '11, pp.83-97, 2011.
26 M. Nabeel, E. Bertino, and M. Kantarcioglu, "Towards privacy preserving access control in the cloud," in Proc. of CollaborateCom '11, pp.172-180, 2011. http://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=6144802
27 S. C. Yu, C. Wang, K. Ren, and W. J. Lou, "Achieving secure, scalable, and fine-grained data access control in cloud computing," in Proc. of INFOCOM '10, pp.1-9, 2010.
28 E. Bertino, F. Paci, R. Ferrini, and N. Shang, "Privacy-preserving digital identity management for cloud computing," Data Engineering, vol. 32, pp.21-27, 2009. http://sites.computer.org/debull/A09mar/A09MAR-CD.pdf#page=23
29 S. Subashini and V. Kavitha, "A survey on security issues in service delivery models of cloud computing," Journal of Network and Computer Applications, vol. 34, pp.1-11, 2011.   DOI   ScienceOn
30 S. Chow, Y. J. He, L. Hui, and S. Yiu, "SPICE: Simple privacy-preserving identity-management for cloud environment," in Proc. of Applied Cryptography and Network Security, pp.526-543, 2012.
31 J. Chen, Y. Wang, and X. Wang, "On-demand security architecture for cloud computing," Computer, vol. 45, pp.73-78, 2012.
32 X. Lin, and X. Li, "Achieving efficient cooperative message authentication in vehicular ad hoc networks," IEEE T. Vehicular Technology, vol.62, no.7, pp.3339-3348, 2013.   DOI   ScienceOn
33 D. Chaum, "Blind signatures for untraceable payments," in Proc. Of Crypto '82, pp.199-203, 1982.
34 L. Lamport, "Password authentication with insecure communication," Communications of the ACM, vol. 24, pp.770-772, 1981.   DOI   ScienceOn
35 M. Burrows, M. Abadi, and R. Needham, "A logic of authentication," in Proc. of the RSLA '89, pp.233-271, 1989. http://rspa.royalsocietypublishing.org/content/426/1871/233.short
36 R. Lu, X. Liang, X. Li, X. Lin, and X. Shen, "EPPA: An efficient and privacy-preserving aggregation scheme for secure smart grid communications," IEEE Transactions on Parallel and Distributed Systems, vol.23, no.9, pp.1621-1631, 2012.   DOI   ScienceOn
37 R. Lu, X. Lin, X. Liang, and X. Shen, "A dynamic privacy-preserving key management scheme for location-based services in VANETs," IEEE Transactions on Intelligent Transportation Systems, vol.13, no.1, pp.127-139, 2012.   DOI   ScienceOn
38 H. Zhu, T. Liu, and G. Wei, "PPAS: privacy protection authentication scheme for VANET," Cluster Computing, pp.1-14, 2013.
39 P. Angin, B. Bhargava, R. Ranchal, N. Singh, M. Linderman, and L. B. Othmane, "An entity- centric approach for privacy and identity management in cloud computing," in Proc. of IEEE RDS '10, pp.177-183, 2010.
40 J. Chen, G. Wu, L. Shen, and Z. Ji, "Differentiated security levels for personal identifiable information in identity management system," Expert Systems with Applications, vol.38, pp. 14156-14162, 2011.
41 H. Takabi, J. B. D. Joshi, and G. J. Ahn, "Security and privacy challenges in cloud computing environments," Security & Privacy, IEEE, vol. 8, pp.24-31, 2010.   DOI   ScienceOn
42 M. Van Dijk and A. Juels, "On the impossibility of cryptography alone for privacy-preserving cloud computing," in Proc. of the 5th USENIX conference on Hot topics in security, pp.1-8, 2010. http://portal.acm.org/citation.cfm?id=1924934