Automated Security Assessment for IDaaS Framework

Wireless Personal Communications (2021) 116:3465–3490 https://doi.org/10.1007/s11277-020-07860-8 Automated Security Assessment for IDaaS Framework Ibrahim Gomaa1 · Emad Abd‑Elrahman2 · Alaa Hamdy1 · Elsayed M. Saad1 Accepted: 29 October 2020 / Published online: 28 November 2020 © Springer Science+Business Media, LLC, part of Springer Nature 2020 Abstract Nowadays, we are moving quickly to a new Identity concept due to the cloud computing paradigm called Identity as a Service (IDaaS). However, the one Identity adoption for all services access does not bring only good news. Hackers are increasing more and more their attacks based Identity theft. This means that the security of Identity itself becomes a threat vector. Therefore, this paper focuses on the concept of using Virtual Identity (VID) under the framework of IDaaS. This IDaaS is well known for Software as a Service (SaaS) cloud deployment model authentication. It can be delivered by a a third party Identity providers for the whole identity management approach including the creation process, the authentication mechanism and the identity privacy assurance level. Moreover, the proposed VID mechanism for IDaaS framework is considered as a new realization for anonymous Single Sign On (SSO) in this distributed cloud services environments. Actually, we proposed the VID creation framework using Elliptic Curve Cryptography (ECC). After we designed the two approaches either Identity Based Encryption (IBE) or Pseudonym Based Encryption (PBE), we implemented them by MIRACL security library. In order to judge on our solutions security measure, we used the (AVISPA) tool to assess the IBE and PBE protocols vulnerabilities. AVISPA: Automated Validation of Internet Security Protocols and Applications uses a group of applications to build and analyze the formal models of many known or designed security protocols. Through its language structure, we built our communication protocols in a descriptive way. The analysis of our VID proposed approaches based on IBE and PBE using AVISPA back-ends indicated that both of them are safe (i.e. no attacks found). So, the VID proposed approaches based on IBE and PBE are suitable and scalable enough to secure the anonymous communication in cloud services environment comparing to the state of the art solutions. * Ibrahim Gomaa [email protected] Emad Abd-Elrahman [email protected] Alaa Hamdy [email protected] Elsayed M. Saad [email protected] 1 Faculty of Engineering, Helwan University, Cairo, Egypt 2 National Telecommunication Institute, 5 Mahmoud El-miligy st., Nasr City, Cairo 11768, Egypt 13 Vol.:(0123456789) 3466 I. Gomaa et al. Keywords Identity Management · Security Assessment · IBE · PBE 1 Introduction According to the forecasting for future identity management, digital transformation era for most business enterprises will depend on identity access [1]. Identity management represents one of big challenges in services’ access over Internet. With the cloud computing revolution, the IDaaS solution appeared as a Single Sign On (SSO) solution for cloud infrastructure authentication. However, the idea of using one single Identity instead of multiple Identities is not new, the realization part is the complex task. Therefore, and in order to realize this VID concept, two approaches are designed and implemented for anonymous access. The two techniques used for the VID creation are: Identity-Based Encryption (IBE) and Pseudonym-Based Encryption (PBE). They were firstly designed and implemented as VID framework through the first phase of VID creation [2]. Then, the validation and verification phase using MIRACL library [3] is achieved with the transactions details and protocols sequence in this paper. The implementation phase for our VID security mechanisms is mainly depending on using the public-key cryptography security techniques. During this VID creation phase, the public-key cryptography based Elliptic Curve Cryptography (ECC) [4] is used in both approaches (IBE & PBE) either for encrypting the communication between system entities or in the digital signatures for signing the interaction messages between the access users, Private Key Generator (PKG) and service providers nodes. Moreover, the PKG is considered as a third party Trusted Authority (TA) for security assurance centralized point to different service providers’ servers. The two proposed protocols (IBE & PBE) are common in some security aspects using ECC and have some different points in the philosophy of access and the relations and duties for each entity in the architecture as will detailed in Sect. 4. After the design and implementation phase has been done through MIRACL library, we are going to validate the security measure of our proposed protocols. Through this phase, the performance of IBE & PBE approaches is evaluated using security assessment tool called AVISPA [5] in terms of security measures and vulnerability detection. For the structure of this paper, the rest sections are organized as; Section 2 highlights the relevant work aspects in dynamic identity approaches. Section 3 considers the problem statement in addition to the details of conceptual modelling for IBE & PBE in MIRACL as security implementation environment. The proposed IBE & PBE workflows are introduced in Sect. 4 while in Sect. 5, we present the automated security analysis using AVISPA tool. Section 6 introduces the security analysis results and the conducted comparisons against the related work. The work contributions and perspectives are summarized in Sect. 7. 