Table 1 Known Attacks against Cloud IDMSs

Brute-force attack generally allows the attacker to gain unauthorized access to sensitive identity credentials of CSCs stored in an identity management server using different possible combinations for user ID and password. Dictionary attack is one example of brute force attack that might be launched against an IDMS if it fails to comply with international standards of strong password settings. Once successful, attacker intensifies their attack in an attempt to uncover the security holes or vulnerabilities of an IDMS. They analyze the server responses and manipulate them to achieve their malicious purposes (Almorsy et al. [2010]; Brute Force Attack; Kumaraswamy et al. [2010]; Meier et al. [2009]; O’Gorman [2003]; Ratha et al. [2001]; Yassin et al. [2012]).

Here the attacker steals a cookie containing valid session information along with the CSC’s identity credentials and reuses it to trick the identity management server into believing that a previously authenticated session is still ongoing and authentic. Through this attack method, attacker may get unauthorized access to victim’s (person whose credentials are stolen) confidential information other than Cloud services and resources (Meier et al. [2009]).

It refers to the unauthorized modification of data related to identification of CSC in an identity data-store at Cloud. These modifications may provide the attacker with an opportunity to transgress and damage the Cloud services and resources. This is the attack on the integrity of identity information stored at Cloud mainly due to the loopholes in access control systems (Angin et al. [2010]; Meier et al. [2009]; Ranchal et al. [2010]; Subashini and Kavitha [2011]; Thompson et al. [2006]).

DoS attack can be launched against an IDMS if it does not provide mechanisms for logging user activities. Since in a DoS attack, attacker overwhelms the Cloud identity management server with false authentication or authorization requests (malformed input data) and tries to either stop the service or consume all of its available resources so that it may not be able to process the legitimate user requests (Almorsy et al. [2010]; Meier et al. [2009]; Thompson et al. [2006]). Therefore, proper logging mechanisms are required to be ensured, so as to make the IDMS intelligent enough to detect and prevent such attacks.

This is the attack at communication level, when the Cloud identity management server and CSC exchange the identity credentials for authentication or authorization purpose. It refers to the unauthorized real-time interception and stealing of sensitive consumer information by the attacker either through listening or reading the un-encrypted sensitive data off the network (Bhadauria et al. [2011]; Jansen [2011]; Jansen and Grance [2011]; Jensen et al. [2009]; Meier et al. [2009]).

Privilege escalation attack involves legitimate subscribers of the IDMS with limited set of privileges. They illegitimately escalate their access rights by impersonating other CSC that has higher privileges than theirs in order to achieve their illicit objectives and may cause severe damage to the stored information (Meier et al. [2009]; Saripalli and Walters [2010]; Subashini and Kavitha [2011]; Thompson et al. [2006]).

It refers to the unauthorized copying or manipulation of identity tokens or credentials issued from the trustworthy authorities (such as CSP or government), with the intent to deceive or mislead the investigation if followed. Cloud based IDMS should be able to detect the forged identity by implying strict (two-factor) authentication mechanisms. Forged identities further help in committing fraud and identity theft and requires expert knowledge, exceptional skill-set and sometimes much greater effort than the benefits achieved (Chang [2003]; Choudhury et al. [2011]; Jensen et al. [2009]; Kumaraswamy et al. [2010]; Meier et al. [2009]; Nabeel et al. [2011]; Saripalli and Walters [2010]; Subashini and Kavitha [2011]; Thompson et al. [2006]; Zissis and Lekkas [2012]).

Identity theft refers to the stealing of someone’s identity (such as their name, personally identifiable information, or credit card number), with the intent to acquire Cloud resources or other financial benefits in that victim’s name. The victim of identity theft may undergo adverse consequences if they are held responsible for the actions of actual delinquent. In addition to this, identity theft further paves the way for many other crimes such as fraud and forgery (Angin et al. [2010]; Ranchal et al. [2010]).

An IDMS that neither ensures user-centricity (such as consistent user experience) nor provides logging & reporting mechanisms is considered to be more prone to luring attack. It is a more specialized form of privilege escalation attack, where the authorized service consumer unknowingly executes the attacker’s code fragment in a more privileged security context. More precisely, the adversary targets and ‘lures’ a high-privileged CSC to perform some illegal activities on their behalf (Angin et al. [2010]; Meier et al. [2009]).

IDMS that offers no support to user-centricity, strong password schemes and privacy preservation considerations is more vulnerable to phishing attack. Phishing is an act of acquiring CSC’s information such as name, passwords, social security number, bank account numbers and credit card details by redirecting the CSC to enter his particulars to some replica website whose look and feel is almost identical to the authentic one. Attacker manipulates the communication so that they may appear to be from a legitimate IdP to successfully lure the unsuspicious CSC (Angin et al. [2010]; Jansen [2011]; Jansen and Grance [2011]; Jensen et al. [2009]; Kumaraswamy et al. [2010]; Olden [2011]).

Replay attack occurs when an IDMS fails to ensure the security of identity credentials during their transmission. In a replay attack, adversary captures the valid identification information and retransmits it, possibly as part of impersonation attack. Unless mitigated, the IDMS subject to the attack, processes user request as an authentic message, resulting in a range of bad consequences, such as unauthorized disclosure of information followed by fraud, forgery and impersonation (Almorsy et al. [2010]; Choudhury et al. [2011]; Jansen [2011]; Jansen and Grance [2011]).

Repudiation attack occurs when the Cloud service consumer denies an action. In addition to this, the Cloud IDMS does not implement any controls to maintain service consumer activity logs so no proof exists to prove him accountable for his actions. Due to the absence of real-time tracking and activity logging mechanisms, service consumers can easily repudiate their malicious activities that they have actually performed on Cloud servers, such as unauthorized manipulation of data and forgery of identity credentials (Bertino and Takahashi [2010]; Thompson et al. [2006]; Yan et al. [2009]; Zissis and Lekkas [2012]).

An IDMS may fall victim to side channel attack if it does not follow the principle of federation and access control. As in the side channel attack, attacker steals the information (like session identifiers, timing information, OAuth tokens and electromagnetic leaks) from the physical implementation of a security system. Therefore, it is recommended to deploy a federated IDMS that stores the sensitive identity information in fragments across multiple servers in order to make it hard for the attacker to achieve his malicious objectives (Angin et al. [2010]; Bhadauria et al. [2011]; Jansen [2011]; Jensen et al. [2009]; Ranchal et al. [2010]; Zhou and Feng [2005]).

Since skimming is an attack method where criminals steal the sensitive information from authentication tokens (smart card). IDMS should be capable of ensuring strong encryption and secure distribution of identity credentials across multiple servers (Jacobs and Poll [2011]; Zissis and Lekkas [2012]).

Snooping attack permits the illegitimate collection of sensitive information such as identities, available services and network topology from an identity server in Cloud environment. Snooping is slightly different from eavesdropping since it includes more sophisticated surveillance techniques to intercept secret communications such as through remote activity and key-stroke (key-loggers) monitors (Donevski et al. [2013]; Salsano et al. [2002]).