Single Sign-On in Cloud Federation using CloudSim

Full Text (PDF, 610KB), PP.50-58

Views: 0 Downloads: 0

Author(s)

Manoj V. Thomas 1,* Anand Dhole 1 K. Chandrasekaran 1

1. Department of Computer Science and Engineering, National Institute of Technology Karnataka Surathkal, Karnataka, India-575025

* Corresponding author.

DOI: https://doi.org/10.5815/ijcnis.2015.06.06

Received: 2 Oct. 2014 / Revised: 10 Jan. 2015 / Accepted: 6 Feb. 2015 / Published: 8 May 2015

Index Terms

Authentication, Authorization, Single Sign-On, Cloud Federation, Fully Hashed Menezes-Qu-Vanstone, Advance Encryption Standard, CloudSim

Abstract

Single Sign-On (SSO) is an authentication mechanism in which a Cloud Service Consumer (CSC) needs to be authenticated only once while accessing vari-ous services from multiple service providers, or when accessing multiple services from the same service provid-er. In the case of Cloud Federation, the consumers can get services from various Cloud Service Providers (CSPs) who are members of the federation, and SSO can be used to verify the legitimate users without requiring them to get authenticated with each service provider separately. CloudSim is a popular tool used for simulating various cloud computing scenarios. As of now, the simulator lacks effective user authentication and authorization methods with it. In this paper, we discuss the design and implementation of SSO mechanism in the Cloud Federa-tion scenario using the CloudSim toolkit. We have used the Fully Hashed Menezes-Qu-Vanstone (FHMQV) pro-tocol for the key exchange and the Symmetric Key En-cryption technique AES-128 for encrypting the identity tokens. We give the workflow model for the proposed approach of SSO in the Cloud Federation and also, the execution time taken in the simulation for various Single Sign-On scenarios where the number of SSO required varies are also shown.

Cite This Paper

Manoj V. Thomas, Anand Dhole, K. Chandrasekaran, "Single Sign-On in Cloud Federation using CloudSim", International Journal of Computer Network and Information Security(IJCNIS), vol.7, no.6, pp.50-58, 2015. DOI:10.5815/ijcnis.2015.06.06