2 Related Work Anonymous communication aspect have been considered in the literature from different sides. This anonymity can be achieved either through IBE solutions [6], PBE solutions [7], Mixnet protocols [8–10] and [11] or DC-net protocols [12, 13]. IDaaS framework was considered in different applications like vehicular cloud computing [14]. In this framework, the classical IDaaS approach has been improved to cope 13 Automated Security Assessment for IDaaS Framework 3467 with the limited computing resources in such vehicular environment. Moreover, this work depends on ameliorating IDaaS using encryption techniques for ciphertext-policy based attribute methodology. In the context of Mobile Edge Computing (MEC), authentication is an important aspect due to the huge number of access nodes in this layer. A mutual authentication mechanism was proposed in this scope of MEC environments using elliptic curve cryptography during the key agreement phase which is designed based “identity-based anonymous authentication” [15]. We considered this work is very close to our proposed methodologies in terms of the security mechanisms and protocols used. For the on-demand cloud services, IDaaS framework can achieve the trusting access [16]. In this proposal, authors tried to adapt their IDaaS proposal with the compliant of the General Data Protection Regulation (GDPR) in the identity management frameworks to prevent the identity theft and malicious identity access. Moreover, they introduced their identity concept under Purpose-Based Encryption technique (PBE). For the context of Dynamic Identity authentication mechanisms, a group of relevant work had been proposed in this direction that can be used for multi-server accessing [17, 18] and [19]. The advantages of those proposals are the dependability of each other on the previous work to detect the vulnerability and trying to prove that their proposals are robust using the same methodology which is AVISPA tool. Through the proposed work in [17], the authors introduced the dynamic identity-based authentication mechanism. This scheme focused mainly on ameliorating the principle of identity creation using mixed simple hashing functions with XORing logical operations. Moreover, they considered in their solution the using of some encryption techniques and other exponential security operations. The work in [18] considered an authentication scheme based multi-server. This scheme depends on mapping one single identity to different identities for servers’ accessing. They also analyzed their protocol phases through AVISPA tools. Another relevant work analyzed the previous work [18] proposed in [19]. Authors of this work have been succeeded in extracting some common vulnerabilities (CVs) in that previous work [18] like forgery and replay attacks, and user impersonation attack besides some weaknesses in the proposed mutual authentication method. As a proof of concept for their proposal, they validated the multi service authentication mechanism using same environment AVISPA. Moreover, they proved that their proposal outperformed the work mentioned in [18] from different angles like security robustness and small cost for protocol overhead. In the previous works, all proposed models followed the same methodology of protocol designed for dynamic identity that can be used in multi-server authentication. While in our proposals of VID concept, the Identity Based Cryptography (IBC) is used under the form of IBE or PBE to create many identities based on one main identity which is the trusted one. Another thing, we used ECC technique for adding more security and privacy while reducing the computation process for each protocol. 3 Problem Statement As we mentioned before, identity is one of main pillars in the digital world transformation [1]. As a result, Identity as a Service (IDaaS) concept appeared with the era of virtualization in parallel to other digital services. Many services access required the keeping of many 13 3468 I. Gomaa et al. identities as one for each service. But, this model has a big overhead while remembering this huge number of services access identities. This problem can be managed by different proposals. First one had been directed to identity providers line. This provider is called third party one that will take the hand to manage the identities for different providers as outsourcing solution. Of course, this model copes with the cloud computing Software as a Service (SaaS) model used in multi-tenant virtualized services. Although the previous identity line for such IDaaS concept is well known and commercialized over Internet, Google considered one identity solution mechanism. This line focused on Google Apps for the framework of identity services under the umbrella of IDaaS solutions. By this, “Google Gmail address” can be used as one main identity for managing the generation of different services access identities (i.e. one for all). Moreover, this solution considered the first line as not strong enough as required because it depends on third party entity. To conclude, the third party solutions are considered as commercialized solutions for identity management in many systems like banking for example. On the other hand Google advocated on his solution about “one for all”. We think that, the feasibility of mixing is an ideal solution. For that, we propose a Virtual Identity concept as a new identity paradigm. The proposed VID will bring on the table the advantages of both identity lines while assuring the the high security and low dependencies. This solution can be considered as a feasible cloud-based IDaaS framework for securing identity management. Our work contributions can be summarized in four points as: – Design and model for VID framework. – Implementation of the models using MIRACL security environment. – Validation of the proposed protocols through AVISPA tools to assess the security measures and protocols merits against some common security vulnerabilities. – Conducting cost and security comparison for the proposed framework IBE and PBE against related work. The following two subsections highlight the design and implementation phases using some common security tools like AVISPA that used in this work for security validations. 3.1 Conceptual Design and Model for IBE & PBE In our previous work [2], we introduced the two secure mechanisms (IBE & PBE) for creating the VID. These approaches are built using Elliptic Curve Cryptography (ECC) technique due to its security strength and smaller keys used comparing to other cryptography approaches like RSA [4]. Then, we used MIRACL security libraries to implement our IBE & PBE communication protocols between security entities involved in VID creation. The workflow for both approaches will be detailed in Sect. 4. 