Word Files
Reference for Downloading Educational Files
  2. IT Information Technology Engineering
  3. Improving information security in cloud computing using the SAML standard

Improving information security in cloud computing using the SAML standard

Number of pages: 104 File Format: word File Code: 31040
Year: 2014 University Degree: Master's degree Category: IT Information Technology Engineering
Tags/Keywords: central identity - cloud computing - cloud computing - Data sensitivity - Information security - Information security in cloud computing - Management of information systems - SAML standard
  • Part of the Content
  • Contents & Resources

  • Summary of Improving information security in cloud computing using the SAML standard

    Master's Thesis of Information Technology Engineering, Information Systems Management

    Abstract

    The world of internet and computer is becoming more complex and evolving every day. One of the products of this evolution is cloud computing. Due to this issue, data sensitivity and information privacy seriously become an important concern for organizations. Companies pay special attention to software service providers (ASPs) or software as a service (SaaS) vendors to provide specialized web-based services, which reduce costs and provide specific and focused applications to users. This approach eliminates the complexity of designing, installing, configuring, expanding, and supporting the system by internal resources, which provides many benefits to organizations.

    Organizations have recently been using central authentication sources for internal applications and web-based portals for most of their operations. Single sign-on authentication, when properly configured, provides strong security in the sense that users do not need to write down and remember passwords for different systems. It also makes it easier to manage and audit users. This problem can be solved by using a standard to authenticate information for exchange on the Internet. The Security Proof Markup Language provides a secure, XML-based solution for exchanging user information between identity providers (organizations) and service providers (ASPs or SaaS). The Security Proof Markup Language standard defines rules and syntactic commands for information exchange, at the same time it is flexible and allows the transfer of customized data to the external service provider.

    In this thesis, it is tried to make the best use of the advantages of cloud computing and single sign-on and use it to improve single sign-on systems and specifically for single sign-on using the Security Proof Markup Language standard. For this purpose, the related basic concepts and definitions including cloud computing, security proof markup language, authentication and single sign-on have been studied. Then, a short review on authentication methods has been done in order to provide a better, more complete model that fits what is needed. Also, a number of models presented for each of the above topics and the combination of these topics have been examined. By combining and summarizing the obtained methods and information, a model for single sign-on based on cloud computing using security proof markup language has been proposed and simulated in order to help the single sign-on process in user authentication. Finally, after stating the advantages of the proposed model, possible problems are examined and suggestions are made to solve these problems as well as future studies. Keywords: In Persian: Information security in cloud computing, security proof markup language in cloud computing In Latin: Information security in cloud computing, SAML in cloud computing

    Chapter One

    Introduction

     

    Introduction

    The world of information technology is expanding day by day. About 72 years have passed since computers entered human life. During these years, the thirst for progress has led to the emergence of new technologies. Also, not much time has passed since the internet has been available to users. The Internet has brought about a tremendous change in the exchange of information. Of course, at that time, no one thought that one day the Internet could be used as a powerful processing system in addition to information exchange. But nowadays, many processes are done by servers. The basic concepts of cloud computing have been developed since 1162 AD. But cloud computing as we currently know it and available to everyone has been used by Amazon since 2226. Cloud computing is an old idea of ??computing resources that has been used as a tool. Cloud computing is Internet-based computing that provides shared resources, software and information, for computers and devices on demand. Cloud computing allows people to share distributed resources and services. Therefore, cloud computing uses distributed resources in an open environment.. As a result, it provides security and assurance for data sharing in the development of cloud computing applications.

    Data sensitivity and information privacy are increasingly becoming an area of ??concern for organizations. Aspects of authentication and proof of identity include the use, maintenance and protection of information collected for users. Preventing unauthorized access to information resources in the cloud is also an important factor. As web services become more common, businesses are looking to offer hybrid services to customers who share them. This process is a difficult responsibility for customers who must remember different usernames and passwords and maintain different reservations on different web browser sections with non-uniform user interfaces indicating different reservation statuses [1, 2 and 3].

    Security Proof Markup Language[1] is a standard for secure single-user login to the web, first introduced in January 2001 by the Information Standards Development Organization. A structured framework was introduced and an extensible markup language-based framework was used for authentication and authentication information exchange and information exchange security. It was last updated in 2005. The security proof markup language entered the global Internet market in several versions. The first version of the Security Assertion Markup Language was released under the name SAML1. Then came its version SAML1.1, which was completely identical to SAML1 in terms of functionality except for minor differences. Finally, the last version of the security proof markup language called SAML2 was released in 2005. It had fundamental differences with the previous versions of this standard [4]. Although both versions of this standard monitored the same use cases, SAML2 is incompatible with its previous versions. Early versions of the Security Assertion Markup Language did not support any specific protocols in their queries, while the final version of the Security Assertion Markup Language (SAML2) supports many protocols, most of which are brand new. Both SAML1 and SAML2 use digital signatures (based on the XML signature standard) for authentication and message integrity. Using XML encoding, SAML2 provides elements for encrypted identity specifiers, encrypted attributes, and encrypted assertions (SAML1 does not have encryption capabilities) [5].

