Kuzminykh, I.Fliustikova, M.2020-05-262020-05-262019Kuzminykh I. Mechanisms of ensuring security in Keystone service / Kuzminykh I., Fliustikova M. // Проблеми телекомунікацій. – 2019. – Вип. 2(25). – С. 78-96. – Режим доступу: http://pt.nure.ua/wp-content/uploads/2020/02/192_kuzminykh_keystone.pdfhttp://openarchive.nure.ua/handle/document/11859User authentication is one of the most important aspects in the area of cloud services, followed by the storing of sensitive information about customers. A number of solutions exist for authentication, security, and privacy provisioning in cloud, while cloud identity management systems aim to simplify and harmonise access. This paper presents an investigation into the security problems associated with cloud identity and access management system (IAMS), using the Keystone identity service within OpenStack as an example. In order to analyse the existing challenges, the paper expands security provisioning into authentication management, authorization management, personal data protection, privacy and confidentiality, as well as logging and auditing and considers the security mechanisms required for any cloud IAMS for each one of these categories. The paper also investigates some of the existing and potential attacks against the Keystone service, then follows with recommendations and mechanisms for enhancing the security. The vulnerabilities in cloud IAMS show that most systems support at most a subset of security provisioning mechanisms or have their own flaws; in addition, there are no unified international standards in this cloud identity systems area for cloud and service providers. The identified list of attacks and the associated mitigation mechanisms will help to provide the identity and access management system with the protection of identity credentials in the cloud system. The provided results can help with further researching mechanisms aiming to ensure personal data confidentiality and integrity.ensecuritymechanismidentificationKeystonevulnerabilityArticle