Nickson M. Karie
ABSTRACT
Even though the cloud paradigm and its associated services has been adopted in various enterprise applications, there has been major issues with regard to authenticating users' critical data. Single Sign on (SSO) is a user authentication technique through which a server authenticates and allows a user to use a single aspect of login credentials, for example, to access multiple services in the cloud. Even though SSO reduces the number of logins that are needed over heterogeneous environments, the risk that might be associated with the security of SSO might be detrimental if, for example, a Man-in-the Middle (MITM) attacker manages to gain control of the SSO credentials. It is also possible to get the identity of the users who have logged into Active Directory or intranet and this identity can easily be used to log into other web-based applications, and this requires the use of the Security Assertion Mark-up Language (SAML). SAML is basically a standard that allows users to be logged into applications as per their sessions. The problem that this paper addresses is the lack of a proactive technique of hardening cloud-based SAML while combining SSO with a Multi-Factor Authentication (MFA) at the time of writing this paper. The authors have, therefore, proposed an effective approach that unifies SSO with MFA in this context. Based on the base score index conducted over Common Vulnerability Scoring System (CVSS), the architecture proves to be reliable, feasible and with better performance.
- Rouse, M and Teravainen, T. (2016). Single sign-on (SSO). Available at: http://searchsecurity.techtarget.com/definition/single-sign-on [Accessed 13th February, 2018]Google Scholar
- S. Jain, S. Kumawat, R. Kumar and S. Kumar, "National Conference on Computational and Mathematical Sciences," in COMPUTATIA-IV, 2014.Google Scholar
- S. O. Kuyoro, F. Ibikunle and O. Awodele, "Cloud computing security issues and challenges," International Journal of Computer Networks (IJCN), vol. 3, no. 5, pp. 247--255, 2011.Google Scholar
- F. Gens, "Wordpress," 17 December 2009. [Online]. Available: https://cloudintegration.wordpress.com/2009/12/17/idc-publishes-cloud-services-benefits-and-challenges/amp/. [Accessed 23 February 2018].Google Scholar
- C. T. S. Xue and F. T. W. Xin, "Benefits and challenges of the adoption of cloud computing in business," International Journal on Cloud Computing: Services and Architecture (IJJCSA), vol. 6, no. 6, pp. 1--15, 2016.Google ScholarCross Ref
- K. Kavitha, "Study on Cloud Computing Model and its Benefits, Challenges," International Journal of Innovative Research in Computer and Communication Engineering, vol. 2, no. 1, pp. 2423--2431, 2014.Google Scholar
- [M. Lebied, "The datapine Blog," 13 January 2017. [Online]. Available: https://www.datapine.com/blog/top-6-cloud-computing-challenges/. [Accessed 24 02 2018].Google Scholar
- K. Renaud, "Quantifying the quality of web authentication mechanisms: a usability perspective," Journal of Web Engineering, vol. 3, pp. 95--123, 2004.Google ScholarDigital Library
- D. C. Hardt, "Distributed hierarchical identity management system authentication mechanisms," ed: Google Patents, 2008.Google Scholar
- J. H. Dunn and C. E. Martin, "Authentication mechanisms for call control message integrity and origin verification," ed: Google Patents, 2009.Google Scholar
- R. Chow, M. Jakobsson, R. Masuoka, J. Molina, Y. Niu, E. Shi, et al., "Authentication in the clouds: a framework and its application to mobile users," in Proceedings of the 2010 ACM workshop on Cloud computing security workshop, 2010, pp. 1--6.Google Scholar
- A. Celesti, F. Tusa, M. Villari, and A. Puliafito, "Security and cloud computing: Intercloud identity management infrastructure," in Enabling Technologies: Infrastructures for Collaborative Enterprises (WETICE), 2010 19th IEEE International Workshop on, 2010, pp. 263--265.Google Scholar
- A. J. Choudhury, P. Kumar, M. Sain, H. Lim, and H. Jae-Lee, "A strong user authentication framework for cloud computing," in Services Computing Conference (APSCC), 2011 IEEE Asia-Pacific, 2011, pp. 110--115.Google Scholar
- H.-H. Zhu, Q.-H. He, H. Tang, and W.-H. Cao, "Voiceprint-biometric template design and authentication based on cloud computing security," in Cloud and Service Computing (CSC), 2011 International Conference on, 2011, pp. 302--308.Google Scholar
- Y. Z. An, Z. F. Zaaba and N. F. Samsudin, "Reviews on Security Issues and Challenges in Cloud Computing," in IOP Conference Series: Materials Science and Engineering, 2016.Google Scholar