3.2 MIRACL Multi-precision Integer and Rational Arithmetic C/C++ Library (MIRACL) [3] is consisting of a large group of portable C software library. This open-source software is considered by a large number of researchers and security developers as vital environment for building security measures like elliptic curve cryptography (ECC) based algorithms. The tool supports most of security algorithms and protocols like RSA and the key exchange protocols 13 Automated Security Assessment for IDaaS Framework 3469 like Diffie-Hellman (DH) under the umbrella of ECC. The main advantage of MIRACL over other cryptographic libraries is its light computing that can be applied on constrained devices. This gives us the opportunity to try our implementations on normal PC with simple specs as will be cleared in Sect. 4.3. In our work about identity and access management, we consider the use of a key agreement protocol called Elliptic Curve Diffie-Hellman (ECDH), the Menezes-Vanstone Protocol, and the Elliptic Curve Digital Signature Algorithm (ECDSA). Those mechanisms are fully supported by MIRACL Library that we used in our identity protocols (IBE & PBE). For our implementation choices, we used the following elliptic curve equation: ( y2 = x3 − 3x + b mod p), as (p) is a big prime number of a 256-bits in length. It can be defined through a function in MIRACL that calculates this prime number based on the points in a finite field. 4 Proposed Approaches The proposed VID frameworks either based IBE or PBE are considered to cope with the recent security challenges over Internet. For anonymous communications in general, and anonymity concept in particular, the VID can assure anonymous access to many applications provided by different cloud service providers. This will be done as shown in the VID framework design concept in Fig. 1. The main three entities in the proposed VID framework are: – U: as a user asked for the service accessing. – SP: as a service provider entity for delivering the services. – PKG: as a Private Key Generator node that is responsible for generating a dynamic VID according to the service type accessed by a user. As shown in Fig. 1, one main identity of a user can be used to generate different identities for accessing many services. This VID concept could be achieved through login to the PKG in order to map the created identity for each requested service. This PKG node is a common structure in the design and calculation concepts of both IBE & PBE VID solutions. But, the exchanges for each one are different due to the way Fig. 1 The IBE & PBE virtual identity framework 13 3470 I. Gomaa et al. of VID creation. We assumed that a centralized Trust Authority (TA) node acts as a PKG server. But, of course, the anonymous communication is not anonymous to this TA entity. 4.1 IBE Approach IBE is a well-know direction of IBC technology as early introduced in [20]. In this section, we present the IBE security requirements scenario. Moreover, we highlight the anonymous communication context using IBE protocol as shown in Fig. 2 with the following steps: IBE protocol sequence of implementation: – First, we choose a specific curve E over a finite field of order (n) as (n) is a large prime number (GF (n)). – Second, we select a randomized generated point (P) on the curve. This point will act as a base point of (E), while (q) as an order of (P). – After that, we use an ECDSA: “Elliptic Curve Digital Signature Algorithm” for the key and signature generation besides signature verification through the IBE-based VID creation and verification process. This ECDSA used an “Elliptic Curve Discrete Logarithm Problem” (ECDLP) that described as: Given: P ∈ E(GF(n)) and q = a ∗ p then, find: a ∶ (1 ⩽ a ⩽ n). As we mentioned before, the elliptic curve chosen is: (y2 = x3 + ax + b mod n) as (n) is big prime number of 256-bits in length. For (a), and (b), their values can be estimated during the security functions execution in MIRACL. As shown in Fig. 2, the IBE model is mapped in six messages that developed in .cpp code files using MIRACL library. We selected the appropriate parameters for the chosen elliptic curve equation such as a, b ∈ GF(n) satisfy 4a3 + 27b3 ≠ 0 (mod n), as we assumed first GF(n) > 3. Also, as known for ECC, all points on the curve must define a finite filed with their number as prime numbers. To conform with this condition, both (a) and (n) are fixed in the equation of elliptic curve so, (b) will be chosen to match the same condition. For calculating a number of points in the finite field, MIRACL function is used. Fig. 2 IBE workflow model 13 Automated Security Assessment for IDaaS Framework 3471 Fig. 3 ECPG() Fig. 4 EcdsaKgen1(): Elliptic Curve Digital Signature Algorithm Key Generation In order to generate the ECC point, we developed an (ECPG(): Elliptic Curve Point Generation) algorithm shown in Fig. 3. 4.1.1 System Setup This phase has two steps as follows: 1. The user (U), first sends his/her User ID:(UID ) and the Requested Service: (Ser) to the PKG node. This PKG is responsible of anonymous communication in the system. Of course this anonymity is not target the PKG as it represents the TA entity in the framework. 2. The PKG is responsible for generating its main parameters like the Master Secret key (S). This key will be used for generating the user’s Private Key, and other system parameters like n as a big prime number, the order q and the generator point P, all using the Public Key of the PKG. 4.1.2 THE KEY EXTRACTION PHASE After the (UID) and the (Ser) received by the PKG, it will generate its parameters and keys as clear in the system setup phase shown in Fig. 4. It computes the (EcdsaKgen1()) Algorithm to generate the user’s main parameters like VID, the UP, and the UD. 4.1.3 Signature Generation As shown in message (2) in Fig. 2, the user can receive his main parameters like UD, UP and VID from the Private Key Generation. Then he/she runs EcdsaSign (VID, UD) as in Fig. 5 to calculate the virtual identity signature as (SVID). 13 3472 I. Gomaa et al. Fig. 5 EcdsaSign (VID, UD) 4.1.4 Signature Verification As soon as the user login to the Service Provider (SP) using message (3) shown in Fig. 2, the SP will ask the PKG about the Public Key to verify the received signature (SVID). Afterward, it executes the algorithm EcdsaVer (VID, UP) shown in Fig. 6 for this verification step of virtual identity’ signature (r, s). 