Authors : Andrews Ocran

Volume/Issue : Volume 10 - 2025, Issue 3 - March

Google Scholar : https://tinyurl.com/mry35njk

Scribd : https://tinyurl.com/2fv4dajb

DOI : https://doi.org/10.38124/ijisrt/25mar657

Google Scholar

Note : A published paper may take 4-5 working days from the publication date to appear in PlumX Metrics, Semantic Scholar, and ResearchGate.

Note : Google Scholar may take 15 to 20 days to display the article.

Abstract : With the increasing adoption of cloud-based services and distributed systems, securing user identity and sensitive data in Federated Identity Management (FIM) systems has become a critical challenge. Traditional authentication and authorization mechanisms often fall short in ensuring fine-grained access control, especially when dealing with large-scale, dynamic environments. This study explores the enhancement of security in Federated Identity Management (FIM) systems through the integration of Attribute-Based Encryption (ABE), a promising cryptographic technique that offers advanced access control based on user attributes rather than single user identity. The proposed model utilizes Ciphertext-Policy ABE (CP-ABE) to ensure dynamic encryption of user data while also ensuing that only users with the appropriate matching attributes can decrypt and access specific information. By deploying Attribute-Based Encryption, the system enhances privacy, reduces the risk of unauthorized access, and addresses common vulnerabilities in federated systems, such as credential theft and unauthorized privilege escalation. Through a series of experiments, this study evaluates the feasibility and effectiveness of the proposed system in real- world scenarios. The findings suggest that integrating Attribute-Based Encryption into Federated Identity Management systems significantly strengthens security, provides more flexible and granular access control, and mitigates risks associated with traditional identity management approaches. This work will contribute to the field by offering a novel approach to securing federated identity systems in dynamic and complex environments, with implications for both academia and industry in cloud computing, cybersecurity, and privacy-preserving technologies.

References :