- V. Radha and D. Hitha Reddy, "A survey on Single Sign-On Techniques," Procedia Technology, vol. 4, pp. 134--139, 2012.Google ScholarCross Ref
- K. I. Ramatsakane and S. W. Leung, "Pick Location Security: Seamless Integrated Multi-Factor Authentication," in IST Africa, 2017.Google Scholar
- S. H. Khan and M. A. Akbar, "Multi-Factor Authentication on Cloud," in 2015 International Conference on Digital Image Computing: Techniques and Applications (DICTA), 2015.Google Scholar
- F. Rehman and M. Shah, "The Framework for Efficient Passphrase-based Multifactor Authentication in Cloud Computing," in 2016 22nd International Conference on Automation and Computing (ICAC), 2016.Google Scholar
- A. A. Yassin, A. Ibrahim and D. Zou, "Efficient Password-based Two Factors Authentication in Cloud Computing," International Journal of Security and Its Applications, vol. 6, no. 2, pp. 143--148, 2012.Google Scholar
- López, A. (2015). Common Vulnerability Scoring System v3.0. Available at: https://www.certsi.es/en/blog/cvss-3-en [Accessed 13th February, 2018].Google Scholar
- Mell, P., Scarfone, K. and Romanosky, S., (2007). A Complete Guide to the Common Vulnerability Scoring System Version 2.0. Availabale t: http://www.nazimkaradag.com/wp-content/uploads/2014/11/cvss-guide.pdf [Accessed 25th Feb, 2017]Google Scholar
- Spoorthi, V., & Sekaran, K. C. (2014, August). Mobile single sign-on solution for enterprise cloud applications. In Networks & Soft Computing (ICNSC), 2014 First International Conference on (pp. 273--277). IEEE.Google ScholarCross Ref
- Moghaddam, F. F., Karimi, O., & Hajivali, M. (2013, November). Applying a single sign-on algorithm based on cloud computing concepts for SaaS applications. In Communications (MICC), 2013 IEEE Malaysia International Conference on (pp. 335--339). IEEE.Google ScholarCross Ref
- Zwattendorfer, B., & Tauber, A. (2012). Secure cross-cloud single sign-on (SSO) using eIDs. In Internet Technology and Secured Transactions, 2012 International Conference for (pp. 150--155). IEEE.Google Scholar
- Revar, A. G., & Bhavsar, M. D. (2011). Securing user authentication using single sign-on in Cloud Computing. In Engineering (NUiCONE), 2011 Nirma University International Conference on (pp. 1--4). IEEE.Google ScholarCross Ref
- Abdo, J. B., Demerjian, J., Chaouchi, H., Barbar, K., & Pujolle, G. (2014, April). Single-sign-on in operator centric mobile cloud architecture. In Electrotechnical Conference (MELECON), 2014 17th IEEE Mediterranean (pp. 151--155). IEEE.Google Scholar
- Cabarcos, P. A., Mendoza, F. A., Guerrero, R. S., Lopez, A. M., & Diaz-Sanchez, D. (2012). SuSSo: seamless and ubiquitous single sign-on for cloud service continuity across devices. IEEE Transactions on Consumer Electronics, 58(4), 1425--1433.Google Scholar
- Kebande, V. R., Kigwana, I., Venter, H. S., Karie, N. M., & Wario, R. D. (2018, August). CVSS Metric-Based Analysis, Classification and Assessment of Computer Network Threats and Vulnerabilities. In 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems (icABCD) (pp. 1--10). IEEE.Google Scholar
Index Terms
Hardening SAML by Integrating SSO and Multi-Factor Authentication (MFA) in the Cloud
Recommendations
The design of SSO service architecture for mashup service in web portals
ISP'07: Proceedings of the 6th WSEAS international conference on Information security and privacyWeb portal enterprises are interested in creating of the new and various web services as mashup services with Web 2.0 environment based on the user participation and sharing these days. And they think the connection of the electronic civil application ...
A Survey on IoT Authentication Security Service: Open Issues, Security Threats, and Future Solution Direction
Internet of things is becoming the most important technology now a days and it is next era of communication. By the use of IOT, various physical things can create, send and receive the data seamlessly. Different IoT applications' main focus is to ...
A Model of Unite-Authentication Single Sign-On Based on SAML Underlying Web
ICIC '09: Proceedings of the 2009 Second International Conference on Information and Computing Science - Volume 02Single Sign-on (SSO) based on the Security Assertion Markup Language (SAML) technology is a very important Web security technology, in a flexible and interoperable way to achieve heterogeneous system security. SAML has been the emergence of an effective ...
Comments