Towards Distributed Privacy-Preserving Mobile Access ... - IEEE Xplore

6 downloads 222 Views 648KB Size Report
worldwide due to the emerging high speed wireless Internet and the proliferation ... identities has sparked a lot of interest in both industry and academia, as they ...
Globecom 2014 - Communication and Information System Security Symposium

Towards Distributed Privacy-Preserving Mobile Access Control Zhijie Wang, Dijiang Huang, Huijun Wu, Bing Li, Yuli Deng Arizona State University, Tempe, USA {wangzj, dijiang, huijun.wu, bingli5, yuli.deng}@asu.edu

Abstract—The mobile marketing is growing exponentially worldwide due to the emerging high speed wireless Internet and the proliferation of smartphones with powerful processors. Consequently, the management of the massive volume of mobile identities has sparked a lot of interest in both industry and academia, as they turn out to be a heavy burden for many mobile application startups. The conventional federated identity management technologies have been developed to delegate the users’ identity tasks across different security domains to reduce the burden over the identity service consumers (i.e., Relying Party). However, they also raises serious security and privacy issues, such as the vulnerability to Single Point of Failure (SPOF) and the privacy leakage with respect to users’ historical access information. To address these issues, we architect a novel Distributed Privacy-preserving Mobile Access Control (DP-MAC) framework. This framework also leverages a dual-root trust model to prevent identity theft in case of mobile device loss. In the end, we give performance evaluation and prove its applicability by implementing our system in the Cloud Computing platform and android smartphones based on jPBC in real-world settings.

I. I NTRODUCTION The fast-growing online applications and services for smartphones boost the online setup of mobile identities, and large quantities of identity setups have proven to be a financial and management burden for many start-up entrepreneurs. On one hand, since smartphones store tremendous personal information about the individual users, the management of mobile identities must be handled with extreme caution as it is often related to personal proprietary resources. On the other hand, there is a rising demand on an open and federated mobile identity management system to facilitate the access control of resource sharing between collaborating parties across heterogeneous security domains. Therefore, these factors necessitate an open, comprehensive and secure mobile access control system whereby different mobile service providers can outsource the access control tasks and reduce the management cost. A natural approach to address this problem is to leverage the existing federated identity management framework based on the concept of Identity-as-a-Service (IDaaS). The federated identity management frameworks built on IDaaS, such as OpenID [1], emerges as widely-accepted solutions to integrate multiple identity service providers and consumers together. The OpenID is an open standard for authentication delegation. It architects a framework in which the Identity Provider (IdP) acts as a centralized authority by holding the identities and credentials of the End Users (EU). When the EU interacts with

978-1-4799-3512-3/14/$31.00 ©2014 IEEE

the Relying Party (RP)(e.g., a website or application), the RP delegates the authentication process to the IdP. However, it is prone to several security attacks. First of all, the IdP could be Honest-But-Curious (HBC) and it can easily invade EU’s privacy, because the IdP will know all the RPs that the EU has been trying to log into, since the RPs have to delegate the authentication requests to the IdP, and the RPs need to directly communicate and verify with the IdP. Second, OpenID is vulnerable to SPOF. A single IdP can become the central axis by undertaking the authentication tasks for numerous RPs and EUs, and the crash of this IdP will imperil all the related authentication and access control processes. Worse still, once the IdP is compromised, all the EUs’ credentials stored on this IdP are exposed to the attacker. Last but not the least, the malicious RP can launch a phishing attack by directing the EU to a bogus authentication webpage of a fake IdP. To address the issues stated above, we propose a novel Distributed Privacy-preserving Mobile Access Control (DPMAC) framework based on the integration of decentralized Attribute-Based Encryption (DABE) [2] and Identity-Based Encryption (IBE) [3]. In DP-MAC, the Service Provider (SP) can create different access policies and dynamically select multiple IdPs to undertake the tasks for mobile access control whereby the SPOF issue can be solved. In addition, the IdPs are prevented from tracking the mobile users’ historic access to SPs, because the IdPs are not allowed to directly communicate with the SPs and they cannot infer which SP the user is trying to log in. A side benefit is that the phishing attack is eliminated as there is no webpage redirection. Moreover, the system utilizes the Dual-Root Trust (DRT) model wherein the Mobile User (MU) splits her secret credential into two parts, and stores them on the mobile device and the usercentric Mobile Cloud (MC) respectively. Note that different users can freely select different cloud providers (e.g., Amazon EC2, Microsoft Azure) to be the MC and store their credential part, such that compromising any cloud platform has no impact on the users on other cloud platforms and SPOF is mitigated accordingly. Hence, the loss of mobile device does not cause identity theft, since both parts are indispensable to validate the user in the process of mobile access control. Additionally, the major computation cost is shifted from the resourceconstrained mobile device to MC as a result. To sum up, our contributions are four-fold as follows:

582



We architect a new distributed framework with dual-

Globecom 2014 - Communication and Information System Security Symposium







ŝƐƚƌŝďƵƚĞĚWŽŐŝŶZĞƋƵĞƐƚ

DŽďŝůĞ

In DP-MAC, the mobile users can use credentials from multiple identity providers without disclosing their historical access information of application services to the identity providers. It utilizes a decentralized architecture as illustrated in Figure 1, and consists of five components as follows:



/ĚWŵ

ŽŶƚƌŽů

͙͘͘͘

ϲͲ'ĞŶZĞƐƉŽŶƐĞdž

ϲ

ϳͲ'ĞŶZĞƐƉŽŶƐĞ ϴͲsĞƌŝĨŝĐĂƚŝŽŶ ϳ ŝƐƚƌŝďƵƚĞĚ D Ϯ

ϰ

ϯ

ϴ ϱ ^W

Fig. 1: The Architecture of DP-MAC

A. System Model



/ĚWϭ

ϱͲ'ĞŶŚĂůůĞŶŐĞ ĐĐĞƐƐ

Dh

In this section, we presents the system model of DP-MAC and adversary model as well as cryptographic preliminaries.



ϭ

ϰͲ'ĞŶdŽŬĞŶ

II. T HE DP-MAC F RAMEWORK D ESIGN AND P RELIMINARIES



^LJƐƚĞŵ ^ĞƚƵƉ

ϮͲDhZĞŐŝƐƚĞƌ

The remainder of this paper is organized as follows. Section II describes the system model and security requirements. Section III provides the detailed construction of DP-MAC based on cryptographic operations. Section IV gives the performance evaluation and security analysis. Section V discusses the related work, and conclusions are given in section VI.



W