Privacy-preserving user identity in Identity-as-a-Service

  title={Privacy-preserving user identity in Identity-as-a-Service},
  author={Tri Hoang Vo and Woldemar F. Fuhrmann and Klaus Peter Fischer-Hellmann},
  journal={2018 21st Conference on Innovation in Clouds, Internet and Networks and Workshops (ICIN)},
In Federated Identity Management, providers from different security domains exchange messages containing authentication and authorisation credentials of users. As a result, a user can use his Personal Identifiable Information (PII) from one or more Identity Providers to gain access to other sites. Disseminating PII over intermediaries also requires protecting PII from being misused and unauthorised access. Identity-as-a- Service (IDaaS) provides a federated identity for users to access multiple… 

Figures from this paper

Identity-as-a-Service: An Adaptive Security Infrastructure and Privacy-Preserving User Identity for the Cloud Environment

Identity-as-a-Service (IDaaS) is presented as a trusted Identity and Access Management with two requirements: Firstly, IDaaS adapts trust between cloud services on demand and protects the confidentiality of PII in federated security domains.

Efficient Privacy-preserving User Identity with Purpose-based Encryption

This paper proposes a broader approach to protecting PII that can be easily adapted to existing Identity Management systems and compliant with the General Data Protection Regulation from the European Union and proves that the solution is efficient.

Lightweight and Privacy-Preserving ID-as-a-Service Provisioning in Vehicular Cloud Computing

This paper proposes a lightweight and privacy-preserving IDaaS architecture for VCC named IDaaSoVCC, and demonstrates the security features of this scheme, most notably forward secrecy, confidentiality and identity information privacy.

Automated Trust Negotiation for Cloud Applications in Identity-as-a-Service

A novel trust model that enables a dynamic trust relationship between Cloud services is presented and the complete life cycle of the security infrastructure from the development to the migration across multiple Cloud providers is demonstrated.

Cloud Computing Service Provider Business Model Success Characteristics

The chapter aims to contribute to the emerging research on characteristics of successful business models of cloud computing service providers' business models.

Self-Analysis Technology, Roles, and Cybersecurity in the Virtual Learning Environments

This chapter was completed at the end of the annual CES, Consumer Electronics Show, to assert the influences products displayed at this consumer show will have on future identities of the self among learners and educators.



Privacy-preserving Digital Identity Management for Cloud Computing

This paper proposes an approach addressing digital identity management services requirements based on the use of high-level identity verification policies expressed in terms of identity attributes, zero-knolwedge proof protocols, and semantic matching techniques.

Towards accountable management of identity and privacy: sticky policies and enforceable tracing services

This document describes an innovative approach and related mechanisms to enforce users' privacy by putting users in control and making organizations more accountable that leverages identity-based encryption (IBE) and TCPA technologies.

EASiER: encryption-based access control in social networks with efficient revocation

EASiER is proposed, an architecture that supports fine-grained access control policies and dynamic group membership by using attribute-based encryption and makes it possible to remove access from a user without issuing new keys to other users or re-encrypting existing ciphertexts.

SPICE - Simple Privacy-Preserving Identity-Management for Cloud Environment

SPICE is presented, which aims to be the first digital identity management system that can satisfy unlinkability, delegatable authentication, and other desirable properties of the cloud platform.

A privacy preserving authorisation system for the cloud

Ciphertext-Policy Attribute-Based Encryption

A system for realizing complex access control on encrypted data that is conceptually closer to traditional access control methods such as role-based access control (RBAC) and secure against collusion attacks is presented.

Aggregated Privacy-Preserving Identity Verification for Composite Web Services

An aggregated privacy-preserving identity verification scheme that protects users from privacy disclosure through the adoption of zero-knowledge of proof of knowledge and can dramatically reduce the computation time, independently on the number of identity attributes and component providers.

How to Adapt Authentication and Authorization Infrastructure of Applications for the Cloud

A security topology describes an abstract layer of Authentication and Authorization Infrastructure's components, requirements, and trust relationship between them that preserves the provisioning of AAI across different environments for interoperability, portability, and enables a dynamic trust relationship with other services on demand.