Secure Cloud Identity Wallet



Similar documents
PRISMACLOUD. Privacy and Security Maintaining Services in the Cloud Thomas Loruenser AIT Austrian Institute of Technology GmbH

Network Security Protocols

Research and Innovation Challenges in Data Protection, Security and Privacy in the Cloud: Map of synergies of the clustered projects Version 2.

Current Research- Cloud Computing and E-Government

D . A reliable and secure online communication platform. Armin Wappenschmidt (secunet) More information:

EU Threat Landscape Threat Analysis in Research ENISA Workshop Brussels 24th February 2015

Privacy and security in the cloud

Understanding Digital Certificates and Wireless Transport Layer Security (WTLS)

Sicherheitsaspekte des neuen deutschen Personalausweises

Software and Cloud Security

Cloud Computing and Data Protection Compliance - Experiences from Norway

Chapter 1: Introduction

Electronic Voting Protocol Analysis with the Inductive Method

Key & Data Storage on Mobile Devices

FIDO Trust Requirements

Resolution Database Privacy preserving based Single-Signon

Sometimes it's better to be STUCK! SAML Transportation Unit for Cryptographic Keys

FIDO Modern Authentication Rolf Lindemann, Nok Nok Labs

Federal Identity, Credential, and Access Management Trust Framework Solutions. Overview

INTRODUCTION AND HISTORY

Digital identity: Toward more convenient, more secure online authentication

TrustedX: eidas Platform

Combined Proxy Re-Encryption

Security and Privacy in IoT Challenges to be won

Data Protection: From PKI to Virtualization & Cloud

Introducing Federated Identities to One-Stop-Shop e-government Environments: The Greek Case

eid and ebanking: get your bank account in Minutes through an online portal!

eidas as blueprint for future eid projects cryptovision mindshare 2015 HJP Consulting Holger Funke

SECURELY CONNECTING INSTANT MESSAGING SYSTEMS FOR AD HOC NETWORKS TO SERVER BASED SYSTEMS

World Summit on Information Society (WSIS) Forum May 2013

Device-Centric Authentication and WebCrypto

E-Democracy and e-voting

Security of smart grid communication protocols

Data Privacy in the Cloud E-Government Perspective

Encryption-based 2FA for Server-side Qualified Signature Creation

Attestation and Authentication Protocols Using the TPM

Data Security Using Reliable Re-Encryption in Unreliable Cloud

Scalable Authentication

HIPAA: Briefing for Healthcare IT Security Personnel. Market Overview: HIPAA: Privacy Security and Electronic Transaction Standards

SMART FRAME- AN EFFICIENT SECURITY FRAMEWORK FOR BIG DATA MANAGEMENT SCHEME ON CLOUD

Secure Data Sharing and Processing in Heterogeneous Clouds. Bojan Suzic, Graz University of Technology

Security and Privacy in Cloud Computing

Security Model in E-government with Biometric based on PKI

An Efficient Security Based Multi Owner Data Sharing for Un-Trusted Groups Using Broadcast Encryption Techniques in Cloud

Mobile Connect & FIDO

Privacy and Identity Management for Europe

Cloud for Europe trusted Cloud Services for the European market for public administrations

Global eid Developments. Detlef Eckert Chief Security Advisor Microsoft Europe, Middle East, and Africa

A Privacy-Preserving eid based Single Sign-On Solution

The Austrian Citizen Card

June 5, 2013 Ken Klingenstein. Identity Management, the Cloud, NSTIC and Accessibility

An Overview of Cloud Identity Management-Models

Associate Prof. Dr. Victor Onomza Waziri

A NOVEL APPROACH FOR MULTI-KEYWORD SEARCH WITH ANONYMOUS ID ASSIGNMENT OVER ENCRYPTED CLOUD DATA

Angel Dichev RIG, SAP Labs

Secure Hardware-Based Public Cloud Storage

Understanding Digital Certificates and Secure Sockets Layer (SSL)

The Castelfranco Charter. Recommendations for users of e-health in cloud computing

A Federated Cloud Identity Broker-Model for Enhanced Privacy via Proxy Re-Encryption

ECE 646, CRYPTOGRAPHY PROJECT SPECIFICATION GEORGE MASON UNIVERSITY FALL, 2013

m Commerce Working Group

MOBILITY. Transforming the mobile device from a security liability into a business asset. pingidentity.com

INTEGRATION GUIDE MS OUTLOOK 2003 VERSION 2.0

Public Key Infrastructure. A Brief Overview by Tim Sigmon

INTERNATIONAL JOURNAL OF PURE AND APPLIED RESEARCH IN ENGINEERING AND TECHNOLOGY

Whitepaper on identity solutions for mobile devices

Enterprise Security Management CheckPoint SecuRemote VPN v4.0 for pcanywhere

How To Encrypt Data With Encryption

Healthcare Compliance Solutions

ISO/IEC for secure mobile web applications

I. Introduction to Privacy: Common Principles and Approaches

The Austrian Citizen Card

Standards for Identity & Authentication. Catherine J. Tilton 17 September 2014

Entrust Managed Services PKI. Getting started with digital certificates and Entrust Managed Services PKI. Document issue: 1.0

Value of Trusted Cloud for e-health

IT-Security All safe and sound?