4.1.5 Future Communication Encryption After the signature verified successfully, the service provider generates the Ks (Shared Secret Key) that will be used for confidentiality of all communications between them. Future communication can be encrypted as shown in Fig. 7 using (Ks) by the algorithm EcdhEncrypt(m). The resulting cipher text c can be decrypted to obtain the original message (m) using EcdhDecrypt(c) algorithm shown in Fig. 8. 4.2 Pseudonym Based Encryption (PBE) Approach The anonymous communication workflow for PBE is introduced in Fig. 9. This mechanism was firstly introduced as a key management protocol for mobile ad-hoc networks [21]. In PBE scenario, the user calculates his own VID as a pseudonym. While the PKG is responsible for computing the user’s Private Key using the Master Secret key S of the trusted point TA. Fig. 6 EcdsaVer (VID, UP): Elliptic Curve Digital Signature Algorithm Signature verification 13 3473 Automated Security Assessment for IDaaS Framework Fig. 7 EcdhEncrypt (m) Fig. 8 EcdhDecrypt (c) Fig. 9 PBE workflow model In the following subsections, we briefly describe the PBE scenario steps as follows: 4.2.1 System Installation Fig. 9 introduces the system setup, the user transmits UID, Ser, VID and the UP to the PKG. In this case, the PKG is responsible for user’s Private Key generation in anonymous way except for the Trusted Authority (TA). 4.2.2 Key Extraction Given the UID: the User ID, the Ser: as the Requested Service, the VID: Virtual ID, the UP: the Public Key, and k is a random value used to compute: 13 3474 I. Gomaa et al. 1. The UP of the user Public Key by the formula: UP = K ∗ P (where P is considered as a point on the curve). 2. The UD as UD = S ∗ UP (where S is the server’s Master Secret key). 3. The Virtual Identity VID (VID = pseudonym). After the user finishes his main parameters and keys generation, he executes the (EcdsaKgen2()) algorithm. This algorithm is used for generating the users’ public and private keys as detailed in Fig. 10. 4.2.3 Signature Generation In this step, the user singes his VID using a UD derived in the previous step to finally have the signature (SVID) through Algorithm 3, EcdsaSign (VID, UD) shown in Fig. 5. 4.2.4 Signature Verification The Service Provider (SP) executes Algorithm 4, EcdsaVer (VID, UP) as shown in Fig. 6 in order to verify the login user’s virtual identity. 4.2.5 Encrypt Future Communication The same sequence as in IBE: in case of the signature verification succeeded, then, the SP generates the Shared Secret Key (Ks) that will be used for confidentiality of all communications between the two entities (i.e. User and SP). Future communication can be encrypted as shown in Fig. 7 using (Ks) by the algorithm EcdhEncrypt(m). The resulting cipher text (c) can be decrypted to obtain the original message (m) using EcdhDecrypt(c) algorithm shown in Fig. 8. 4.3 Comparison Study with Related Works Public key cryptography based solutions like IBC (Identity Based Cryptographic) are asymmetric key cryptographic techniques. Through them, the user Public Key (UP) will act as a user’s identifier. Then, the corresponding Private key (UD) is created by pairing the main identifier with a system master (secret) key as explained in [23]. Hence, they used later as perfect solutions for anonymous communications. However, the proposed solutions ensure the security level that can prevent many types of attacks, they can also Fig. 10 EcdsaKgen2() 13 3475 Automated Security Assessment for IDaaS Framework guarantee Confidentiality, Integrity, and Non-Repudiation as will be detailed in the next sections (Sects. 5 & 6). The proposed algorithms introduced two novel contributions; anonymity and dynamicity. By hiding the main identity, Anonymity is achieved. By recording timestamps for each login to the same service, The dynamicity is achieved. the calculated timestamp will be used to generate a new identity each time. For MIRACL implementation results, we used a desktop machine with an Intel Core 2 Duo processor CPU E8400 @ 3.00GHz x 2, Memory (RAM) 4G under Linux Ubuntu version 12.10. During this implementation, we compute the processing time taken by each scenario either IBE or PBE to generate the dynamic identity. The overall messages for IBE consumed around 0.05 Sec while for PBE around 0.045 Sec. Tables 1 and 2 listed the captured processing times for IBE and PBE during their validations in MIRACL library. The messages ID are shown before for IBE workflow in Fig. 2 and PBE workflow in Fig. 9 respectively. To cope with cloud computing nature, Table 3 presents a large number of users’ access. To address the scalability, the execution times are calculated and shown in this table. By evaluating the time needed to create the VID for different numbers of users, we can ensure that the proposed algorithms are feasible in distributed environments. The Table 1 IBE processing times Table 2 PBE processing times Message ID Source 1 U Depends on Processing time (sec) PKG Beginning N/A 2 PKG 3 U 4 SP 5 PKG 6 SP Six messages total U SP PKG SP U ID:1 ID:2 ID:3 ID:4 ID:5 0.034 0.004 0.0015 0.0015 0.009 0.05 Message ID Source Destination Depends On Processing Time (sec) 1 U 2 U 3 SP 4 PKG 5 SP Five messages total Table 3 IBE and PBE scalability Destination PKG ID:1 0.0265 SP PKG SP U ID:2 ID:3 ID:4 ID:5 0.0065 0.0015 0.0015 0.009 0.045 No of users VID creation time IBE VID creation time PBE 1000 40 S 32 S 5000 10000 50000 200 S 400 S 2000 S 160 S 320 S 1600 S 13 3476 I. Gomaa et al. virtual identity creation for the PBE provides a short time because of the limited number of messages used. (five instead of six for IBE). For real implementations, many parameters are required like caching technique, queuing algorithms, suitable QoS mechanisms and AntiDDoS device or feature to mitigate against Distributed Denial of Service attack. We considered the time stamp for the login to help in preventing any reverse process something like Perfect Forward Secrecy (PFS) feature used in public keys security algorithms. 