    The most important thing that SAML addresses require is a web browser's single entry. Single sign-on solutions are usually at the intranet level (for example, using cookies), but the development of these solutions beyond the intranet becomes problematic and leads to the deployment of non-interoperable proprietary technologies. The security proof markup language aims to solve these shortcomings, which was developed by the Structured Information Standards Development Organization. Security proof markup language aims to solve the problem of secure information exchange by providing a framework based on the developed markup language. The most important advantage of the markup language is the proof of security, its expansion and its optional growth in the industry. It is commonly used between organizations and their customers, business partners and cloud providers. Proof-of-Security Markup Language has proof-level security, scalability, and reliability in thousands of globally developed products.

    Proof-of-Security Markup Language Proofs in Web Services Security are also used for the security of Web service messages. Securing Web Services Using Markup Language Proofs Security proofs in the form of a security token with a token profile The Proof of Security Markup Language defines the security of web services. Security Web Services is a set of specifications that define tools to provide message security protection. A security proof markup language consists of a number of building block components that, when linked together, allow support for a number of use cases. The Security Proof Markup Language specification defines the structure and content of proofs that describe a principle proved by a proof section [4 and 6]. 1-2 Problem Definition Cloud computing uses the idea that work done on the client side can move to some invisible cluster of resources on the Internet [1].

  • Contents & References of Improving information security in cloud computing using the SAML standard

    List:

