Single Sign-on Mechanism for Secure Web Service Access through ISSO

نویسندگان

  • Ramamurthi Deeptha
  • Rajeswari Mukesh
چکیده

Single sign-on (SSO) is an emerging and more secure authentication mechanism that enables an authorized user with a single username/password to be authenticated by many service providers in a distributed network system. The existing technique used SSO scheme and it has achieved security by applying wellorganized security parameters and its improved scheme introduced Verifiable Encryption of Signatures (RSA-VES). But the improvement of both the techniques with respect to security is not fully accomplished. We identified two attacks in existing SSO techniques. The first attack permits a malicious service provider to successfully communicate with a legal user more than one time and to recover the authenticated username/password and then to impersonate the service consumer to grant access to web resources and web services provided by other SP (Service Provider). Another attack is that a third party without any security credential may be able to access network services easily by impersonating some legal user or a fictional user. In our proposed work we introduced Improved Single sign-on (ISSO) scheme, which prevents Credential recovery attack, Impersonation attack and Data injection attack. We used the modified version of JMeter open source tool for generating the test report of the particular web apps. We implemented three web applications which provide financial solutions to customers. These three web applications used SOAP based request and response mapping for efficient handling of communication protocols. The testing result stated that the ISSO scheme fights against the attacks that were present in current SSO scheme.

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

The Security of Web Services: Secure Communication and Identity Management

Service Oriented Architectures have become the new trend in the world of communication on the web. Especially web services are the high-performance specification of service-oriented architectures. The use of confidential data on the Web becomes the primary problem in the secure communication over the web. The solution proposed in this paper is a secure communication tool OCS based on the princi...

متن کامل

Image flip CAPTCHA

The massive and automated access to Web resources through robots has made it essential for Web service providers to make some conclusion about whether the "user" is a human or a robot. A Human Interaction Proof (HIP) like Completely Automated Public Turing test to tell Computers and Humans Apart (CAPTCHA) offers a way to make such a distinction. CAPTCHA is a reverse Turing test used by Web serv...

متن کامل

CAS++: An Open Source Single Sign-On Solution for Secure e-Services

Business and recreational activities on the global communication infrastructure are increasingly based on the use of remote resources and services, and on the interaction between different, remotely located parties. On corporate networks as well as on the open Web, the huge number of resources and services often requires to multiple log-ons leading to credential proliferation and, potentially, ...

متن کامل

PASS: A privacy-friendly, secure and open Single Sign-On Protocol for Web Services

Personalization is an important feature of websites. Typically this requires the user to register a new password-protected account for every service. It is expected that websites will implement service cooperations to further enhance the personalisation of their user’s web experience. A common authentication mechanism is required for this. Single sign-on systems have the purpose to establish su...

متن کامل

Secure Collaboration Mechanism for SLA delivery among IPTV providers

Service Level Agreements (SLAs) specify the quality levels customers expect during service provisioning. A critical issue in this area is for service providers to effectively achieve the individual SLA optimization in terms of Quality of Service (QoS) metrics and price. In Mobile IPTV (M-IPTV) scenario, the personalized service provision and timely/on-demand delivery demands high quantity of av...

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 2015