4.4 Proposed Protocols Security Analysis This part will highlight the security analysis of our algorithm while creating virtual identities. Hackers could not see and use the login details because the user login will be authenticated in the initial phase using HTTPS or SSL which is the login phase out of our work. In this layer, the user will use his secure mail information to login first. Of course to login as example using the access mail: [email protected] and password is a secure enough by all service providers. Then, according to the Context Aware System (CAS), which is a part of our management server as Trusted Authority is part of our PKG server, we can customize the context vector relevant to this user to prevent attack to hijack the session after the authentication phase at the login. This customization is mainly depending on four types of context information, as follows: – User Context: The information concerns the user location or any information concerning user itself. – Network Context: The information concerns the environment like network parameters and QoS. – Service Context: The information concerns the service adaptation and its delivery status, coding, definitions like: High Definition, Standard Definition or other resolutions. – Terminal Context: The information concerns the device capabilities and its screen resolution like: iPhone, Galaxy, laptop, ipad. Moreover, the Perfect Forward Secrecy (PFS) feature in our secure public algorithms used during the generation phase of VID will prevent any session hijacking from the hackers to generate an identity for any invalid user information. 4.5 Virtual Identity Calculation and Overhead Analysis We added the (PKG) in our Virtual Identity scenarios as part of authentication system of service providers as shown in both IBE & PBE workflows. Moreover, we assumed the following PKG parameters while generating the VID; (q=160-bit, p=256-bit, P=512-bit point, 512-bit Point Ppub, 160-bit secret S and 512-bit cube root of unity in Fp). The ECC key lengths outperform the Rivest Shamir Adleman (RSA) key lengths as if the key for ECC is equal to 256-bit, then for equivalent RSA key length will be 3072-bit long, it was proven that ECC used shorter key lengths comparing to RSA Algorithm in the standards. Therefore, our calculated VID size is 160 bits. For the execution time of each entity, Table 4 ensures that the execution time of the proposed algorithms is feasible in real anonymous environments. From our analysis, we believe that IBE and PBE performance is the most vital aspect that can affect the deploying of our solutions. The identity based cryptography is also more 13 3477 Automated Security Assessment for IDaaS Framework Table 4 Execution time of main entities as captured during Miracle implementations Entity Required Time (IBE) Required Time (PBE) user (U) 4 msecs 33 msecs PKG Service Provider (SP) 35.5 msecs 10.5 msecs 1.5 msecs 10.5 msecs securing using 160-bits key. The global performances of our solutions need to include the network interaction between the entities (user, PKG, and service provider) and this is what we included in our analytical solution for both IBE & PBE approaches [22]. 5 IBE and PBE Security Analysis using AVISPA Hereinafter, we are going to detail our previous validation for the security measures of our proposed schemes [24]. AVISPA tool will be used for an automated validation of the proposed schemes to detect the vulnerabilities in either IBE or PBE stages of development. AVISPA utilizes a group of applications for investigating formal approaches of security schemes. AVISPA incorporates different back-ends that do an assortment of programmed convention examination methods. Exploratory outcomes, completed on a vast library of Internet security schemes, demonstrate that the AVISPA is a best in class instrument for Internet security convention examination. AVISPA architecture is delineated in Fig. 11. A client cooperates with AVISPA by determining a security issue (approach combined with a security property that it is required to accomplish) in the High Level Protocol Specication Language (HLPSL). The HLPSL is an expressive, measured, job-based, formal dialect that takes into account the specication of information structures, control-stream designs, diverse cryptographic operators and their logarithmic properties, elective enemy models, and additionally complex security properties. These highlights enable one to determine conventions in HLPSL without depending on explicit procedures to rearrange the conventions first, as is regularly required in more Fig. 11 AVISPA Architecture [5] 13 3478 I. Gomaa et al. fragile methodologies. The AVISPA naturally deciphers (by means of the HLPSL2IF Translator) a client characterized security issue into an equal detail written in the modify based formalism IF (Intermediate Format). IF specifications are input to four diverse back-ends utilized which are OFMC (On-thefly Model-Checker), CLAtSe (CL-based Attack Searcher), SATMC (SAT-based Modelchecker), and TA4SP (Tree-Automata-based Protocol-Analyser). The back-ends are reciprocal rather than equivalent. In this manner, the yield of the back-ends may contrast. Every single back-end accept impeccable cryptography, which implies that attacker can’t settle encryption without the learning of the entire key. The transmission channel is thought to be controlled by a Dolev Yao attacker. This implies, the attacker has fundamentally full command over the channel. 5.1 IBE scheme Security Evaluation 5.1.1 IBE scheme CAS+ code The CAS+ (Central Authentication Service) language developed for the easy verification and specification and security schemes. The CAS+ objective is to write code as simple as CASRUL [25], in addition to, specifications as accurate as HLPSL [26]. Therefore, we will use the CAS+ code for writing HLPSL specifications. Figure 12 introduces sample of IBE scheme CAS+ code. 5.1.2 HLPSL code and MSC for IBE scheme SPAN (the Security Protocol ANimator for AVISPA) used to translate the specifications of CAS+ to HLPSL. the IBE.cas file loaded to SPAN to generate HLPSL file. We can examine the generated HLPSL code and view it. As usual, we can also simulate the tested protocol using “Protocol simulation”. In HLPSL, we specified the group of activities of a basic role (all kinds of protocol participant) in a module. This detail can be reproduced by at least one operators that assuming the given role. The resulting participants communicate with one another by grouping different fundamental roles into a created role. Each basic role describes parameters, initial state, and transitions. The following syntax, Fig. 13, introduces sample of the HLPSL code for the IBE scheme. The last job to be announced in a HLPSL code which contains a creation of at least onesessions and global constants, where the threat actor may play a few roles as an authentic user. In addition, a statement defines the intruder initial knowledge. This includes all public Fig. 12 Sample of CAS+ Code for IBE scheme 13 Automated Security Assessment for IDaaS Framework 3479 Fig. 13 Sample of HLPSL Code for IBE scheme keys, the names of all agents,any keys he shares with others, the intruders’ own private key and all publicly known functions. Finally, the goals of the protocol declared. Figure 13 displays sample of HLPSL-specification of the IBE scheme. Thus, a Message Sequence Chart (MSC) for IBE can be created. Figure 14 shows that the only one message sending between the U and PKG. Double click on this event. The event disappears from the incoming events list and appears in the MSC, Fig. 15 introduces the complete MSC for IBE protocol. 