Consolidated Identity Management System for secure mobile cloud computing

Issa Khalil, Abdallah Khreishah, Muhammad Azeem

Research output: Contribution to journalArticle

22 Citations (Scopus)

Abstract

Security issues in cloud computing are shown to be the biggest obstacle that could lower the wide benefits of the cloud systems. This obstacle may be strengthened when cloud services are accessed by mobile devices. Mobile devices could be easily lost or stolen and hence, they are easy to compromise. Additionally, mobile users tend to store access credentials, passwords and other Personal Identifiable Information (PII) in an improperly protected way. We conduct a survey and found that more than 66% of the surveyed users store PIIs in unprotected text files, cookies, or applications. To strengthen the legitimate access process over the clouds and to facilitate authentication and authorization with multiple cloud service providers, third-party Identity Management Systems (IDMs) have been proposed and implemented. In this paper, we discuss the limitations of the state-of-the-art cloud IDMs with respect to mobile clients. Specifically, we show that the current IDMs are vulnerable to three attacks, namely - IDM server compromise, mobile device compromise, and network traffic interception. Most importantly, we propose and validate a new IDM architecture dubbed Consolidated IDM (CIDM) that countermeasures these attacks. We conduct experiments to evaluate the performance and the security guarantees of CIDM and compare them with those of current IDM systems. Our experiments show that CIDM provides its clients with better security guarantees and that it has less energy and communication overhead compared to the current IDM systems.

Original languageEnglish
Pages (from-to)99-110
Number of pages12
JournalComputer Networks
Volume65
DOIs
Publication statusPublished - 2 Jun 2014

Fingerprint

Mobile cloud computing
Mobile devices
Cloud computing
Telecommunication traffic
Authentication
Wireless networks
Servers
Experiments
Communication

Keywords

  • Cloud computing security
  • Identity Management Systems
  • Mobile clients
  • Privacy
  • Security attacks

ASJC Scopus subject areas

  • Computer Networks and Communications

Cite this

Consolidated Identity Management System for secure mobile cloud computing. / Khalil, Issa; Khreishah, Abdallah; Azeem, Muhammad.

In: Computer Networks, Vol. 65, 02.06.2014, p. 99-110.

Research output: Contribution to journalArticle

Khalil, Issa ; Khreishah, Abdallah ; Azeem, Muhammad. / Consolidated Identity Management System for secure mobile cloud computing. In: Computer Networks. 2014 ; Vol. 65. pp. 99-110.
@article{fff54709fb884308bebbe05573dca923,
title = "Consolidated Identity Management System for secure mobile cloud computing",
abstract = "Security issues in cloud computing are shown to be the biggest obstacle that could lower the wide benefits of the cloud systems. This obstacle may be strengthened when cloud services are accessed by mobile devices. Mobile devices could be easily lost or stolen and hence, they are easy to compromise. Additionally, mobile users tend to store access credentials, passwords and other Personal Identifiable Information (PII) in an improperly protected way. We conduct a survey and found that more than 66{\%} of the surveyed users store PIIs in unprotected text files, cookies, or applications. To strengthen the legitimate access process over the clouds and to facilitate authentication and authorization with multiple cloud service providers, third-party Identity Management Systems (IDMs) have been proposed and implemented. In this paper, we discuss the limitations of the state-of-the-art cloud IDMs with respect to mobile clients. Specifically, we show that the current IDMs are vulnerable to three attacks, namely - IDM server compromise, mobile device compromise, and network traffic interception. Most importantly, we propose and validate a new IDM architecture dubbed Consolidated IDM (CIDM) that countermeasures these attacks. We conduct experiments to evaluate the performance and the security guarantees of CIDM and compare them with those of current IDM systems. Our experiments show that CIDM provides its clients with better security guarantees and that it has less energy and communication overhead compared to the current IDM systems.",
keywords = "Cloud computing security, Identity Management Systems, Mobile clients, Privacy, Security attacks",
author = "Issa Khalil and Abdallah Khreishah and Muhammad Azeem",
year = "2014",
month = "6",
day = "2",
doi = "10.1016/j.comnet.2014.03.015",
language = "English",
volume = "65",
pages = "99--110",
journal = "Computer Networks",
issn = "1389-1286",
publisher = "Elsevier",

}

TY - JOUR

T1 - Consolidated Identity Management System for secure mobile cloud computing

AU - Khalil, Issa

AU - Khreishah, Abdallah

AU - Azeem, Muhammad

PY - 2014/6/2

Y1 - 2014/6/2

N2 - Security issues in cloud computing are shown to be the biggest obstacle that could lower the wide benefits of the cloud systems. This obstacle may be strengthened when cloud services are accessed by mobile devices. Mobile devices could be easily lost or stolen and hence, they are easy to compromise. Additionally, mobile users tend to store access credentials, passwords and other Personal Identifiable Information (PII) in an improperly protected way. We conduct a survey and found that more than 66% of the surveyed users store PIIs in unprotected text files, cookies, or applications. To strengthen the legitimate access process over the clouds and to facilitate authentication and authorization with multiple cloud service providers, third-party Identity Management Systems (IDMs) have been proposed and implemented. In this paper, we discuss the limitations of the state-of-the-art cloud IDMs with respect to mobile clients. Specifically, we show that the current IDMs are vulnerable to three attacks, namely - IDM server compromise, mobile device compromise, and network traffic interception. Most importantly, we propose and validate a new IDM architecture dubbed Consolidated IDM (CIDM) that countermeasures these attacks. We conduct experiments to evaluate the performance and the security guarantees of CIDM and compare them with those of current IDM systems. Our experiments show that CIDM provides its clients with better security guarantees and that it has less energy and communication overhead compared to the current IDM systems.

AB - Security issues in cloud computing are shown to be the biggest obstacle that could lower the wide benefits of the cloud systems. This obstacle may be strengthened when cloud services are accessed by mobile devices. Mobile devices could be easily lost or stolen and hence, they are easy to compromise. Additionally, mobile users tend to store access credentials, passwords and other Personal Identifiable Information (PII) in an improperly protected way. We conduct a survey and found that more than 66% of the surveyed users store PIIs in unprotected text files, cookies, or applications. To strengthen the legitimate access process over the clouds and to facilitate authentication and authorization with multiple cloud service providers, third-party Identity Management Systems (IDMs) have been proposed and implemented. In this paper, we discuss the limitations of the state-of-the-art cloud IDMs with respect to mobile clients. Specifically, we show that the current IDMs are vulnerable to three attacks, namely - IDM server compromise, mobile device compromise, and network traffic interception. Most importantly, we propose and validate a new IDM architecture dubbed Consolidated IDM (CIDM) that countermeasures these attacks. We conduct experiments to evaluate the performance and the security guarantees of CIDM and compare them with those of current IDM systems. Our experiments show that CIDM provides its clients with better security guarantees and that it has less energy and communication overhead compared to the current IDM systems.

KW - Cloud computing security

KW - Identity Management Systems

KW - Mobile clients

KW - Privacy

KW - Security attacks

UR - http://www.scopus.com/inward/record.url?scp=84897983792&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84897983792&partnerID=8YFLogxK

U2 - 10.1016/j.comnet.2014.03.015

DO - 10.1016/j.comnet.2014.03.015

M3 - Article

AN - SCOPUS:84897983792

VL - 65

SP - 99

EP - 110

JO - Computer Networks

JF - Computer Networks

SN - 1389-1286

ER -