    Abstract .. 1

    Chapter One: Introduction

    1-1 Introduction .. 3

    1-2 Definition of the problem .. 4

    1-3 Explanation of the problem .. 5

    1-4 Thesis structure .. 5

    Chapter Two: Cloud computing, challenges and Solutions

    2-1 Introduction .. 7

    2-2 History of cloud computing .. 7

    2-3 Some examples .. 8

    2-3-1 Multiplex .. 8

    2-3-2 Early virtual machine supervisors. 8

    2-3-3 National CSS Company .. 9

    2-4 concepts .. 9

    2-4-1 definition of cloud computing .. 9

    2-4-2 main characteristics of cloud computing . 11

    2-5 Cloud architecture and components.. 12

    2-5-1 General view of existing ideas for cloud structures and its components. 12

    2-5-2 cloud computing service models. 12

    2-6 Classification of clouds .. 15

    2-7 Multi-tenancy .. 16

    2-8 Virtualization. . 16

    2-9 Cloud Shapes .. 17

    Eight

    2-9-1 Dimension one: internal/external. 17

    2-9-2 dimension two: dedicated/open .. 17

    2-9-3 dimension three: environmental/non-environmental. 18

    2-9-4 dimension four: outsourcing/insourcing. 18

    2-10 opportunities and challenges of cloud computing. 18

    2-11 Security challenges of cloud computing. 19

    2-12 Cloud computing privacy challenges. 19

    2-13 data protection.. 20

    2-14 data protection solutions. 20

    2-15 common risks of information security in the cloud. 20

    2-15-1 Phishing .. 20

    2-15-2 Right of access of provider personnel. 21

    2-16 Applications and limitations of data encryption. 21

    2-17 Data authentication and user identification. 21

    2-18 storing data in the cloud .. 22

    2-19 authentication .. 22

    2-20 security proof markup language. 23

    2-20-1 Definition .. 23

    2-20-2 Features .. 24

    2-20-3 Components .. 25

    2-21 Security Proof Markup Language in Web Services Security. 29

    2-22 Issuance of security proof markup language token in web services. 34

    2-23 Conclusion .. 35

    The third chapter: review and analysis of the work done

    3-1 Introduction. . 37

    3-2 Single sign-on systems .. 37

    No

    3-2-1 Enterprise .. 37

    3-2-2 Complex (federated) .. 38

    3-3 Single sign-on methods .. 38

    3-4 Kerberos method .. 46

    3-4-1 Kerberos Protocol .. 46

    3-4-2 Kerberos Advantages .. 48

    3-4-3 Kerberos Disadvantages .. 48

    3-5 Web Single Sign-On Authentication Using Security Proof Markup Language. 49

    3-6 Security Web Services .. 53

    3-7 Integrated Authentication .. 53

    3-8 Integrated Web Services .. 54

    3-9 Security Proof Markup Language and Integrated Web Services. 55

    3-10 Second version of Security Assertion Markup Language (SAML 2). 56

    3-11 complex authentication.. 56

    3-12 Advantages of single login authentication. 56

    3-13 Advantages of security proof markup language. 57

    3-14 Common errors in security proof markup language. 57

    3-15 Security proof markup language as a secure cloud standard. 57

    3-16 Conclusion .. 61

    Chapter Four: Single Sign On Using Security Proof Markup Language

    4-1 Introduction .. 63

    4-2 Proposed Model for Security Proof Markup Language Authentication in Web Single Sign On. 63

    4-3 steps of doing the work of the proposed model. . 64

    4-4 simulation of the proposed model... 68

    4-5 data security model in cloud computing. 68

    4-5 Conclusion .. 72

    Ten

    Chapter Five: Examination of the proposed model and conclusion

    5-1 Introduction .. 73

    5-2 Examination of the proposed model in terms of security. 73

    5-3 Review and evaluation of the proposed model. 74

    5-3-1 Model evaluation method .. 74

    5-3-2 Determining the reliability and validity of the questionnaire. 76

    5-3-3 Determining the reliability of the questionnaire designed to evaluate the proposed model. 76

    5-3-4 Determining the validity of the questionnaire designed to evaluate the proposed model. 77

    5-3-5 extraction of factors.. 78

    5-4-6 evaluation of the proposed model. 81

    5-4-7 Friedman test to compare the means of the methods. 81

    5-4-8 test81

    5-4-8 Kolmogorov-Smironov test. 82

    5-4-9 variance analysis. 82

    5-5 advantages and results obtained from the proposed model. 83

    5-6 possible problems and suggested solutions. 84

    Resources. 85

    Appendixes. 87

     

    Source:

    [1] Prepared by the Cloud Security Alliance Security Guidance for Critical Areas of Focus in Cloud Computing V2.1, United States Copyright Act, December 2009.

    [2] TaheriMonfared A Securing the IaaS Service Model of Cloud Computing Against Compromised Components, Norwegian University of Science and Technology, June 2011.

    [3] Kumaz P, Sehgal K, Chauhan S, Gupta K and Diwakar M "Effective Ways of Secure, Private and Trusted Cloud Computing", IJCSI International Journal of Computer Science Issues, Vol 8, Issue 3, No 2, May 2011.

    [4] LEWIS D and LEWIS E "Web Single Sign-On Authentication using SAML", IJCSI International Journal of Computer Science Issues, Vol 2, 2009.

    [5] Ragouzis N "Security Assertion Markup Language (SAML) V2.0 Technical Overview", Feb. 2007.

    [6] Cantor S "Assertions and Protocols for the OASIS Security Assertion Markup Language (SAML) V2.0", OASIS Standard, 15 March 2005.

    [7] Wang J, Zhao Y, Jiang S and Le J "Providing privacy preserving in Cloud computing", International Conference on Test and Measurement, pp 213-216, 2009.

    [8] Saltzer H Protection and the control of information sharing in multics, ACM, 17(7):388–402, 1974.

    [9] Stanoevska?Slabeva k and Wozniak K, principal cloud,

    [10] Chen Y, Paxson V and Katz K "What's New About Cloud Computing Security", Electrical Engineering and Computer Sciences University of California at Berkeley, Technical Report No. UCB/EECS-2010-5, January 20, 2010.

    [11] http://www.iranianlearn.com/article6119.html.

    [12] http://xen.org/products/xenhyp.html.

    [13] Karger P "Securing virtual machine monitors—what is needed", Keynote address, ASIACSS 2009.

    [14] Feinleib H A Technical History of National CSS, Computer History Museum, April 2005.

    [15] "Cloud Computing Security Considerations", Department of Intelligence and Security of Australian Government, April 2011.

    [16] Delgado V Exploring the limits of cloud computing, Master of Science Thesis Stockholm, Sweden, 2010.

    [17] Miller M "Using WS-Security and SAML for Internet Single Sign On", 20th Computer Science Seminar, SA3-T4-1, 2005.

    [18] J?sang A Security Usability Principles for Vulnerability Analysis and Risk Assessment, Annual Computer Security Applications Conference, 2007 (ACSAC'07).

    [19] "Cloud Cube Model: Selecting Cloud Formations for Secure Collaboration", Jericho Forum tm, Version 1.0, April 2009.