5.1.3 IF code for IBE scheme IF gives low dimension specs of plans and their properties which are reasonable for examination. Along these lines, it supplies an interface for the future association of different apparatuses to AVISPA. The following syntax, Fig. 16, provides a sample of the IF format for IBE scheme. 5.1.4 Intruder simulation for IBE scheme Intruder follows can likewise be seen progressively clear configuration, Message Sequence Chart (MSC) organize, Fig. 17 demonstrates an attack follow as an MSC. Fig. 14 Initial MSC simulation window for IBE scheme 13 3480 I. Gomaa et al. Fig. 15 The complete MSC for IBE scheme Fig. 16 IF format for IBE scheme Fig. 17 An attack trace for IBE scheme From one perspective, it is imperative to have the capacity to identify every single attack, yet then again, many sort imperfection threats are of minimal significance as genuine usage of security conventions regularly implement straightforward instruments that reject their appropriateness [27]. In this manner, it is crucial that the two models are considered amid investigation. 13 Automated Security Assessment for IDaaS Framework 3481 Fig. 18 Results of OFMC Backend for IBE scheme Fig. 19 Results of CL-AtSe Back-end for IBE scheme 5.1.5 Results of Back‑ends for IBE scheme As mentioned before, AVISPA coordinates four distinctive back-ends. It implies a substance that inputs an arrangement of IF dialect does investigation and makes the examination yield. 1. Results of OFMC Back-end: The OFMC (On the fly Model Checker) investigates the change framework that predetermined by the IF code to carry out both scheme session verification and scheme falsification. Figure 18, proves that the IBE scheme is safe. 2. Results of CL-AtSe Back-end: The Constraint-Logic-based Attack Searcher carries out both scheme verification and falsification for certain number of sessions. Figure 19, introduces the results of CL-AtSe back-end for IBE scheme which prove that there is no attack found in IBE Scheme. 3. Results of SATMC Back-end: The SAT-based Model-Checker reduces the input problem issues to groups of invocations to the state of the art SAT solvers. Figure 20, presents the results of the SATMC back-end for the IBE scheme which ensures that IBE protocol does not contain vulnerabilities. However, Fig. 30 introduced that the TA4SP back-end is not supported. 13 3482 I. Gomaa et al. Fig. 20 Results of SATMC Backend for IBE scheme 5.2 PBE scheme Security Evaluation The pseudonym is used to compute the VID in this scheme as detailed before. The user Computes its UD without transmit it to the private key generator. The private key generator will compute the user’ private key depends on the secret master-key of the private key generator. Therefore, The PKG plays as an authority which authorizes the user who has the UD corresponding to the public key (UP). 5.2.1 PBE scheme CAS+ code HLPSL specifications for PBE scheme will be written using the CAS+ syntax. Figure 21, introduces sample of PBE scheme CAS+ code. 5.2.2 HLPSL code and MSC for PBE sheme As mentioned before, SPAN introduces a last tool that help to obtain HLPSL code from the CAS+ specifications. Once we loaded the PBE.cas file, we can generate HLPSL code for PBE scheme. The syntax shown in Fig. 22 introduces a sample of the PBE scheme HLPSL code. To create a MSC for PBE, in the rightmost window, the MSC for PBE under construction and on the leftmost part the “Incoming events” window gives the list of all the incoming messages. Figure 23, shows that the only one message sending between the U and the PKG. we can control the incoming events to appear in the MSC area or disappear Fig. 21 Sample of CAS+ Code for PBE scheme 13 Automated Security Assessment for IDaaS Framework 3483 Fig. 22 Sample of HLPSL code for PBE scheme Fig. 23 Initial MSC simulation window for PBE sheme Fig. 24 The complete MSC for PBE scheme 13 3484 I. Gomaa et al. Fig. 25 IF format for PBE scheme Fig. 26 An attack trace for PBE scheme to returned back as incoming events. Figure 24, introduces the complete MSC for PBE scheme. 5.2.3 IF code for PBE scheme The low level description of PBE scheme introduces using IF code. Therefore, PBE scheme became ready for automatic analysis. The following syntax, Fig. 25, is sample of the IF code for PBE scheme. 5.2.4 Intruder simulation for PBE scheme Attack traces for PBE scheme can be viewed as a more readable format using MSC. Figure 26, shows the same attack trace presented in MSC chart. 5.2.5 PBE scheme Back‑ends In this section, PBE scheme four back-ends results are introduced. 1. Results of OFMC Back-end: OFMC back-end models an intruder who is performing a weak passwords guessing attack and cryptographic operators algebraic specification properties. From Fig. 27, PBE scheme is safe. 13 Automated Security Assessment for IDaaS Framework 3485 Fig. 27 Results of OFMC Backend for PBE scheme 2. Results of CL-AtSe Back-end: CL-AtSe is implemented in a modular way. Therefore, it will be used for handling XOR operators’ properties and cryptographic operators’ algebraic specifications properties. Figure 28, presents the results of the CL-AtSe back-end for the PBE scheme which ensures that there are no vulnerabilities in this scheme. 