1. Abdulsalam, Y.S. and Hedabou, M. (2021). Security and Privacy in Cloud Computing: Technical Review. Future Internet, [online] 14(1), p.11. doi:https://doi.org/10.3390/fi14010011.
2. Abhijeet Thakurdesai, Nistor, M.S., Bein, D., Pickl, S. and Bein, W. (2022). Single Sign-On (SSO) Fingerprint Authentication Using Blockchain. Advances in intelligent systems and computing, pp.195–202. doi:https://doi.org/10.1007/978-3-030-97652-1_24.
3. Alansari, S., Paci, F., Margheri, A. and Sassone, V. (2017). Privacy-Preserving Access Control in Cloud Federations. 2017 IEEE 10th International Conference on Cloud Computing (CLOUD). doi:https://doi.org/10.1109/cloud.2017.108.
4. Aldosary, M. and Alqahtani, N. (2021). A Survey on Federated Identity Management Systems Limitation and Solutions. International Journal of Network Security & Its Applications, [online] 13(03), pp.43–59. doi:https://doi.org/10.5121/ijnsa.2021.13304.
5. Almadani, M.S., Alotaibi, S., Hada Alsobhi, Hussain, O.K. and Farookh Khadeer Hussain (2023). Blockchain-based multi-factor authentication: A systematic literature review. Internet of Things, 23, pp.100844–100844. doi:https://doi.org/10.1016/j.iot.2023.100844.
6. Amajuoyi, C.P., Nwobodo, L.K. and Adegbola, M.D. (2024). Transforming business scalability and operational flexibility with advanced cloud computing technologies. Computer Science & IT Research Journal, [online] 5(6), pp.1469–1487. doi:https://doi.org/10.51594/csitrj.v5i6.1248.
7. Amanowicz, M., Szwaczyk, S. and Wrona, K. (2024). Data-Centric Security in Software Defined Networks (SDN). Studies in big data. Springer International Publishing. doi:https://doi.org/10.1007/978-3-031-55517-6.
8. Annane, B., Alti, A., Laouamer, L. and Reffad, H. (2022). Cx‐CP‐ABE: Context‐aware attribute‐based access control schema and blockchain technology to ensure scalable and efficient health data privacy. SECURITY AND PRIVACY. doi:https://doi.org/10.1002/spy2.249.
9. Bendiab, K., Shiaeles, S. and Samia , B. (2018). A New Dynamic Trust Model for ‘On Cloud’ Federated Identity Management. Portsmouth Research Portal (University of Portsmouth). doi:https://doi.org/10.1109/ntms.2018.8328673.
10. Bethencourt, J., Sahai, A. and Waters, B. (2007). Ciphertext-Policy Attribute-Based Encryption. [online] IEEE Xplore. doi:https://doi.org/10.1109/SP.2007.11.
11. Bogataj Habjan, K. and Pucihar, A. (2017). The Importance of Business Model Factors for Cloud Computing Adoption: Role of Previous Experiences. Organizacija, 50(3), pp.255–272. doi:https://doi.org/10.1515/orga-2017-0013.
12. Crane, C. (2023). Compromised Credentials: 7 Ways to Fight Credential Attacks. [online] Hashed Out by The SSL Store^TM. Available at: https://www.thesslstore.com/blog/compromised-credentials-ways-to-fight-credential-attacks/ [Accessed 7 Dec. 2024].
13. Das, M. (2024). Fine‐Grained Access Through Attribute‐Based Encryption for Fog Computing. pp.405–424. doi:https://doi.org/10.1002/9781394175345.ch17.
14. Deshmukh, J.Y., Yadav, S.K. and Bhandari, G.M. (2021). Attribute-Based encryption mechanism with Privacy-Preserving approach in cloud computing. Materials Today: Proceedings. doi:https://doi.org/10.1016/j.matpr.2021.05.609.
15. Fu, X., Ding, Y., Li, H., Ning, J., Wu, T. and Li, F. (2022). A survey of lattice based expressive attribute based encryption. Computer Science Review, [online] 43, p.100438. doi:https://doi.org/10.1016/j.cosrev.2021.100438.
16. Fun, T.S. and Samsudin, A. (2017). Attribute Based Encryption—A Data Centric Approach for Securing Internet of Things (IoT). Advanced Science Letters, 23(5), pp.4219–4223. doi:https://doi.org/10.1166/asl.2017.8315.
17. Garnaev, A. and Trappe, W. (2022). An eavesdropping and jamming dilemma with sophisticated players. ICT Express. doi:https://doi.org/10.1016/j.icte.2022.06.002.
18. Hamza, A. and Kumar, B. (2020). A Review Paper on DES, AES, RSA Encryption Standards. [online] IEEE Xplore. doi:https://doi.org/10.1109/SMART50582.2020.9336800.
