Token-based identity management in the distributed cloud
- URL: http://arxiv.org/abs/2410.21865v1
- Date: Tue, 29 Oct 2024 09:00:01 GMT
- Title: Token-based identity management in the distributed cloud
- Authors: Ivana Kovacevic, Tamara Rankovic, Milan Stojkov, Milos Simic,
- Abstract summary: This research paper centres on identity management in distributed environments.
The paper concentrates on implementing robust security paradigms to minimise communication overhead among services.
The proposed solution incorporates an Identity and Access Management server as a component that authenticates all external requests.
- Score: 0.0
- License: http://creativecommons.org/licenses/by/4.0/
- Abstract: The immense shift to cloud computing has brought changes in security and privacy requirements, impacting critical Identity Management services. Currently, many IdM systems and solutions are accessible as cloud services, delivering identity services for applications in closed domains and the public cloud. This research paper centres on identity management in distributed environments, emphasising the importance of robust up to date authorisation mechanisms. The paper concentrates on implementing robust security paradigms to minimise communication overhead among services while preserving privacy and access control. The key contribution focuses on solving the problem of restricted access to resources in cases when the authentication token is still valid, but permissions are updated. The proposed solution incorporates an Identity and Access Management server as a component that authenticates all external requests. The IAM server key responsibilities include maintaining user data, assigning privileges within the system, and authorisation. Furthermore, it empowers users by offering an Application Programming Interface for managing users and their rights within the same organisation, providing finer granularity in authorisation. The IAM server has been integrated with a configuration dissemination tool designed as a distributed cloud infrastructure to evaluate the solution.
Related papers
- Establishing Workload Identity for Zero Trust CI/CD: From Secrets to SPIFFE-Based Authentication [0.0]
CI/CD systems have become privileged automation agents in modern infrastructure, but their identity is still based on secrets or temporary credentials passed between systems.
This paper describes the shift from static credentials to OpenID Connect (OIDC) federation, and introduces SPIFFE as a platform-neutral identity model for non-human actors.
arXiv Detail & Related papers (2025-04-20T23:06:03Z) - Trusted Identities for AI Agents: Leveraging Telco-Hosted eSIM Infrastructure [0.0]
We propose a conceptual architecture that leverages telecom-grade eSIM infrastructure.
Rather than embedding SIM credentials in hardware devices, we envision a model where telcos host secure, certified hardware modules.
This paper is intended as a conceptual framework to open discussion around standardization, security architecture, and the role of telecom infrastructure in the evolving agent economy.
arXiv Detail & Related papers (2025-04-17T15:36:26Z) - Progent: Programmable Privilege Control for LLM Agents [46.49787947705293]
We introduce Progent, the first privilege control mechanism for LLM agents.
At its core is a domain-specific language for flexibly expressing privilege control policies applied during agent execution.
This enables agent developers and users to craft suitable policies for their specific use cases and enforce them deterministically to guarantee security.
arXiv Detail & Related papers (2025-04-16T01:58:40Z) - 2FA: Navigating the Challenges and Solutions for Inclusive Access [55.2480439325792]
Two-Factor Authentication (2FA) has emerged as a critical solution to protect online activities.
This paper examines the intricacies of deploying 2FA in a way that is secure and accessible to all users.
An analysis was conducted to examine the implementation and availability of various 2FA methods across popular online platforms.
arXiv Detail & Related papers (2025-02-17T12:23:53Z) - Combined Hyper-Extensible Extremely-Secured Zero-Trust CIAM-PAM architecture [0.0]
This paper introduces the Combined Hyper-Extensible Extremely-Secured Zero-Trust (CHEZ) CIAM-PAM architecture.
The framework addresses critical security gaps by integrating password-less authentication, adaptive multi-factor authentication, microservice-based PEP, multi-layer RBAC and multi-level trust systems.
It also includes end-to-end data encryption, and seamless integration with state-of-the-art AI-based threat detection systems.
arXiv Detail & Related papers (2025-01-03T09:49:25Z) - Towards an identity management solution on Arweave [0.0]
This paper explores the potential of using Arweave network to develop an identity management solution.
By harnessing Arweave's permanent storage, our solution offers users Self-Sovereign Identity (SSI) framework.
arXiv Detail & Related papers (2024-12-18T14:01:31Z) - Balancing Confidentiality and Transparency for Blockchain-based Process-Aware Information Systems [46.404531555921906]
We propose an architecture for blockchain-based PAISs aimed at preserving both confidentiality and transparency.
Smart contracts enact, enforce and store public interactions, while attribute-based encryption techniques are adopted to specify access grants to confidential information.
arXiv Detail & Related papers (2024-12-07T20:18:36Z) - Authentication and identity management based on zero trust security model in micro-cloud environment [0.0]
The Zero Trust framework can better track and block external attackers while limiting security breaches resulting from insider attacks in the cloud paradigm.