3. Results of SATMC Back-end: SATMC back-end forms a propositional formula encoding a limited unrolling of the specification of transition relation using the initial state, the IF code, and the group of states introducing vulnerabilities of the security scheme. Figure 29, presents the results of this back-end for the PBE scheme. No attacks found in the PBE scheme according to the introduced results. However, the fourth back-end, TA4SP, is not supported as shown in Fig. 30. Fig. 28 Results of CL-AtSe Back-end for PBE scheme Fig. 29 Results of SATMC Backend for PBE scheme 13 I. Gomaa et al. 3486 Fig. 30 Results of TA4SP backend for PBE scheme 6 Proposed schemes Costs and Security Analysis In the following section, some comparisons between the proposed algorithms and the existing similar approaches cited in [17–19], and [15]. Moreover, security analysis comparison between the proposed algorithms and the related works are introduced. First of all, we used computational and communication total cost as the criteria of the evaluation. The computational cost comparison introduced in Table 5. we defined the notations TH ; TM ; TX ; to denote respectively to the one-way hash function, the operation of XOR, and the function of multiplication . The total cost introduced in table 5 for the proposed algorithms is less than the total cost of the related works. Therefore, the proposed approaches are faster than others due to the small computational cost. In Table 6, the communication cost comparison between the proposed algorithms and the related works are held. As shown, despite the total exchanging messages in the related works, Shummuganathat et al. algorithm [17], Jingarala et al. algorithm [18], Sahoo et al. algorithm [19], and Kaur et al. algorithm [15] are small, the proposed algorithms introduces total cost better than the mentioned works. Table 7 introduces the AVISPA Back-ends comparison for the proposed algorithms with other related works. As shown, the proposed algorithms passed three out of four AVISPA back ends (SATMC, OFMC,TA4SP and CL-AtSe). However, two out of three of the related works contain some vulnerabilities [19]. In addition, one of them passed two only AVISPA back-ends [19]. Hence, the proposed algorithms are considered safer than related works. Table 5 Computational cost comparison Approach Registration and login phase Authentication phase Total cost [17], 2015 7 TH + 3 TX 10 TH + 7 TX 17 TH + 10 TX [18], 2017 [19], 2018 [15], 2019 IBE PBE 8 TH + 6 TX 8 TH + 6 TX 2 TH + 4 TM 1 TH + 1 TX + 6 TM 1 TX + 5 TM 14 TH + 6 TX 12 TH + 4 TX 6 TH + 7 TM + 6TX 1 TH + 4 TM 1 TH + 4 TM 22 TH + 12 TX 20 TH + 10 TX 8 TH + 6 TX +11 TM 2 TH + 1 TX +10 TM 1 TH + 1 TX +9 TM 13 3487 Automated Security Assessment for IDaaS Framework Table 6 Communication cost comparison Approach Total number of messages for registration, login and authentication phases Shunmuganathan et al. [17], (2015) 3 Jingarala et al. [18], (2017) Sahoo et al. [19], (2018) Kaur et al. [15], (2019) IBE (Proposed) PBE (Proposed) 3 3 7 5 4 Table 7 Security comparison Scheme AVISPA back ends OFMC CL-AtSe SATMC TA4SP [17], 2015 Vulnerable to replay attack, know key attack, card loss, forgery attack, denial of service attack and reparability attack. [18], 2017 Vulnerable to replay, user impersonation, and forgery attacks. Pass Pass – – Pass Pass Pass Not Supported Pass Pass Pass Not Supported [19], 2018 IBE PBE 7 Conclusion In this work, the framework of a new dynamic identity (VID ) solution is presented through different phases. The first phase targeted the solution design and the whole protocol message exchanges either using IBE or PBE. Both of them are IBC solutions using ECC technique for increasing the security levels and reducing the computations overhead. Then, in the second phase, we implemented the solutions in a security environment MIRACL in order to validate both of them as a cloud based solutions. The results indicated that the proposed solutions are feasible in such kind of environments. Third phase has focused on testing the vulnerabilities in the proposed protocols by exposing them to some designed attacks using AVISPA tools. The testing results gave a good indication about the protocols robustness against some known attacks (safe). Finally, and according to the conducted comparisons with the relevant solutions proposed before in dynamic identity, our IBE and PBE solutions outperform them either in the security merits or the execution performance costs. In the future direction, we will study how to integrate the proposed (VID ) solutions in a running cloud environment. References 1. TechVision Reserch report, The Future of Identity Management (2018-2023), Available Online: (Last Access: June 2020) 2. Gomaa, I. A., & Abd-Elrahman, E. (2015). A novel virtual identity implementation for anonymous communication in cloud environments. Procedia Computer Science, 63, 32–39. 13 3488 I. Gomaa et al. 3. MIRACL Library. [Avilable Online June 2020]. https://libraries.docs.miracl.com/ 4. Aranha, D., Barreto, P., Pereira, R., & Ricardini, J. (2020). A note on high-security general-purpose elliptic curves. https://eprint.iacr.org/2013/647.pdf [Avilable Online June 2020] 5. AVISPA. [Avilable Online June 2020]. http://www.avispa-project.org/ 6. Boneh, D., & Franklin, M. (2003). Identity-based encryption from the weil pairing. SIAM Journal on Computing, 32(3), 586–615. 7. Huang, D. (2007). Pseudonym-based cryptography for anonymous communications in mobile ad hoc networks. International Journal of Security and Networks, 2(3–4), 272–283. 8. Chaum, D. L. (1981). Untraceable electronic mail, return addresses, and digital pseudonyms. Communications of the ACM, 24(2), 84–90. 9. Danezis, G., Dingledine, R., & Mathewson, N. (2003). Mixminion: Design of a Type III Anonymous Remailer Protocol. In Proceedings of the 2003 IEEE Symposium on Security and Privacy (pp. 2–15). DC, USA: Washington. 10. Syverson, P. F., Goldschlag, D. M., & Reed, M. G. (1997). Anonymous connections and onion routing. In Proceedings of the 1997 IEEE Symposium on Security and Privacy (pp. 482–494). DC, USA: Washington. 11. Reiter, M. K., & Rubin, A. D. (1997). Crowds: Anonymity for Web Transactions. ACM Transactions on Information and System Security, 1, 66–92. 12. Chaum, D. (1988). The dining cryptographers problem: Unconditional sender and recipient untraceability. Journal of cryptology, 1(1), 65–75. 