Projet de recherche doctoral numero :3920


Date depot: 1 janvier 1900
Titre: Authentication and Single Sign-on for cooperating cloud providers
Directeur de thèse: Guy PUJOLLE (LIP6)
Domaine scientifique: Sciences et technologies de l'information et de la communication
Thématique CNRS : Systèmes et réseaux

Resumé: Cloud network is a concept reforming IT industry and consequently changing how startup and SMEs (small and medium enterprises) look into IT infrastructure. Reduced CAPEX (Capital Expenditures) and pay-as-you-go mode is best suiting startups and SMEs to outsource their computation resources and focus their capital on creating a competitive edge against other products and services. It is predicted that cloud computing will surge to 150 billion dollars by 2013 , even though companies are reluctant to migrate their data because of more than one aspect. Security is one of the main aspects delaying wide adoption of computation outsourcing , thus it is hindering an investment boom until having all the security concerns tackled. Security concerns are categorized into three main groups: Architecture (Network Security, Interface and Virtualization), Compliance (Service, Provider) and Privacy (Data Security, Legal issues). Authentication and SSO (Single sign-on) is used in a variety of cloud architectures, but is crucial for newly proposed architectures. Telecommunication vendors have proposed revolutionary cloud architecture benefiting from the all-ip LTE networks. Motorola , Ericsson and Nokia Siemens Networks have proposed a hybrid complementary cloud architecture turning Telecom operators into cloud providers. These operators are backed up by vendor and 3rd party clouds thus making the operator a cloud customer and cloud provider simultaneously. Without SSO, End users need to re-authenticate each time he/she access an application. When re-authenticating, the 3rd party cloud provider will receive the user's credentials to verify confirm authenticity after contacting the operator. These 3rd party cloud providers can use the received credentials in illegitimate access to the operator's network. SSO is also exploitable and has disadvantages different by the difference of the used architecture. In this thesis, we are going to discuss different user authentication schemes and SSO between cooperating Cloud networks. Previous algorithms will be compared and a new authentication and SSO protocols will be proposed. This protocol will be evaluated theoretically, its performance will be simulated and its security will be proven using algebraic-logic methods. The results of this work will impact directly cloud computing in telecommunication industry and Cloud service providers' inter-cooperation that is highly expected in future years.

Doctorant.e: Bou Abdo Jacques