19. He, G., Li, C., Shu, Y. and Luo, Y. (2024). Fine-grained access control policy in blockchain-enabled edge computing. Journal of network and computer applications, 221, pp.103706–103706. doi:https://doi.org/10.1016/j.jnca.2023.103706.
20. Hou, X., Zhang, L., Wu, Q. and Fatemeh Rezaeibagha (2023). Collusion-resistant dynamic privacy-preserving attribute-access control scheme based on blockchain. Journal of King Saud University - Computer and Information Sciences, 35(8), pp.101658–101658. doi:https://doi.org/10.1016/j.jksuci.2023.101658.
21. Imam, R., Kumar, K., Raza, S.M., Sadaf, R., Anwer, F., Fatima, N., Nadeem, M., Abbas, M. and Rahman, O. (2022). A systematic literature review of attribute based encryption in health services. Journal of King Saud University - Computer and Information Sciences. doi:https://doi.org/10.1016/j.jksuci.2022.06.018.
22. Keltoum, B. and Samia, B. (2017). A dynamic federated identity management approach for cloud-based environments. Proceedings of the Second International Conference on Internet of things, Data and Cloud Computing. doi:https://doi.org/10.1145/3018896.3025152.
23. Li, J., Zhang, Y., Ning, J., Huang, X., Poh, G.S. and Wang, D. (2020). Attribute Based Encryption with Privacy Protection and Accountability for CloudIoT. IEEE Transactions on Cloud Computing, pp.1–1. doi:https://doi.org/10.1109/tcc.2020.2975184.
24. Li, X., Wang, H., Ma, S., Xiao, M. and Huang, Q. (2024). Revocable and verifiable weighted attribute-based encryption with collaborative access for electronic health record in cloud. Cybersecurity, 7(1). doi:https://doi.org/10.1186/s42400-024-00211-1.
25. Liang, K., Fang, L., Susilo, W. and Wong, D.S. (2013). A Ciphertext-Policy Attribute-Based Proxy Re-encryption with Chosen-Ciphertext Security. Intelligent Networking and Collaborative Systems. doi:https://doi.org/10.1109/incos.2013.103.
26. Linthicum, D.S. (2019). Approaching Cloud Computing Performance. IEEE Cloud Computing, 5(2), pp.33–36.
27. Liu, Y., Zhang, Y., Ling, J. and Liu, Z. (2018). Secure and fine-grained access control on e-healthcare records in mobile cloud computing. Future Generation Computer Systems, [online] 78, pp.1020–1026. doi:https://doi.org/10.1016/j.future.2016.12.027.
28. Luo, F., Wang, H., Yan, X. and Wu, J. (2024). Key-Policy Attribute-Based Encryption with Switchable Attributes for Fine-Grained Access Control of Encrypted Data. IEEE Transactions on Information Forensics and Security, [online] pp.1–1. doi:https://doi.org/10.1109/tifs.2024.3432279.
29. McCarthy, M. (2023). Understanding Role-Based Access Control (RBAC). [online] www.strongdm.com. Available at: https://www.strongdm.com/rbac.
30. Mohammad, A. (2022). Distributed Authentication and Authorization Models in Cloud Computing Systems: A Literature Review. Journal of Cybersecurity and Privacy, 2(1), pp.107–123. doi:https://doi.org/10.3390/jcp2010008.
31. Mortágua, D., Zúquete, A. and Salvador, P. (2024). Enhancing 802.1X authentication with identity providers using EAP-OAUTH and OAuth 2.0. Computer networks, 244, pp.110337–110337. doi:https://doi.org/10.1016/j.comnet.2024.110337.
32. Nabil, M., Bima, M., Alsharif, A., Johnson, W., Gunukula, S., Mahmoud, M. and Abdallah, M. (2019). Priority-Based and Privacy-Preserving Electric Vehicle Dynamic Charging System With Divisible E-Payment. Smart Cities Cybersecurity and Privacy, pp.165–186. doi:https://doi.org/10.1016/b978-0-12-815032-0.00012-3.
33. Naik, N. and Jenkins, P. (2017). Securing digital identities in the cloud by selecting an apposite Federated Identity Management from SAML, OAuth and OpenID Connect. 2017 11th International Conference on Research Challenges in Information Science (RCIS). doi:https://doi.org/10.1109/rcis.2017.7956534.
34. Niskanen, T. and Salonen, J. (2023). Enabling fine-grained access control in information sharing with structured data formats. European Conference on Cyber Warfare and Security, 22(1), pp.332–340. doi:https://doi.org/10.34190/eccws.22.1.1143.