Matthias Hauss- SRC Security Research & Consulting GmbH October PCI DSS Requirements in the Context of European Data Protection Law

Securing Data on Microsoft SQL Server 2012

Providing Data Protection as a Service in Cloud Computing

SECURITY AND REGULATORY COMPLIANCE OVERVIEW

A Study on Secure Electronic Medical DB System in Hospital Environment

Sharing Of Multi Owner Data in Dynamic Groups Securely In Cloud Environment

Round Table Report. 1 April 2015, Brussels

w w w. e l o c k. c o m

A REVIEW ON ENHANCING DATA SECURITY IN CLOUD COMPUTING USING RSA AND AES ALGORITHMS

Public Key Applications & Usage A Brief Insight

trust and confidence "draw me a sheep" POLICY AND REGULATION FOR EUROPE

Rights Management Services

Credibly secure cloud storage with elfcloud

Cloud Computing and Government Services August 2013 Serdar Yümlü SAMPAŞ Information & Communication Systems

What s it all about? SAFE-BioPharma Association

MS-55096: Securing Data on Microsoft SQL Server 2012

BSBEBUS520A Manage online payments systems

Semi-Trusted Authentication for Health Data in Cloud

Opportunities for Online Banking epayments Innovating esepa beyond the end date

Odyssey Access Client FIPS Edition

Mobility, Security and Trusted Identities: It s Right In The Palm of Your Hands. Ian Wills Country Manager, Entrust Datacard

Mobile OTPK Technology for Online Digital Signatures. Dec 15, 2015

Online Identity Attribute Exchange Initiatives

Smart Card Solutions: Bringing Value to Citizens

Transcription:

1 CREDENTIAL Secure Cloud Identity Wallet DS-02-2014 Dr. Arne Tauber u

2 CREDENTIAL Research Project Call: H2020-DS-2014-1 Acronym: CREDENTIAL Type of Action: IA Number: 653454 Partners: 12 Duration: 36 months Start Date: 10/2015 Estimated Project Cost: approx. 6.5M Euro Requested EU Contribution: approx. 6M Euro Coordinator: Austrian Institute of Technology GmbH Technical Coordinator: Graz University of Technology

3 Agenda Challenges for Cloud Identity Management (Security) Objectives Approach / Methodology Innovation Demonstration (Pilots)

4 Challenges for Cloud Identity Management Identity and access management (IAM) towards cloud steadily growing For private sector already a big market Facebook, Google, Microsoft, Salesforce, Public sector more reserved Legal regulations, e-government data protection standards Identity data is a critical information asset Data accessible by cloud service provider Owner not in full control of data E2E encryption for cloud identity data needed

5 Security objectives / goals Guarantee that identity data in the cloud maintains confidentiality, integrity and authenticity; Data can be re-encrypted but not be accessed by the cloud identity provider hosting the data; Users shall have fine-grained control over the release and transfer of their identity data; Reveal minimum information about users (data minimisation); Protected identity data may only be accessed through strong authentication mechanisms; User-friendliness shall be ensured without lowering security requirements.

6 Approach Develop an architecture for secure and user-friendly cloud identity data access management Confidentiality / Authenticity Securely store and process identity data in the cloud Proxy Re-Encryption, Signature schemes (authenticity) Honest but curious cloud service provider Selective disclosure Strong authentication Strong authentication towards the cloud Bind authentication to identity data decryption Federation / FIDO (UAF, U2F), HW-based authentication

7 Approach (2) Make it available, usable and push it to market-readiness Security by design / Holistic security model Enhance existing protocols Verification of identity data processing Human centered design approach Consistent user experience Seamless integration Pilot, test, evaluate and make it economically relevant Evaluate the technology in three pilot areas Standardization New business models for cloud identity management

8 Innovation The main idea and ambition of CREDENTIAL is to enable end-to-end security and improved privacy in cloud identity management services for managing secure access control. This is achieved by advancing novel cryptographic technologies and improving strong authentication mechanisms. Advance novel cryptography to enable advanced trust models Strong authentication to the cloud Holistic privacy models and methods for user protection and secure data sharing Dedicated usability and HCI models for wide user adoption and maximum impact Secure, efficient and portable implementation of components and protocols Piloting and testing on a European scale

9 Demonstration e-government pilot Italy Lombardy Region SP for public administration Wallet for employees and citizens e-health pilot German partners Quantified self / Medical patient data store e-business pilot InfoCert LegalCloud trust services Cloud identity provider for public and private sector

10 CREDENTIAL Partners

11 Contact Technical coordinator: Dr. Arne Tauber Arne.Tauber@iaik.tugraz.at Project coordinator: Thomas Lorünser Thomas.loruenser@ait.ac.at LinkedIn: https://at.linkedin.com/pub/credential-project/b5/a6/92

12 Project overall goals vs. results

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information