This paper focuses on authentication mechanisms, calculation of trust score, and generation of policies in order to establish required access control to resources.
arXiv Detail & Related papers (2024-10-29T09:06:13Z) - Histrio: a Serverless Actor System [44.99833362998488]
Histrio is a programming model and execution environment that simplifies the development of stateful applications.
It lifts concerns such as state management, database interaction, and programming handling from developers.
It guarantees exactly-once-processing consistency, meaning that the application always behaves as if any interaction with external clients was processed once and only once.
arXiv Detail & Related papers (2024-10-29T06:58:56Z) - Attribute-Based Authentication in Secure Group Messaging for Distributed Environments [2.254434034390528]
Messaging Layer security (MLS) and its underlying Continuous Group Key Agreement protocol allow a group of users to share a cryptographic secret in a dynamic manner.
The use of digital certificates for authentication in a group goes against the group members' privacy.
We provide an alternative method of authentication in which the solicitors, instead of revealing their identity, only need to prove possession of certain attributes.
arXiv Detail & Related papers (2024-05-20T14:09:28Z) - Securing the Open RAN Infrastructure: Exploring Vulnerabilities in Kubernetes Deployments [60.51751612363882]
We investigate the security implications of and software-based Open Radio Access Network (RAN) systems.
We highlight the presence of potential vulnerabilities and misconfigurations in the infrastructure supporting the Near Real-Time RAN Controller (RIC) cluster.
arXiv Detail & Related papers (2024-05-03T07:18:45Z) - Mitigating Data Sharing in Public Cloud using Blockchain [0.0]
We propose a secure data ecosystem in the cloud with the key aspects being Data Rights, Data Sharing, and Data Validation.
This will ensure that existing public cloud-based systems can easily deploy blockchain enhancing trustworthiness and non-repudiation of cloud data.
arXiv Detail & Related papers (2024-04-21T13:12:44Z) - HasTEE+ : Confidential Cloud Computing and Analytics with Haskell [50.994023665559496]
Confidential computing enables the protection of confidential code and data in a co-tenanted cloud deployment using specialized hardware isolation units called Trusted Execution Environments (TEEs)
TEEs offer low-level C/C++-based toolchains that are susceptible to inherent memory safety vulnerabilities and lack language constructs to monitor explicit and implicit information-flow leaks.
We address the above with HasTEE+, a domain-specific language (cla) embedded in Haskell that enables programming TEEs in a high-level language with strong type-safety.
arXiv Detail & Related papers (2024-01-17T00:56:23Z) - A Universal System for OpenID Connect Sign-ins with Verifiable
Credentials and Cross-Device Flow [4.006745047019997]
Self-Sovereign Identity (SSI) is a new and promising identity management paradigm.
We propose a comparatively simple system that enables SSI-based sign-ins for services that support the widespread OpenID Connect or OAuth 2.0 protocols.
arXiv Detail & Related papers (2024-01-16T16:44:30Z) - The Security and Privacy of Mobile Edge Computing: An Artificial Intelligence Perspective [64.36680481458868]
Mobile Edge Computing (MEC) is a new computing paradigm that enables cloud computing and information technology (IT) services to be delivered at the network's edge.
This paper provides a survey of security and privacy in MEC from the perspective of Artificial Intelligence (AI)
We focus on new security and privacy issues, as well as potential solutions from the viewpoints of AI.
arXiv Detail & Related papers (2024-01-03T07:47:22Z) - Combining Decentralized IDentifiers with Proof of Membership to Enable Trust in IoT Networks [44.99833362998488]
The paper proposes and discusses an alternative (mutual) authentication process for IoT nodes under the same administration domain.
The main idea is to combine the Decentralized IDentifier (DID)-based verification of private key ownership with the verification of a proof that the DID belongs to an evolving trusted set.
arXiv Detail & Related papers (2023-10-12T09:33:50Z) - Blockchain-enabled Data Governance for Privacy-Preserved Sharing of Confidential Data [1.6006586061577806]
We propose a blockchain-based data governance system that employs attribute-based encryption to prevent privacy leakage and credential misuse.
First, our ABE encryption system can handle multi-authority use cases while protecting identity privacy and hiding access policy.
Second, applying the Advanced Encryption Standard (AES) for data encryption makes the whole system efficient and responsive to real-world conditions.
arXiv Detail & Related papers (2023-09-08T05:01:59Z) - Privacy-Preserving Joint Edge Association and Power Optimization for the
Internet of Vehicles via Federated Multi-Agent Reinforcement Learning [74.53077322713548]
We investigate the privacy-preserving joint edge association and power allocation problem.
The proposed solution strikes a compelling trade-off, while preserving a higher privacy level than the state-of-the-art solutions.
arXiv Detail & Related papers (2023-01-26T10:09:23Z) - A Privacy-Preserving Distributed Architecture for
Deep-Learning-as-a-Service [68.84245063902908]
This paper introduces a novel distributed architecture for deep-learning-as-a-service.
It is able to preserve the user sensitive data while providing Cloud-based machine and deep learning services.
arXiv Detail & Related papers (2020-03-30T15:12:03Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.