35. Panathula, M. (2024). Federated Identity Management: A Comprehensive Guide | 2024 | Zluri. [online] Zluri.com. Available at: https://www.zluri.com/blog/federated-identity-management [Accessed 5 Nov. 2024].
36. Prantl, T., Zeck, T., Horn, L., Lukas ffländer, Bauer, A., lexandra Dmitrienko, Krupitzer, C. and Kounev, S. (2023). Towards a cryptography encyclopedia: a survey on attribute-based encryption. Journal of Surveillance Security and Safety, [online] 4(4), pp.129–54. doi:https://doi.org/10.20517/jsss.2023.30.
37. Premarathne, U.S., Khalil, I., Tari, Z. and Zomaya, A. (2017). Cloud-Based Utility Service Framework for Trust Negotiations Using Federated Identity Management. IEEE Transactions on Cloud Computing, 5(2), pp.290–302. doi:https://doi.org/10.1109/tcc.2015.2404816.
38. Raj, A. (2022). SAML vs OAuth : Building Blocks to Federated Identity Management. [online] Medium. Available at: https://blog.devgenius.io/saml-vs-oauth-building-blocks-to-federated-identity-management-f36ca58f7aa0 [Accessed 7 Dec. 2024].
39. Reshma Siyal and Long, J. (2024). Secure Cloud Data with Attribute-based Honey Encryption. Research Square (Research Square). doi:https://doi.org/10.21203/rs.3.rs-4115057/v1.
40. Si-Ahmed, A., Ali Al-Garadi, M. and Boustia, N. (2023). Survey of Machine Learning based intrusion detection methods for Internet of Medical Things. Applied Soft Computing, 140, pp.110227–110227. doi:https://doi.org/10.1016/j.asoc.2023.110227.
41. Suryawanshi, V. and Sural, S. (2024). Ciphertext Policy Attribute Based Encryption with Intel SGX. arXiv (Cornell University). doi:https://doi.org/10.48550/arxiv.2409.07149.
42. Vignesh, M. and Naresh, Dr. (2020). Exploration of Attribute Based Encryption Schemes on Cloud Computing Storage. International Journal of Recent Technology and Engineering, 8(5), pp.5367–5371. doi:https://doi.org/10.35940/ijrte.e6764.018520.
43. Wang, J., Liang, J., Ding, Y., Tang, S. and Wang, Y. (2023). Ciphertext-policy attribute-based encryption supporting policy-hiding and cloud auditing in smart health. Computer Standards & Interfaces, 84, pp.103696–103696. doi:https://doi.org/10.1016/j.csi.2022.103696.
44. Wang, X., Yu, M., Wang, Y., Pi, Y., Xu, P., Wang, S., Jin, H. and Han, M. (2024). Attribute-Based Access Control Encryption. IEEE Transactions on Dependable and Secure Computing, pp.1–15. doi:https://doi.org/10.1109/tdsc.2024.3481497.
45. Wang, Y., Su, Z., Zhang, N., Xing, R., Liu, D., Luan, T.H. and Shen, X. (2022). A survey on metaverse: Fundamentals, security, and privacy. IEEE Communications Surveys & Tutorials, 25(1), pp.1–1. doi:https://doi.org/10.1109/comst.2022.3202047.
46. www.okta.com. (n.d.). What Is Federated Identity? | Okta. [online] Available at: https://www.okta.com/identity-101/what-is-federated-identity/.
47. Yadav, U.C. and Ali, S.T. (2015). Ciphertext policy-hiding attribute-based encryption. pp.2067–2071. doi:https://doi.org/10.1109/icacci.2015.7275921.
48. Yan, L., Wang, G., Yin, T., Liu, P., Feng, H., Zhang, W., Hu, H. and Pan, F. (2024). Attribute-Based Searchable Encryption: A Survey. Electronics, 13(9), pp.1621–1621. doi:https://doi.org/10.3390/electronics13091621.
49. Yi, W., Wang, C., Kuzmin, S., Gerasimov, I. and Cheng, X. (2024). Weighted Attribute-Based Proxy Re-Encryption Scheme with Distributed Multi-Authority Attributes. Sensors, 24(15), p.4939. doi:https://doi.org/10.3390/s24154939.
50. Yin, H., Zhu, Y., Deng, H., Ou, L., Qin, Z. and Li, K. (2024). Privacy-Preservation Enhanced and Efficient Attribute-Based Access Control for Smart Health in Cloud-Assisted Internet of Things. IEEE Internet of Things Journal, [online] pp.1–1. doi:https://doi.org/10.1109/jiot.2024.3470891.
51. Zhang, D., Yang, X., Jia, Z., Li, H., Guo, X. and Wang, Q. (2023). Improved CP-ABE Algorithm Based on Identity and Access Control. pp.482–487. doi:https://doi.org/10.1109/iaecst60924.2023.10503198.
52. Zhang, Y., Deng, R.H., Xu, S., Sun, J., Li, Q. and Zheng, D. (2020). Attribute-based Encryption for Cloud Computing Access Control. ACM Computing Surveys, 53(4), pp.1–41. doi:https://doi.org/10.1145/3398036.