FPRESSO: Fast and Privacy-Preserving SSO Authentication With Dynamic Load Balancing for Multi-Cloud-Based Web Applications
Existing cloud-based Single Sign-on (SSO) model generally rely on token-based and secure API leveraging authentication standard models such as OAuth 2.0, FIDO 2, OpenID Connect. Even though these models enable secure and fast login experiences across websites and applications, most of them did not f...
Gespeichert in:
Veröffentlicht in: | IEEE access 2024, Vol.12, p.157888-157900 |
---|---|
Hauptverfasser: | , , , |
Format: | Artikel |
Sprache: | eng |
Schlagworte: | |
Online-Zugang: | Volltext |
Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
Zusammenfassung: | Existing cloud-based Single Sign-on (SSO) model generally rely on token-based and secure API leveraging authentication standard models such as OAuth 2.0, FIDO 2, OpenID Connect. Even though these models enable secure and fast login experiences across websites and applications, most of them did not focus on the privacy of the SSO token generated for the authentication with many applications. In addition, they are incapable to support dynamic authorization binding of the multiple privileges of user in accessing multiple applications in the SSO token. In this paper, we propose a scheme called FPRESSO providing a fast and privacy-preserving SSO authentication system with anonymous authorization binding designed for multi-application environments hosted on cloud. We utilize random perturbation to safeguard the SSO token, which is structured as a JSON Web Token (JWT). Essentially, our approach stores tokens in cookies to efficiently manage access and facilitate SSO recovery. Additionally, we introduced the anonymous authorization binding protocol to bundle user roles and permissions of the user into the SSO token, enhancing the efficiency and agility of access control across applications. To deliver high scalability of the system in accommodating a large number of users in cloud environment, we introduced multi-threaded load balancing algorithm to dynamically handle both SSO token generation and verification requests, ensuring efficient distribution of load across multiple servers. We conducted experiments to assess the performance of our proposed system. The results show that the token generation and verification processes are more efficient than those in comparable studies. By implementing the new cookie strategy, latency decreased significantly compared to the method without cookies. |
---|---|
ISSN: | 2169-3536 2169-3536 |
DOI: | 10.1109/ACCESS.2024.3485996 |