13. Ren, J., Harn, L., & Li, T. ( 2007). A novel provably secure anonymous communication (PSAC) scheme. In International Conference on Wireless Algorithms, Systems and Applications (WASA 2007), 2007, (pp. 275–280). 14. Yao, Y., Chang, X., Misic, J., & Misic, V. B. (2020). Lightweight and privacy-preserving ID-as-a-service provisioning in vehicular cloud computing. IEEE Transactions on Vehicular Technology, 69(2), 2185–2194. 15. Kaur, K., Garg, S., Kaddoum, G., Guizani, M., & Jayakody, D. N. K. (2019). A lightweight and privacy-preserving authentication protocol for mobile edge computing. In 2019 IEEE Global Communications Conference (GLOBECOM) (pp. 1–6). HI, USA: Waikoloa. 16. Vo, T. H., Fuhrmann, F. W., Fischer-Hellmann, K. P., & Furnell, S. (2019). Identity-as-a-service: An adaptive security infrastructure and privacy-preserving user identity for the cloud environment. Future Internet, 11(116), 1–25. 17. Shunmuganathan, S., Saravanan, R. D., & Palanichamy, Y. (2015). Secure and efficient smart-cardbased remote user authentication scheme for multiserver environment. Canadian Journal of Electrical and Computer Engineering, 38(1), 20–30. 18. Jangirala, S., Mukhopadhyay, S., & Das, A. K. (2017). A multi-server environment with secure and efficient remote user authentication scheme based on dynamic ID using smart cards. Wireless Personal Communications, 95(3), 2735–2767. 19. Sahoo, S. S., Mohanty, S., & Majhi, B. (2018). An improved and secure two-factor dynamic ID based authenticated key agreement scheme for multiserver environment. Wireless Personal Communications, 101(3), 1307–1333. 20. Rivest, R. L., Shamir, A., & Tauman, Y. (2001). How to Leak a Secret. In Advances in Cryptology ASIACRYPT 2001 (pp. 552–565). Berlin, Heidelberg: Springer. 21. Huang, D. (2007). Pseudonym-based cryptography for anonymous communications in mobile ad hoc networks. International Journal of Security and Networks, 2(3–4), 272–283. 22. Gomaa, I., Said, A., Abd-Elrahman, E., Hamdy, A., & Saad, E. (2017). Performance evaluation of virtual identity approaches for anonymous communication in distributed environments. Procedia Computer Science, 109, 710–717. 23. Moller, B. (2003). Provably secure public-key encryption for length-preserving chaumian mixes. In Proceedings of the 2003 RSA Conference on The Cryptographers’ Track (pp. 244–262). Heidelberg: Berlin. 24. Gomaa, I. A., Hamdy, A., Saad, E. M., & Abd-Elrahman, E. (2017). Security assessment of virtual identity approaches. In 2017 International Conference on Electrical and Computing Technologies and Applications (ICECTA) (pp. 1-5), Ras Al Khaimah. 25. Jacquemard, F., Rusinowitch, M., & Vigneron, L. (2000). Compiling and verifying security protocols. In Proceedings of LPAR 2000, LNCS 1955, (pp. 131–160), Springer 26. Vigano, L. (2006). Automated Security Protocol Analysis With the AVISPA Tool. Electronic Notes in Theoretical Computer Science, 155, 61–86. 27. Heather, J., Lowe, G., Schneider, S. (2000). How to prevent type flaw attacks on security protocols. In CSFW’00 (pp. 255), Chicago: IEEE Computer Society Press. https://doi.org/10.1145/352600.352607. 13 Automated Security Assessment for IDaaS Framework 3489 Publisher’s Note Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations. Ibrahim Gomaa received the B.Sc. degree in Electrical Engineering (Communication section), from Cairo University, Egypt, (2002), the M.Sc. degree In Electronics Engineering (Computers and Systems Department), from Helwan University and National Telecommunication Institute, Egypt (2011). In (2014), he joined Helwan University to complete PhD degree in Computer Science. Actually, he spent 13 years (2005-2018) as a network security administrator at National Telecommunication Institute, Cairo, Egypt. His current research interests include Information Security, network security, Virtualization and Cloud Computing, Big-data science, Internet of Things. Now, he is an assistant professor at National Telecommunication Institute, Cairo, Egypt (from June-2019). Emad Abd‑Elrahman received the B.Sc. degree in Electronics Engineering, from Mansoura University, Egypt, (1999), the M.Sc. degree In Electronics Engineering (Computers and Systems Department), from Mansoura University and National Telecommunication Institute, Egypt (2004). In (2008), he joined the university of UPMC-France (Paris-6) and IMT (Institute Mines-Telecom) Telecom SudParis where he obtained the PhD thesis degree in Computer Science and Telecommunication (2012). Actually, he spent three years (2014-2016) as a guest researcher at RST Department in Telecom SudParis (IMT)-CEA Saclay- France. His current research interests include Networking, Optimization, Multimedia, Multi-Modal Traffic in ITS, Virtualization SDN/NFV and Cloud Computing. He is involved in many European and French projects like UP-TO-US, DVD2C and CA-ITS. Now, he is an Associate Professor at National Telecommunication Institute, Cairo, Egypt (from Jan-2018). Alaa Hamdy received his M.Sc. degree in computer engineering from Helwan University in1996 and his PhD degree from the faculty of electrical engineering, Poznan University of technology, Poland in 2004. Currently he is an assistant professor at faculty of engineering, Helwan University. His research interests in the field of image processing, pattern analysis and machine vision. 13 3490 I. Gomaa et al. Elsayed M. Saad Professor of Electronic circuits, Faculty of Engineering, University of Helwan. B.Sc. Degree in Electrical Engineering (Communication section), Cairo University, 1967., Military service from Dec.1969, to Sept.1972, Pre-requisite courses for M.Sc. degree, Electronic & Communication Engineering Department, Jan.1974, Cairo University. Dip.-Ing. in Electrical Engineering, Stuttgart University, 1977. Dr.-Ing. in Electrical Engineering, Stuttgart University, 1981. International scientific member of the ECCTD, 1983. Member of the national Radio Science Committee. Author and/or coauthor of 188 Papers. Member of the Egyptian Engineering Syndicate. Member of the European Circuit Society (ECS) .Member of the Society of Electrical Engineering (SEE). Inventor of Saad’s single amplifier SC structure. Engineering Consultant for the Supreme Council of Universities, since August 2002. Member of Helwan University Council for Award of scientific Research. Judge for National Scientific Award (Egypt national Level). 13