Skip to Main Content
 

Global Search Box

 
 
 
 

Files

File List


Thesis.pdf (2.96 MB)

ETD Abstract Container

Abstract Header

Secure Multi-party Authorization in Clouds

Lin, Wenjie
http://rave.ohiolink.edu/etdc/view?acc_num=osu1429041745

Abstract Details

2015, Doctor of Philosophy, Ohio State University, Computer Science and Engineering.
Software as a Service (SaaS) clouds cooperate to provide services, which often provoke multi-party authorization. Some special cases of three-party authorization such as Facebook Single Sign On and PayPal Express Checkout have been widely used, however the general multi-party authorization as well as its security has not been well studied. This thesis focuses on secure multi-party authorization in clouds. First of all, the multi-party authorization problem is formalized by abstracting a class of real-world authorization services. It is found that, to solve the multi-party authorization problem, one should first solve the so-called name matching problem. Failing on name matching has led to fatal attacks against existing three-party authorization protocols. After formalization of the name matching problem, its inherent difficulty is unveiled by laying name matching into the family of Byzantine agreement problems. The name matching problem is then studied in the scenarios of no adversary, a single adversary, and multiple adversaries. Both the impossibility and positive results are presented. In the latter cases, name matching protocols are designed and their security with concurrent self composition is proved with Protocol Composition Logic. Furthermore, an algorithm is proposed to detect the vulnerabilities on name matching for multi-party authorization protocols. Applying the algorithm on existing three- and four-party authorization protocols reveals new design flaws, which can cause name matching attacks against PayPal Express Checkout, Alipay PeerPay, and Amazon FPS Marketplace. Secure name matching protocols are used as subroutines to construct multi-party authorization protocols. Their security is proved under the scenarios of no adversary, a single adversary, and multiple adversaries. In the case study, two new authorization services (data exchange and sales affiliation) are designed with the proposed protocols. Attackers not only exploit design flaws in authorization protocols, but also in their implementation. One of the attackers' major goals is to steal a victim's confidential data. The attackers often successfully escape from being detected by hiding themselves behind stepping-stones (e.g., VPN, proxy and SSH tunneling). How to traceback this kind of attackers is an open problem. In the thesis, a Pebbletrace system is presented. The system creates Pebbleware based on zero-day vulnerabilities and embeds it into victims' confidential data. If the data is stolen, Pebbleware enables the system to exploit the attackers behind stepping stones. The Pebbletrace system is evaluated in the case where Zeus bots are used and shows promising results.
Ten-Hwang Lai (Advisor)
Feng Qin (Committee Member)
Dong Xuan (Committee Member)
176 p.
Computer Science
authorization; clouds; security; protocol

Recommended Citations

Citations

  • Lin, W. (2015). Secure Multi-party Authorization in Clouds [Doctoral dissertation, Ohio State University]. OhioLINK Electronic Theses and Dissertations Center. http://rave.ohiolink.edu/etdc/view?acc_num=osu1429041745

    APA Style (7th edition)

  • Lin, Wenjie. Secure Multi-party Authorization in Clouds. 2015. Ohio State University, Doctoral dissertation. OhioLINK Electronic Theses and Dissertations Center, http://rave.ohiolink.edu/etdc/view?acc_num=osu1429041745.

    MLA Style (8th edition)

  • Lin, Wenjie. "Secure Multi-party Authorization in Clouds." Doctoral dissertation, Ohio State University, 2015. http://rave.ohiolink.edu/etdc/view?acc_num=osu1429041745

    Chicago Manual of Style (17th edition)

osu1429041745
1,797
© 2015, all rights reserved.
This open access ETD is published by The Ohio State University and OhioLINK.