Single Sign-on Mechanism for Secure Web Service Access through ISSO

Single Sign-on Mechanism for Secure Web Service Access through ISSO

Single sign-on (SSO) is an emerging and more secure authentication mechanism that enables an authorized user with a single username/password to be authenticated by many service providers in a distributed network system. The existing technique used SSO scheme and it has achieved security by applying...

Full description

Bibliographic Details
Main Authors: Ramamurthi Deeptha, Rajeswari Mukesh
Format: Article
Language:English
Published: Croatian Communications and Information Society (CCIS) 2015-03-01
Series:Journal of Communications Software and Systems
Subjects:
ISSO
Web Services
SOAP
Data Security
Secure Data Transfer
Josso
Distributed Network
Online Access:https://jcomss.fesb.unist.hr/index.php/jcomss/article/view/112
id doaj-c882aef046a94b7fbdaa3b5b903d0aba
record_format Article
spelling doaj-c882aef046a94b7fbdaa3b5b903d0aba2020-11-25T00:30:44ZengCroatian Communications and Information Society (CCIS)Journal of Communications Software and Systems1845-64211846-60792015-03-01111814Single Sign-on Mechanism for Secure Web Service Access through ISSORamamurthi DeepthaRajeswari MukeshSingle sign-on (SSO) is an emerging and more secure authentication mechanism that enables an authorized user with a single username/password to be authenticated by many service providers in a distributed network system. The existing technique used SSO scheme and it has achieved security by applying well-organized security parameters and its improved scheme introduced Verifiable Encryption of Signatures (RSA-VES). But the improvement of both the techniques with respect to security is not fully accomplished. We identified two attacks in existing SSO techniques. The first attack permits a malicious service provider to successfully communicate with a legal user more than one time and to recover the authenticated username/password and then to impersonate the service consumer to grant access to web resources and web services provided by other SP (Service Provider). Another attack is that a third party without any security credential may be able to access network services easily by impersonating some legal user or a fictional user. In our proposed work we introduced Improved Single sign-on (ISSO) scheme, which prevents Credential recovery attack, Impersonation attack and Data injection attack. We used the modified version of JMeter open source tool for generating the test report of the particular web apps. We implemented three web applications which provide financial solutions to customers. These three web applications used SOAP based request and response mapping for efficient handling of communication protocols. The testing result stated that the ISSO scheme fights against the attacks that were present in current SSO scheme.https://jcomss.fesb.unist.hr/index.php/jcomss/article/view/112ISSOWeb ServicesSOAPData SecuritySecure Data TransferJossoDistributed Network
collection DOAJ
language English
format Article
sources DOAJ
author Ramamurthi Deeptha
Rajeswari Mukesh
spellingShingle Ramamurthi Deeptha
Rajeswari Mukesh
Single Sign-on Mechanism for Secure Web Service Access through ISSO
Journal of Communications Software and Systems
ISSO
Web Services
SOAP
Data Security
Secure Data Transfer
Josso
Distributed Network
author_facet Ramamurthi Deeptha
Rajeswari Mukesh
author_sort Ramamurthi Deeptha
title Single Sign-on Mechanism for Secure Web Service Access through ISSO
title_short Single Sign-on Mechanism for Secure Web Service Access through ISSO
title_full Single Sign-on Mechanism for Secure Web Service Access through ISSO
title_fullStr Single Sign-on Mechanism for Secure Web Service Access through ISSO
title_full_unstemmed Single Sign-on Mechanism for Secure Web Service Access through ISSO
title_sort single sign-on mechanism for secure web service access through isso
publisher Croatian Communications and Information Society (CCIS)
series Journal of Communications Software and Systems
issn 1845-6421
1846-6079
publishDate 2015-03-01
description Single sign-on (SSO) is an emerging and more secure authentication mechanism that enables an authorized user with a single username/password to be authenticated by many service providers in a distributed network system. The existing technique used SSO scheme and it has achieved security by applying well-organized security parameters and its improved scheme introduced Verifiable Encryption of Signatures (RSA-VES). But the improvement of both the techniques with respect to security is not fully accomplished. We identified two attacks in existing SSO techniques. The first attack permits a malicious service provider to successfully communicate with a legal user more than one time and to recover the authenticated username/password and then to impersonate the service consumer to grant access to web resources and web services provided by other SP (Service Provider). Another attack is that a third party without any security credential may be able to access network services easily by impersonating some legal user or a fictional user. In our proposed work we introduced Improved Single sign-on (ISSO) scheme, which prevents Credential recovery attack, Impersonation attack and Data injection attack. We used the modified version of JMeter open source tool for generating the test report of the particular web apps. We implemented three web applications which provide financial solutions to customers. These three web applications used SOAP based request and response mapping for efficient handling of communication protocols. The testing result stated that the ISSO scheme fights against the attacks that were present in current SSO scheme.
topic ISSO
Web Services
SOAP
Data Security
Secure Data Transfer
Josso
Distributed Network
url https://jcomss.fesb.unist.hr/index.php/jcomss/article/view/112
work_keys_str_mv AT ramamurthideeptha singlesignonmechanismforsecurewebserviceaccessthroughisso
AT rajeswarimukesh singlesignonmechanismforsecurewebserviceaccessthroughisso
_version_ 1725325280063520768

Similar Items