Integrating OpenID with Proxy Re-Encryption to enhance privacy in cloud-based identity services

TitleIntegrating OpenID with Proxy Re-Encryption to enhance privacy in cloud-based identity services
Publication TypeConference Paper
Year of Publication2012
AuthorsD. Nuñez, I. Agudo, and J. Lopez
Conference NameIEEE CloudCom 2012
Pagination241 - 248
Date PublishedDec 2012
PublisherIEEE Computer Society
Conference LocationTaipei, Taiwan
ISBN Number978-1-4673-4511-8
ISSN Number978-1-4673-4509-5
KeywordsCloud Computing, Cryptography, identity management, OpenID, privacy, proxy re-encryption

The inclusion of identity management in the cloud computing landscape represents a new business opportunity for providing what has been called Identity Management as a Service (IDaaS). Nevertheless, IDaaS introduces the same kind of problems regarding privacy and data confidentiality as other cloud services; on top of that, the nature of the outsourced information (users’ identity) is critical. Traditionally, cloud services (including IDaaS) rely only on SLAs and security policies to protect the data, but these measures have proven insufficient in some cases; recent research has employed advanced cryptographic mechanisms as an additional safeguard. Apart from this, there are several identity management schemes that could be used for realizing IDaaS systems in the cloud; among them, OpenID has gained crescent popularity because of its open and decentralized nature, which makes it a prime candidate for this task. In this paper we demonstrate how a privacy-preserving IDaaS system can be implemented using OpenID Attribute Exchange and a proxy re-encryption scheme. Our prototype enables an identity provider to serve attributes to other parties without being able to read their values. This proposal constitutes a novel contribution to both privacy and identity management fields. Finally, we discuss the performance and economical viability of our proposal.

Citation Keynunez2012integrating
Paper File:

Supported by