Adaptive security architectural model for protecting identity federation in service oriented computing

Abstract With the tremendous growth of Internet and its related technologies, the Service Oriented Architecture (SOA) became a dominant paradigm shift for enterprise computing. In SOA, business functionalities are offered by many different Service Providers as services. In order to get served by different service providers, the client has to authenticate with those service providers at multiple times. Single Sign On (SSO) mechanism provides the client to login only one time so that access to different services is made possible without needing to re-authenticate. Here, the identity of the logged-in client is federated among the enterprise computing nodes. This is one of the simplest forms of federated identity. The goal of identity federation is to benefit ease of use, flexibility, productivity and reduced cost of the authentication process, but trust and security is a major concern in this situation. Major threats on federated identity management are due to identity misuse, identity theft, and trust deficit between identity providers and services providers. As of now, the Security Assertion Markup Language (SAML), Open Authorization (OAuth) and OpenID are the three important federated identity management standards in the industry. However, none of them is equipped by itself to provide comprehensive security protection for identity federation even within a single enterprise computing environment. In fact, these federated solutions result in additional security vulnerabilities due to their openness of identity federation. The security threats are becoming severe when federated identity is spanned into the inter-organizational and intra-organizational computing environment. This paper analyses the vulnerabilities and security gaps in the existing federated identity solutions. To overcome these gaps, an adaptive security architectural model is proposed for identity federation at inter and intra-organizational level using public key infrastructure that adheres to the SOA security standards and specifications. The proposed architecture is implemented and tested in a large-scale federated identity enterprise computing environment with security-centric financial data to acquire the desired results. A cross-sectional comparative analysis is done between existing and proposed solutions to validate the improvement in the protection of identity federation environment.

[1]  Nitin Naik,et al.  Securing digital identities in the cloud by selecting an apposite Federated Identity Management from SAML, OAuth and OpenID Connect , 2017, 2017 11th International Conference on Research Challenges in Information Science (RCIS).

[2]  Ju Chen,et al.  An Identity Management Framework for Internet of Things , 2015, 2015 IEEE 12th International Conference on e-Business Engineering.

[3]  Arvind Kumar,et al.  Applying Separation of Concern for Developing Softwares Using Aspect Oriented Programming Concepts , 2016 .

[4]  Jörg Schwenk,et al.  Do Not Trust Me: Using Malicious IdPs for Analyzing and Attacking Single Sign-on , 2014, 2016 IEEE European Symposium on Security and Privacy (EuroS&P).

[5]  Zekeriya Erkin,et al.  Enhancing User Privacy in Federated eID Schemes , 2016, 2016 8th IFIP International Conference on New Technologies, Mobility and Security (NTMS).

[6]  John C. Grundy,et al.  An Analysis of the Cloud Computing Security Problem , 2016, APSEC 2010.

[7]  David W. Chadwick,et al.  The Trusted Attribute Aggregation Service (TAAS) - Providing an Attribute Aggregation Layer for Federated Identity Management , 2013, 2013 International Conference on Availability, Reliability and Security.

[8]  Minhaj Ahmad Khan,et al.  A survey of security issues for cloud computing , 2016, J. Netw. Comput. Appl..

[9]  Sean Simpson,et al.  A Survey of Security Analysis in Federated Identity Management , 2016, Privacy and Identity Management.

[10]  Mohd Fadzil Hassan,et al.  CONSTRUCTION OF CUSTOMIZABLE SOA SECURITY FRAMEWORK USING ARTIFICIAL NEURAL NETWORKS , 2016 .

[11]  Joni da Silva Fraga,et al.  Architectural Model and Security Mechanisms for Cloud Federations , 2015, 2015 IEEE Trustcom/BigDataSE/ISPA.

[12]  Imran A. Zualkernan,et al.  Internet of things (IoT) security: Current status, challenges and prospective measures , 2015, 2015 10th International Conference for Internet Technology and Secured Transactions (ICITST).

[13]  Young-Sik Jeong,et al.  A survey on cloud computing security: Issues, threats, and solutions , 2016, J. Netw. Comput. Appl..

[14]  Azzam Sleit,et al.  Authentication Techniques for the Internet of Things: A Survey , 2016, 2016 Cybersecurity and Cyberforensics Conference (CCC).

[15]  Mohd Fadzil Hassan,et al.  Adaptive security architecture for protecting RESTful web services in enterprise computing environment , 2017, Service Oriented Computing and Applications.

[16]  MousannifHajar,et al.  Access control in the Internet of Things , 2017 .

[17]  Mohd Fadzil Hassan,et al.  A new customizable security framework for preventing WSDL attacks , 2015, 2015 International Symposium on Mathematical Sciences and Computing Research (iSMSC).

[18]  Deepak H. Sharma,et al.  Identity and Access Management as Security-as-a-Service from Clouds , 2016 .

[19]  Ming Zhu Li,et al.  A secure SSO protocol without clock synchronization , 2010, 2010 3rd International Conference on Advanced Computer Theory and Engineering(ICACTE).

[21]  Hajar Mousannif,et al.  Access control in the Internet of Things: Big challenges and new opportunities , 2017, Comput. Networks.

[22]  Dinesh Gopalani,et al.  Testing application security with aspects , 2016, 2016 International Conference on Electrical, Electronics, and Optimization Techniques (ICEEOT).

[23]  Audun Jøsang,et al.  Mathematical Modelling of Trust Issues in Federated Identity Management , 2015, IFIPTM.

[24]  Cheng-Chi Lee,et al.  A Secure and Efficient One-time Password Authentication Scheme for WSN , 2017, Int. J. Netw. Secur..

[25]  Anya Helene Bagge,et al.  Overcoming Security Challenges in Microservice Architectures , 2018, 2018 IEEE Symposium on Service-Oriented System Engineering (SOSE).

[26]  Adnan Masood,et al.  Static analysis for web service security - Tools & techniques for a secure development life cycle , 2015, 2015 IEEE International Symposium on Technologies for Homeland Security (HST).

[27]  M DurgaPrasanna,et al.  SSO-key distribution center based implementation using serpent encryption algorithm for distributed network (securing SSO in distributed network) , 2015 .

[28]  Muhammad Awais Shibli,et al.  Federated Identity Management (FIM): Challenges and opportunities , 2015, 2015 Conference on Information Assurance and Cyber Security (CIACS).

[29]  S. Veni,et al.  Improving privacy and trust in federated identity using SAML with hash based encryption algorithm , 2017, 2017 4th IEEE International Conference on Engineering Technologies and Applied Sciences (ICETAS).

[30]  D. Manivannan,et al.  A Classification and Characterization of Security Threats in Cloud Computing , 2016, Int. J. Next Gener. Comput..

[31]  Yi Mu,et al.  Dynamic Trust Model for Federated Identity Management , 2010, 2010 Fourth International Conference on Network and System Security.