Browse > Article
http://dx.doi.org/10.13089/JKIISC.2016.26.3.573

IAM Architecture and Access Token Transmission Protocol in Inter-Cloud Environment  

Kim, Jinouk (Soongsil University)
Park, Jungsoo (Soongsil University)
Yoon, Kwonjin (Soongsil University)
Jung, Souhwan (Soongsil University)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.26, no.3, 2016 , pp. 573-586 More about this Journal
Abstract
With the adoption of cloud computing, the number of companies that take advantage of cloud computing has increased. Additionally, various of existing service providers have moved their service onto the cloud and provided user with various cloud-based service. The management of user authentication and authorization in cloud-based service technology has become an important issue. This paper introduce a new technique for providing authentication and authorization with other inter-cloud IAM (Identity and Access Management). It is an essential and easy method for data sharing and communication between other cloud users. The proposed system uses the credentials of a user that has already joined an organization who would like to use other cloud services. When users of a cloud provider try to obtain access to the data of another cloud provider, part of credentials from IAM server will be forwarded to the cloud provider. Before the transaction, Access Agreement must be set for granting access to the resource of other Organization. a user can access the resource of other organization based on the control access configuration of the system. Using the above method, we could provide an effective and secure authentication system on the cloud.
Keywords
Token; Inter-Cloud; JWT; Access Agreement; IAM;
Citations & Related Records
Times Cited By KSCI : 3  (Citation Analysis)
연도 인용수 순위
1 M. Jensen, J. Schwenk, N. Gruschka and L. L. Iacono, "On Technical Security Issues in Cloud Computing," IEEE International Conference on Cloud Computing, pp. 109-116, Sep. 2009.
2 S. Subashini and V. Kavitha, "A Survey on Security Issues in Service Delivery Models of Cloud Computing," Journal of network and Computer Application, vol. 10, no.2, pp. 1-11, Jan. 2011.
3 J. Lee, J. Son, H. Kim and H. Oh, "An Authentication Scheme for Providing to User service Transparency in Multi cloud Environment," Journal of the Korea Institute of Information Security and Cryptology, vol. 23, no. 6, pp. 1131-1141, Dec 2013.   DOI
4 Cloud Security Alliance, "Security Guidance for critical areas of focus in cloud computing v3.0", https://cloudsecurityalliance.org/guidance/csaguide.v3.0.pdf, Nov 2011.
5 Cloud Security Alliance, "Top Threats to Cloud Computing Survey Results Update 2012", https://downloads.cloudsecurityalliance.org/initiatives/top_threats/Top_Threats_Cloud_Computing_Survey_2012.pdf, 2012.
6 K. Son, T. Lee and D. Won, "Design for Zombie PCs and APT Attack Detection based on traffic analysis," Journal of the Korea Institute of Information Security and Cryptology, vol. 24, no. 3, pp 491-498, Jun 2014.   DOI
7 A. Mahajan, S. Sharma, "The Malicious Insiders Threat in the Cloud," International Journal of Engineering Research and General Science, vol. 3, no. 2, pp. 245-256, Mar-Apr. 2015.
8 D. M. MANGIUC, "Cloud Identity and Access Management-A Model Proposal," In Proceedings of the 7th International Conference Accounting and management information systems AMIS, pp. 1014-1027, Jun. 2012.
9 W. Diffie and M. E. Hellman, "New directions in cryptography," IEEE Transactions on Information Theory, vol. IT-22, no. 6, pp. 644-654, Nov 1976.
10 A. Gopalakrishnan, "Cloud computing identity management," SETLabs briefings 7.7, pp. 45-55, 2009.
11 Varia, Jinesh. "Best practices in architecting cloud applications in the AWS cloud," Cloud Computing: Principles and Paradigms, pp 459-490, 2011.
12 B. Zwattendorfer, T. Zefferer and K. Stranacher, "An Overview of Cloud Identity Management-Models," WEBIST 2014, pp. 82-92, Apr. 2014.
13 M. Ates, S. Ravet, A. M. Ahmat, and J. Fayolle, "An Identity-Centric Internet: Identity in the Cloud, Identity as a Service and other delights," ARES 2011, pp. 555-560, Aug. 2011.
14 B. Zwattendorfer, K. Stranacher, and A. Tauber, "Towards a Federated Identity as a Service Model," Lecture Notes in Computer Science, pp. 43-57, 2013.
15 M. Jones, J. Bradley, N. Sakimura, "JSON Web Token (JWT)," Internet Engineering Task Force (IETF) RFC 7519, May. 2015.
16 D. Hardt, Ed.,"The OAuth 2.0 Authorization framework," Internet Engineering Task Force (IETF) RFC 6749, Oct. 2012.
17 H. Krawczyk, M. Bellare, R. Canetti, "HMAC: Keyed-Hashing for Message Authentication," Internet Engineering Task Force (IETF), Feb. 1997.
18 J. Kim, J. Park, M. Park and S. Jung, "IAM Clustering Architecture for Inter-Cloud Environment," The Journal of Korean Institute of Communications and Information Sciences, vol. 40, no. 5, pp. 860-862, May. 2015.   DOI
19 D. Nunez, I. Agudo and J. Lopez, "Leveraging Privacy in Identity Management as a Service through Proxy Re-Encryption," ESOCC 2013, pp. 42-47, Sep. 2013.
20 E. Birrell and F. B. Schneider, "Federated Identity Management System: A Privacy-Based Characterization," IEEE Security and Privacy, vol. 11, no. 5, pp. 36-48, Sep. 2013.