Proposed Identity and Access Management in Future Internet (IAMFI): A Behavioral Modeling Approach
DOI:
https://doi.org/10.13052/jicts2245-800X.211Keywords:
IAMFI, Future Internet, Access Control, Identity, Cloud, Attribute-based encryption, Attack ModelAbstract
The Future Internet (FI) sees the world of objects completely connected over the Internet all the time. It is like opening one’s network doors of say home, companies and organizations to the world where it increases efficiency but at any case should not compromise security by exposing sensitive information, presenting tremendous challenge towards access control and identity management in FI. A well-managed identity management system should provide necessary tools for controlling user access and access to critical information. A fitting example will be the IoT (Internet of Things) where every object will be smart and will take advantage of cloud for storage and processing power.
In this paper we provide an introduction to Identity and access management in FI followed by a simplified architecture of the FI and its components. We then proceed by providing a short description about the frequent threats to data stored on cloud along with possible mitigation techniques to the threats.We also provide a comparative study of existing work on access control and propose a method to overcome the limitation of the existing techniques where sensitive organizational information (access policy) is exposed to the cloud. We address this issue in IAMFI by extending the Attribute based encryption technique and allowing users to have control over their attribute exposure at the time of requesting access. We also provide a mechanism in IAMFI for distributed attribute and key management for various users thereby reducing the overhead at a single site.
Downloads
References
http://en.wikipedia.org/wiki/Internet
http://www.washingtonpost.com/blogs/the-switch/wp/2013/11/04/how- we-know-the-nsa-had-accessto-internal-google-and-yahoo-cloud- data/
http://www.csoonline.com/article/205053/the-abcs-of-identity-manage- ment
https://vsis-www.informatik.uni-hamburg.de/getDoc.php/publications/ 201/BaierKunze04-INetSec.pdf
http://www.zdnet.com/access-control-changes-a-must-for-future-safe- internet-vint-cerfsays[7000018569/
HolgerKinkelin, HeikoNiedermayer, Ralph Holz, and Georg Carle, ‘TPM-based Access Control for the Future Internet’, Network Architectures and Services TechnischeUniversitätMünchen
Xuefeng Liu, Yuqing Zhang, Member, IEEE, Boyang Wang, and Jingbo Yan, ‘Mona: Secure Multi- Owner Data Sharing for Dynamic Groups in the Cloud’, IEEE Transactions On Parallel and Distributed Systems, Vol. 24, No. 6, June 2013.
SushmitaRuj, Member, IEEE, Milos Stojmenovic, Member, IEEE, and AmiyaNayak, Senior Member, IEEE, ‘Decentralized Access Control with Anonymous Authentication of Data Stored in Clouds’, IEEE Transactions On Parallel And Distributed Systems, Vol. 25, No. 2, February 2014.
AyadBarsoum and Anwar Hasan, Senior Member, IEEE, ‘Enabling Dynamic data and indirect mutual trust for cloud computing storage systems’, IEEE Transactions OnParallel And Distributed Systems, Vol. 24, No. 12, December 2013.
Mohamed Nabeel, Member, IEEE, Ning Shang, and Elisa Bertino, Fellow, IEEE ‘Privacy Preserving Policy-Based Content Sharing in Public Clouds’, IEEE Transactions On Knowledge and Data Engineering Vol. 25, No. 11, November 2013.
Lan Zhou, Vijay Varadharajan, and Michael Hitchens, ‘Achieving Secure Role-Based Access Control on Encrypted Data in Cloud Storage’, IEEE Transactions On Information Forensics and Security, Vol. 8, No. 12, December 2013.
Kan Yang, Associate Member, IEEE, XiaohuaJia, Fellow, IEEE, KuiRen, Senior Member, IEEE, Bo Zhang, Member, IEEE, and RuitaoXie, Student Member, IEEE, ‘DAC-MACS: Effective Data Access Control for Multiauthority Cloud Storage Systems’, IEEE Transactions On Information Forensics And Security, Vol. 8, No. 11, November 2013.
Zhiguo Wan, Jun‘e Liu, and Robert H. Deng, Senior Member, IEEE, ‘HASBE: A Hierarchical Attribute-Based Solution for Flexible and Scalable Access Control in Cloud Computing’, IEEE Transactions On Information Forensics and Security, VOL. 7, NO. 2, APRIL 2012.
BRODKIN, J. Loss of customer d.ata spurs closure of online storage service ‘The Linkup’. Network World (August 2008).
CLOIDIFIN.http://community.zdnet.co.uk/blog/0,1000000567,2000625 196b,00.htm?new_comment
Mervat Adib Bamiah, Advanced Informatics School Universiti Teknolog, Malaysia Kuala Lumpur, Sarfraz Nawaz Brohi Advanced Informatics School Universiti Teknologi, Malaysia, Kuala Lumpur, ‘Seven Deadly Threats and Vulnerabilities in Cloud Computing’, International Journal Of Advanced Engineering Sciences and Technilogies, Vol No. 9, Issue No. 1, 087 -- 090, 2011
BjoernWuest, Olaf Drogehorn, KausDavid, ‘Architecture for profile translation’, Supported in part by European Union Information Society Technology, February 04 2005.
R.M. Arlien, B. Jai, M. Jakobsson, F. Monrose, M.C. Reiter, ‘Privacy--preserving global customization’, In Proceedings of the second ACM conference on Electronic commerce, Minneapolis, USA, p.176--184, October 2000.
S.Riche, GBrener, M.Gittler, ‘Client-side ProifleSorage: a means to put user in control’, Public Technical Report. Heweltt Packard Laboratories Grenoble, November 2001.
Jan Janak, Hyunwoo Nam, and Henning Schulzrinne Columbia University, ‘On Access Control in the Internet of Things’, February 15, 2012.