    [20] Provos N Safe Browsing (Google Online Security Blog), June 2012.‎

    [21] Jansen W and Grance T Guidelines on Security and Privacy in Public Cloud Computing, Information Technology Laboratory, National Institute of Standards and Technology, Gaithersburg, MD 20899-8930, December 2011.

    [22] http://www.schneier.com/blog/archives/2010/06/data_at_rest_vs.html.

    [23] Winkler R Cloud Computer Security Techniques and Tactics, in the United States of America, 2011.

    [24] "Security Assertion Markup Language (SAML) 2.0", OASIS Standard, July 2005.

    [25] Kemp J "Authentication Context for the OASIS Security Assertion Markup Language (SAML) V2.0." OASIS SSTC, January 2005.

    [26] "Assertions and Protocols for the OASIS Security Assertion Markup Language (SAML) V2.0", OASIS Standard, March 2005.

    [27] Box D "Simple Object Access Protocol (SOAP) 1.1.", World Wide Web Consortium Note, May 2000.

    [28] Meyer C, Feldmann F and Schwenkpaper J "Sometimes it's better to be STUCK", Horst Gortz Institute for IT-Security, Ruhr-University Bochum, 2011.

Improving information security in cloud computing using the SAML standard
How To Access The File
Related Contents:
Number of pages: 116 Category: Computer Engineering

Dissertation for receiving a master's degree in computer science (M.Sc), software orientation. Abstract Considering the future of cloud computing and the expansion of its applications and the benefits of this technology, there are always challenges for users, one of the most important and controversial of these challenges is privacy protection. Considering the storage of private ...

Number of pages: 104 Category: Computer Engineering

Master's Thesis in Computer Engineering Major: Software Abstract: Cloud processing and cloud environment and cloud databases are the place to store information on the web and the best solution should be used to increase their security. Our problem here is the classification of confidential and top-secret data and then their encryption for storage in the cloud. For this, speed ...

Number of pages: 115 Category: IT Information Technology Engineering

Master thesis of information technology engineering, information systems management, abstract cloud computing as a new computing model in which software, hardware, infrastructure, platform, data and other resources are provided to cloud users virtually and as a service, on demand and through the internet by cloud providers. This model is based on pay-per-use, that is, users pay ...

Number of pages: 90 Category: Computer Engineering

Dissertation for obtaining a master's degree in computer engineering, majoring in software. Abstract: Task scheduling algorithm, which is an NP-complete problem, plays a key role in cloud computing systems. The colonial competition algorithm is one of the newest evolutionary optimization algorithms. As its name suggests, this algorithm is based on the modeling of the ...

Number of pages: 75 Category: Computer Engineering

Dissertation for M.Sc Computer Engineering - Software Abstract: The rapid growth in demand for computing power has led computing to move towards a cloud computing model based on massive virtualized data centers. Cloud computing allows users to provide computing resources efficiently and dynamically to meet their needs. The use of these resources certainly requires payment by the ...

Number of pages: 90 Category: Computer Engineering

Dissertation for Master's Degree in Computer Engineering, Software Orientation Abstract: With the advancement of hardware, then operating systems, followed by software, the demand for more services and higher speed and power has also increased, and this situation has reached a point where users cannot run their desired software without suitable hardware. By producing and ...

Number of pages: 131 Category: Computer Engineering

Thesis for obtaining a master's degree in the field: computer, software, abstract. In a sensor network, which is a pervasive distributed system, communication synchronization is one of the discussed cases. One of the main tasks of synchronizing processes is mutual exclusivity. The new algorithms provided are more fair compared to the old algorithms. In this thesis, we present a ...

Number of pages: 46 Category: Computer Engineering

Dissertation for Master's Degree in Computer Engineering - Artificial Intelligence Abstract Data clustering is a method for classifying similar data, which has been used for many years in various sciences and many algorithms have been designed in this field. Recent clustering research leads to hybrid methods that are more robust and accurate. Hybrid clustering tries to first ...

Number of pages: 129 Category: Computer Engineering

Dissertation for receiving a master's degree in computer engineering (Sc. M) orientation: software. Abstract Failure in systems with sensitive applications can cause irreparable disasters. The design of this category of systems should be such that in the event of an error, they are able to perform their duties correctly, in addition to preventing the occurrence of errors as much ...

Number of pages: 85 Category: Computer Engineering

Master's Thesis in Computer Engineering Abstract: In recent years, due to the growing number of requests and the joining of new customers to the world of computing, computer systems Computing should also change and be more powerful and flexible than before. In the meantime, cloud computing was presented as a model beyond a system that currently has the ability to respond to most ...