Next Article in Journal
Enhancing IoT Data Dependability through a Blockchain Mirror Model
Previous Article in Journal
Convolutional Two-Stream Network Using Multi-Facial Feature Fusion for Driver Fatigue Detection
Previous Article in Special Issue
Ant Colony Optimization Task Scheduling Algorithm for SWIM Based on Load Balancing
Article Menu
Issue 5 (May) cover image

Export Article

Open AccessArticle

Identity-as-a-Service: An Adaptive Security Infrastructure and Privacy-Preserving User Identity for the Cloud Environment

1
Department of Computer Science, University of Applied Sciences Darmstadt, 64295 Darmstadt, Germany
2
Digamma GmbH, 64367 Darmstadt, Germany
3
Centre for Security, Communications & Network Research, University of Plymouth, Plymouth PL4 8AA, UK
4
Centre for Research in Information and Cyber Security, Nelson Mandela University, Port Elizabeth 6031, South Africa
*
Author to whom correspondence should be addressed.
Future Internet 2019, 11(5), 116; https://doi.org/10.3390/fi11050116
Received: 12 March 2019 / Revised: 5 May 2019 / Accepted: 8 May 2019 / Published: 15 May 2019
(This article belongs to the Special Issue Security and Privacy in Information and Communication Systems)
  |  
PDF [6074 KB, uploaded 15 May 2019]
  |  

Abstract

In recent years, enterprise applications have begun to migrate from a local hosting to a cloud provider and may have established a business-to-business relationship with each other manually. Adaptation of existing applications requires substantial implementation changes in individual architectural components. On the other hand, users may store their Personal Identifiable Information (PII) in the cloud environment so that cloud services may access and use it on demand. Even if cloud services specify their privacy policies, we cannot guarantee that they follow their policies and will not (accidentally) transfer PII to another party. In this paper, we present Identity-as-a-Service (IDaaS) as a trusted Identity and Access Management with two requirements: Firstly, IDaaS adapts trust between cloud services on demand. We move the trust relationship and identity propagation out of the application implementation and model them as a security topology. When the business comes up with a new e-commerce scenario, IDaaS uses the security topology to adapt a platform-specific security infrastructure for the given business scenario at runtime. Secondly, we protect the confidentiality of PII in federated security domains. We propose our Purpose-based Encryption to protect the disclosure of PII from intermediary entities in a business transaction and from untrusted hosts. Our solution is compliant with the General Data Protection Regulation and involves the least user interaction to prevent identity theft via the human link. The implementation can be easily adapted to existing Identity Management systems, and the performance is fast. View Full-Text
Keywords: identity-as-a-service; federated identity management; privacy-preserving; purpose-based encryption; purpose-based access control; attribute-based encryption; cloud adaptation; cloud migration identity-as-a-service; federated identity management; privacy-preserving; purpose-based encryption; purpose-based access control; attribute-based encryption; cloud adaptation; cloud migration
Figures

Figure 1

This is an open access article distributed under the Creative Commons Attribution License which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited (CC BY 4.0).
SciFeed

Share & Cite This Article

MDPI and ACS Style

Vo, T.H.; Fuhrmann, W.; Fischer-Hellmann, K.-P.; Furnell, S. Identity-as-a-Service: An Adaptive Security Infrastructure and Privacy-Preserving User Identity for the Cloud Environment. Future Internet 2019, 11, 116.

Show more citation formats Show less citations formats

Note that from the first issue of 2016, MDPI journals use article numbers instead of page numbers. See further details here.

Related Articles

Article Metrics

Article Access Statistics

1

Comments

[Return to top]
Future Internet EISSN 1999-5903 Published by MDPI AG, Basel, Switzerland RSS E-Mail Table of Contents Alert
Back to Top