Skoči na glavni sadržaj

Izvorni znanstveni članak

https://doi.org/10.24138/jcomss.v11i1.112

Single Sign-on Mechanism for Secure Web Service Access through ISSO

Ramamurthi Deeptha ; Hindustan University, Chennai-603103, Tamilnadu, India
Rajeswari Mukesh ; Hindustan University, Chennai-603103, Tamilnadu, India


Puni tekst: engleski pdf 1.815 Kb

str. 8-14

preuzimanja: 431

citiraj


Sažetak

Single sign-on (SSO) is an emerging and more secure authentication mechanism that enables an authorized user with a single username/password to be authenticated by many service providers in a distributed network system. The existing technique used SSO scheme and it has achieved security by applying well-organized security parameters and its improved scheme introduced Verifiable Encryption of Signatures (RSA-VES). But the improvement of both the techniques with respect to security is not fully accomplished. We identified two attacks in existing SSO techniques. The first attack permits a malicious service provider to successfully communicate with a legal user more than one time and to recover the authenticated username/password and then to impersonate the service consumer to grant access to web resources and web services provided by other SP (Service Provider). Another attack is that a third party without any security credential may be able to access network services easily by impersonating some legal user or a fictional user. In our proposed work we introduced Improved Single sign-on (ISSO) scheme, which prevents Credential recovery attack, Impersonation attack and Data injection attack. We used the modified version of JMeter open source tool for generating the test report of the particular web apps. We implemented three web applications which provide financial solutions to customers. These three web applications used SOAP based request and response mapping for efficient handling of communication protocols. The testing result stated that the ISSO scheme fights against the attacks that were present in current SSO scheme.

Ključne riječi

ISSO; Web Services; SOAP; Data Security; Secure Data Transfer; Josso; Distributed Network

Hrčak ID:

179765

URI

https://hrcak.srce.hr/179765

Datum izdavanja:

20.3.2015.

Posjeta: 1.194 *