Constructing authentication web in cloud computing

Cloud computing offers a cheap and efficient solution for the deployment of web applications. It results in a big increase of the number of service provider. Users hold multiple identities for using services from different domains. The openness of public clouds requires the authentication system to accept user identities from various domains and to support hybrid authentication protocols. This work proposes a cross-domain single sign-on mechanism to address the preceding issues and makes a formal mathematical model to analyze the security issues of the proposed mechanism's authentication architecture; furthermore, an algorithm is proposed to detect the authentication architecture's weak vertex whose failure would lead to a partial failure in the architecture. The proposed mechanism allows service providers to verify user identities in a decentralized way and allows users to unify their identities from various domains in a safe way. The verification process used in this mechanism is able to support hybrid authentication protocols as well as to accelerate the verification of credentials by eliminating single point of failure and single-point bottleneck. Copyright © 2015John Wiley & Sons, Ltd.

[1]  Sunil Kumar,et al.  Formal Verification of OAuth 2.0 Using Alloy Framework , 2011, 2011 International Conference on Communication Systems and Network Technologies.

[2]  Drummond Reed,et al.  OpenID 2.0: a platform for user-centric identity management , 2006, DIM '06.

[3]  Karsten P. Ulland,et al.  Vii. References , 2022 .

[4]  Alessandro Armando,et al.  Formal analysis of SAML 2.0 web browser single sign-on: breaking the SAML-based single sign-on for google apps , 2008, FMSE '08.

[5]  Pascal Urien An OpenID Provider Based on SSL Smart Cards , 2010, 2010 7th IEEE Consumer Communications and Networking Conference.

[6]  Rolf Oppliger Microsoft .NET Passport: A Security Analysis , 2003, Computer.

[7]  Yoshio Kakizaki,et al.  Identity Continuance in Single Sign-On with Authentication Server Failure , 2011, 2011 Fifth International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing.

[8]  Aviel D. Rubin,et al.  Risks of the Passport single signon protocol , 2000, Comput. Networks.

[9]  Dick Hardt,et al.  The OAuth 2.0 Authorization Framework , 2012, RFC.

[10]  Mihir Bellare,et al.  Entity Authentication and Key Distribution , 1993, CRYPTO.

[11]  Jan De Clercq,et al.  Single Sign-On Architectures , 2002, InfraSec.

[12]  Ian T. Foster,et al.  A National-Scale Authentication Infrastructur , 2000, Computer.

[13]  B. Lampson,et al.  Authentication in distributed systems: theory and practice , 1991, TOCS.

[14]  Martín Abadi,et al.  A logic of authentication , 1989, Proceedings of the Royal Society of London. A. Mathematical and Physical Sciences.

[15]  John T. Kohl,et al.  The Kerberos Network Authentication Service (V5 , 2004 .

[16]  Kilsoo Chun,et al.  A New Anti-phishing Method in OpenID , 2008, 2008 Second International Conference on Emerging Security Information, Systems and Technologies.

[17]  Chris J. Mitchell,et al.  A Taxonomy of Single Sign-On Systems , 2003, ACISP.

[18]  Birgit Pfitzmann,et al.  Analysis of Liberty Single-Sign-on with Enabled Clients , 2003, IEEE Internet Comput..

[19]  Scott B. Cantor,et al.  Shibboleth architecture draft v05 , 2002 .

[20]  Luis E. Anido-Rifón,et al.  Reverse OAuth: A solution to achieve delegated authorizations in single sign-on e-learning systems , 2009, Comput. Secur..

[21]  Arvind Kumar Sharma,et al.  Survey on Federated Identity Management Systems , 2010 .

[22]  A. Jøsang,et al.  User Centric Identity Management , 2005 .

[23]  Jörg Schwenk,et al.  Secure Bindings of SAML Assertions to TLS Sessions , 2010, 2010 International Conference on Availability, Reliability and Security.

[24]  Kirstie Hawkey,et al.  OpenID-enabled browser: towards usable and secure web single sign-on , 2011, CHI Extended Abstracts.

[25]  Seung-Hun Jin,et al.  The Security Limitations of SSO in OpenID , 2008, 2008 10th International Conference on Advanced Communication Technology.

[26]  Jörg Schwenk,et al.  Stronger TLS bindings for SAML assertions and SAML artifacts , 2008, SWS '08.

[27]  Xiaotie Deng,et al.  Universal authentication protocols for anonymous wireless communications , 2010, IEEE Transactions on Wireless Communications.

[28]  Rachna Dhamija,et al.  The Seven Flaws of Identity Management: Usability and Security Challenges , 2008, IEEE Security & Privacy.

[29]  Jason Goode The importance of identity security , 2012 .

[30]  Rolf Oppliger,et al.  Microsoft .NET Passport and identity management , 2004, Inf. Secur. Tech. Rep..

[31]  Yoshio Kakizaki,et al.  Identifier Migration for Identity Continuance in Single Sign-On , 2012, J. Information Security.

[32]  Randy H. Katz,et al.  Above the Clouds: A Berkeley View of Cloud Computing , 2009 .

[33]  A. Dudczak,et al.  Extending the Shibboleth identity management model with a networked user profile , 2008, 2008 1st International Conference on Information Technology.

[34]  Adi Shamir,et al.  Identity-Based Cryptosystems and Signature Schemes , 1984, CRYPTO.