Identity management in public clouds

In his PhD thesis, information scientist Bernd Zwattendorfer describes an expedient approach to secure identity management in public clouds that complies with data protection regulations. A key prerequisite are internationally recognized standards.

Bernd Zwattendorfer
Dipl.-Ing. Mag. Dr. Bernd Zwattendorfer, born in 1980, works at the Institute of Applied Information Processing and Communications (IAIK) of the Graz University of Technology

E-government makes life easier. Electronic agencies that are open 24 hours a day and seven days a week are to facilitate life for the citizens. However, as is usual for simple solutions, numerous complex issues have to be resolved beforehand.

The linchpin of communication with public authorities is the secure proof of one's own personal - in this case, electronic - identity. This works well within Austria based on the citizen card and mobile phone signature, but is next to impossible when you cross the electronic borders of the country.

Language barriers are not the only obstacles. "It is necessary to ensure cross-border interoperability between the different systems of the individual countries," explains Dipl.-Ing. Mag. Dr. Bernd Zwattendorfer of the Institute of Applied Information Processing and Communications (IAIK) of the Graz University of Technology.

"The EU Regulation on electronic identification and trust services adopted in 2014 clearly requires common rules for the internal market making sure that these systems understand each other not only in organizational but also in semantic and technical terms."

Bernd Zwattendorfer is one of the leading information and communication technology experts in this field in Austria. In the EU's Large Scale Pilot project "STORK", Zwattendorfer significantly contributed to the development and implementation of a framework for the cross-border recognition and processing of electronic identities.

At present, the researcher works at the e-Government Innovation Center (EGIZ). This joint initiative of the Austrian Federal Chancellery and IAIK supports the Federal Chancellery in further developing the national ICT Strategy and researches to develop technical innovations for e-government solutions.

TÜV Austria Science Award for PhD thesis

TÜV Austria Science Award
TÜV Austria Science Award 2015 - presentation on YouTube. Click on the image to see the video (in German only).

In his PhD thesis submitted in 2014 that received the TÜV Austria Science Award 2015, Bernd Zwattendorfer described how electronic identities can be processed in a secure way complying with data protection regulations across borders.

But that is not all: The scientist also explains how e-government solutions can be operated securely in public clouds. In a public cloud, abstracted IT infrastructures, i.e. data storage, computing capacity, network capacity or ready-to-use software, can be rented as a service and scaled as needed. The costs involved are very low in comparison with "real" infrastructure.

This is reason enough that public authorities are also interested in such solutions. For data protection reasons, it is understandably inacceptable that the provider can read the data stored in the cloud. "Of course, data of e-government solutions must be encrypted for storage in a public cloud," states Zwattendorfer. If recognized and suitable secure cryptographic technologies are applied, public clouds could be used for the secure management of identities in line with data protection regulations according to the ICT expert.

Standards for secure identity management

To ensure not only secure identity management compliant with data protection regulations but also cross-border interoperability - and all that in a public cloud - international conventions are needed. Such conventions are most effectively defined in standards.

For this reason, Bernd Zwattendorfer is also active in international standardization. Nominated for ISO/IEC JTC1/SC 27 by Austrian Standards, he develops international standards on "Identity Management und Privacy Technologies" in an international working group.

"Some standards already existed, but unfortunately they were not always suitable for the special requirements of e-government solutions. In particular, appropriate standards are not available specifically for the topic of identity management in clouds to date," Zwattendorfer explains why he takes part.

Pilot project to demonstrate application

In an EU call for innovative projects on secure authentication, the successful scientist was able to get a contract on an important research project. Building on his PhD thesis on secure identity management in clouds, Bernd Zwattendorfer and twelve European partner organizations jointly develop a related pilot in the EU project CREDENTIAL (Secure Cloud Identity Wallet) within the framework of Horizon 2020. This practical application is to demonstrate how cryptographic solutions can be integrated into existing identity management systems. To do so, an appropriate architecture is developed and evaluated in the pilot exercise.

For Zwattendorfer there is no question that this requires participation in the (international) standardization process. "To be able to work on complex topics, we need a common understanding - for example on the type and quality of the data exchanged or on how they are to be organized. I experience again and again how this can be done successfully in standardization bodies. All the stakeholders take part and state their concerns. In this collaborative form of co-operation, the group tries to describe the optimal solution for all parties involved in national or international standards."