Reference

[1]Afnan Ullah Khan, Manuel Oriol, Mariam Kiran, Ming Jiang and Karim Djemame, “Security Risks and their Management in Cloud Computing”, in 4th IEEE Interna-tional Conference on Cloud Computing Technology and Science, 2012, pp. 121-128.
[2]David Bermbach, Tobias Kurze and Stefan Tai, “Cloud Federation: Effects of Federated Compute Resources on Quality of Service and Cost”, in IEEE International Con-ference on Cloud Engineering, 2013, pp. 31-37.
[3]Rodrigo N. Calheiros, Rajiv Ranjan, Anton Beloglazov, C’esar A. F. De Rose and Rajkumar Buyya, “CloudSim: a toolkit for modeling and simulation of cloud computing environments and evaluation of resource provisioning al-gorithms”, Software-Practice & Experience 41 (2010) pp. 23-50.
[4]Kumar Gunjan, G. Sahoo and R. K. Tiwari, ”Identity Management in Cloud Computing-A Review”, Interna-tional Journal of Engineering Research and Technology (IJERT), ISSN: 2278-0181, Vol.1, Issue 4, June-2012, pp. 1-5.
[5]Somchart Fugkeaw, Piyawit Manpanpanich and Sekpon Juntapremjitt, “A Robust Single Sign-On Model based on Multi-Agent System and PKI”, in 6th International Con-ference on Networking, 2007, pp. 101-101.
[6]Somchart Fugkeaw, Piyawit Manpanpanich and Sekpon Juntapremjitt, “An SSO-capable Distributed RBAC Model with High Availability across Administrative Domain”, in 22nd International Conference on Advanced Information Networking and Applications - Workshops, 2008, pp. 121-126.
[7]Bernd Zwattendorfer and Arne Tauber, “Secure Cross-Cloud Single Sign-On (SSO) using eIDs”, in 7th Interna-tional Conference for Internet Technology and Secured Transactions, 2012, pp. 150-155.
[8]Guilin Wang, Jiangshan Yu, and Qi Xie, “Security Analy-sis of a Single Sign-On Mechanism for Distributed Com-puter Networks”, IEEE Transactions on Industrial Infor-matics 9 (2013) 294-302.
[9]Syamantak Mukhopadhyay and David Argles, “An Anti-Phishing mechanism for Single Sign-On based on QR-Code”, in International Conference on Information Society (i-Society), 2011, pp. 505-508.
[10]Antonio Celesti, Francesco Tusa, Massimo Villari and Antonio Puliafito, “Three-Phase Cross-Cloud Federation Model: The Cloud SSO Authentication”, in Second Inter-national Conference on Advances in Future Internet, 2010, pp. 94-101.
[11]Antonio Celesti, Francesco Tusa, Massimo Villari and Antonio Puliafito, “Federation Establishment between CLEVER Clouds through a SAML SSO Authentication Profile”, International Journal on Advances in Internet Technology 4 (2011) pp. 14-27.
[12]Chin-Chen Chang and Chia-Yin Lee, “A Secure Single Sign-On Mechanism for Distributed Computer Networks”, IEEE Transactions on Industrial Electronics 59 (2012) pp. 629-637.
[13]Sabi Goriawala, “Authentication and Access Control: Se-lecting the Appropriate Authentication Method for Your Organization”, SmartSignIn (www.smartsignin.com), 2013.
[14]Erika McCallister, Tim Grance and Karen Scarfone, “Guide to Protecting the Confidentiality of Personally Identifiable Information (PII)”, in NIST Special Publica-tion 800-122, National Technical Information Service, Springfield, VA, May 1985.
[15]Sanjeev Kumar and Philip R. Cohen, “Towards a Fault-Tolerant Multi-Agent System Architecture”, in Proc. of Autonomous Agent, 2000, pp.459-466.
[16]Hyokyung Chang and Euiin Choi, “User Authentication in Cloud Computing”, in 2nd International conference on Ubiquitous Computing and Multimedia Applications, 2011, pp. 338-342.
[17]Jaejung Kim and Seng-phil Hong, “A Consolidated Au-thentication Model in Cloud Computing Environments”, International Journal of Multimedia and Ubiquitous Engi-neering 7 (2012) pp. 151-160.
[18]C. C. Chang and Y. F. Chang, “Yet Another Attack on a Password Authentication System”, in Proc. of 18th Inter-national Conference on Advanced Information Networking and Application, 2004, pp. 170-173.
[19]C. W. Lin, J. J. Shen and M. S. Hwang, “Security en-hancement for Optimal Strong-Password Authentication Protocol”, Operating system Review 37(2) (2003) pp. 7-12.
[20]K. C. Leung, L. M. Cheng, A. S. Fong and C. K. Chen, “Cryptanalysis of a remote user authentication scheme using smart cards, IEEE Trans. Consumer Electronic 49 (2003) pp. 1243-1245.
[21]M Stihler, A O Santin, A L Marcon and J da Silva Fraga, “Integral Federated Identity Management for Cloud Computing”, In 5th International Conference on New Technologies, Mobility and Security (NTMS) Proceedings, 2012, pp. 1–5.
[22]D Bernstein and D Vij, “Intercloud Security Considera-tions”, In Second IEEE International Conference on Cloud Computing Technology and Science (CloudCom) Pro-ceedings, 2010, pp. 537–544.
[23]D Bernstein and D Vij, “Intercloud Directory and Ex-change Protocol Detail using XMPP and RDF”, In 6th IEEE World Congress on Services (SERVICES-1) Pro-ceedings, 2010, pp. 431–438.
[24]L Yan, C Rong and G Zhao, “Strengthen Cloud Computing Security with Federal Identity Management using Hi-erarchical Identity-based Cryptography”, In Cloud Com-puting, Lecture Notes in Computer Science, Springer Berlin / Heidelberg, 5931 (2009), pp. 167–177.
[25]C. Fan, Y. Chan and Z. Zhang, “Robust Remote Authenti-cation with Smart Cards”, Computers and Security 24 (2005) pp. 619-628.
[26]C. C. Lee, L. H. Li and M. S. Hwang, “A Remote User Authentication Scheme Using Hash Functions”, ACM Operating Systems Review 36 (2002) pp. 23-29.
[27]C. Y. Chen and C. Y. Gun, “A Fair and Dynamic Pass-word Authentication System”, in 2nd International Con-ference on Artificial Intelligence, Management Science and Electronic Commerce (AIMSEC), 2011, pp. 4505-4509.
[28]Xuguang Ren and Xin-Wen Wu, “A Novel Dynamic User Authentication Scheme”, in International Symposium on Communications and Information Technologies (ISCIT), 2012, pp. 713-717.
[29]V. Radha and D. Hitha Reddy, “A Survey on Single Sign-On Techniques”, in 2nd International Conference on Computer, Communication, Control and Information Technology (C3IT-2012) on February 25 - 26, 2012, pp. 134-139.
[30]National Institute of Standards and Technology, An agency of U.S. Department of Commerce [Online]. Available: http://www.nist.gov/.