FPRESSO: Fast and Privacy-Preserving SSO Authentication With Dynamic Load Balancing for Multi-Cloud-Based Web Applications

Existing cloud-based Single Sign-on (SSO) model generally rely on token-based and secure API leveraging authentication standard models such as OAuth 2.0, FIDO 2, OpenID Connect. Even though these models enable secure and fast login experiences across websites and applications, most of them did not f...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:IEEE access 2024, Vol.12, p.157888-157900
Hauptverfasser: Fugkeaw, Somchart, Rattagool, Sorravich, Jiangthiranan, Pawat, Pholwiset, Peerawichaya
Format: Artikel
Sprache:eng
Schlagworte:
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
container_end_page 157900
container_issue
container_start_page 157888
container_title IEEE access
container_volume 12
creator Fugkeaw, Somchart
Rattagool, Sorravich
Jiangthiranan, Pawat
Pholwiset, Peerawichaya
description Existing cloud-based Single Sign-on (SSO) model generally rely on token-based and secure API leveraging authentication standard models such as OAuth 2.0, FIDO 2, OpenID Connect. Even though these models enable secure and fast login experiences across websites and applications, most of them did not focus on the privacy of the SSO token generated for the authentication with many applications. In addition, they are incapable to support dynamic authorization binding of the multiple privileges of user in accessing multiple applications in the SSO token. In this paper, we propose a scheme called FPRESSO providing a fast and privacy-preserving SSO authentication system with anonymous authorization binding designed for multi-application environments hosted on cloud. We utilize random perturbation to safeguard the SSO token, which is structured as a JSON Web Token (JWT). Essentially, our approach stores tokens in cookies to efficiently manage access and facilitate SSO recovery. Additionally, we introduced the anonymous authorization binding protocol to bundle user roles and permissions of the user into the SSO token, enhancing the efficiency and agility of access control across applications. To deliver high scalability of the system in accommodating a large number of users in cloud environment, we introduced multi-threaded load balancing algorithm to dynamically handle both SSO token generation and verification requests, ensuring efficient distribution of load across multiple servers. We conducted experiments to assess the performance of our proposed system. The results show that the token generation and verification processes are more efficient than those in comparable studies. By implementing the new cookie strategy, latency decreased significantly compared to the method without cookies.
doi_str_mv 10.1109/ACCESS.2024.3485996
format Article
fullrecord <record><control><sourceid>doaj_cross</sourceid><recordid>TN_cdi_crossref_primary_10_1109_ACCESS_2024_3485996</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><ieee_id>10734102</ieee_id><doaj_id>oai_doaj_org_article_d0ba7d935e144d8da9cd24378d0794fb</doaj_id><sourcerecordid>oai_doaj_org_article_d0ba7d935e144d8da9cd24378d0794fb</sourcerecordid><originalsourceid>FETCH-LOGICAL-c216t-4947517a2de6bd729eb5477a52dd3a1ef9527239fd1dfea9003b66a332b90313</originalsourceid><addsrcrecordid>eNpNkd1Kw0AQhYMoKLVPoBf7Aqn7l2zXuxpbFSotttDLZZLZ6EpMym4q1Kc3NUU6NzMc5nzMcKLohtERY1TfTbJsulqNOOVyJOQ40To9i644S3UsEpGen8yX0TCET9rVuJMSdRX9zJZvnXtxT2YQWgI1kqV331Ds46W3wfpvV7-TboFMdu2HrVtXQOuammxc-0Ee9zV8uYLMG0DyABXUxWG9bDx53VWti7Oq2WH8AMEi2dicTLbb6kgI19FFCVWww2MfROvZdJ09x_PF00s2mcdFd3cbSy1VwhRwtGmOimubJ1IpSDiiAGZLnXDFhS6RYWlBUyryNAUheK6pYGIQvfRYbODTbL37Ar83DTjzJzT-3YDv3qqsQZqDQi0Sy6TEMYIukEuhxkiVlmXesUTPKnwTgrflP49RcwjD9GGYQxjmGEbnuu1dzlp74lBCMsrFL4Zshd0</addsrcrecordid><sourcetype>Open Website</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype></control><display><type>article</type><title>FPRESSO: Fast and Privacy-Preserving SSO Authentication With Dynamic Load Balancing for Multi-Cloud-Based Web Applications</title><source>IEEE Open Access Journals</source><source>DOAJ Directory of Open Access Journals</source><source>EZB-FREE-00999 freely available EZB journals</source><creator>Fugkeaw, Somchart ; Rattagool, Sorravich ; Jiangthiranan, Pawat ; Pholwiset, Peerawichaya</creator><creatorcontrib>Fugkeaw, Somchart ; Rattagool, Sorravich ; Jiangthiranan, Pawat ; Pholwiset, Peerawichaya</creatorcontrib><description>Existing cloud-based Single Sign-on (SSO) model generally rely on token-based and secure API leveraging authentication standard models such as OAuth 2.0, FIDO 2, OpenID Connect. Even though these models enable secure and fast login experiences across websites and applications, most of them did not focus on the privacy of the SSO token generated for the authentication with many applications. In addition, they are incapable to support dynamic authorization binding of the multiple privileges of user in accessing multiple applications in the SSO token. In this paper, we propose a scheme called FPRESSO providing a fast and privacy-preserving SSO authentication system with anonymous authorization binding designed for multi-application environments hosted on cloud. We utilize random perturbation to safeguard the SSO token, which is structured as a JSON Web Token (JWT). Essentially, our approach stores tokens in cookies to efficiently manage access and facilitate SSO recovery. Additionally, we introduced the anonymous authorization binding protocol to bundle user roles and permissions of the user into the SSO token, enhancing the efficiency and agility of access control across applications. To deliver high scalability of the system in accommodating a large number of users in cloud environment, we introduced multi-threaded load balancing algorithm to dynamically handle both SSO token generation and verification requests, ensuring efficient distribution of load across multiple servers. We conducted experiments to assess the performance of our proposed system. The results show that the token generation and verification processes are more efficient than those in comparable studies. By implementing the new cookie strategy, latency decreased significantly compared to the method without cookies.</description><identifier>ISSN: 2169-3536</identifier><identifier>EISSN: 2169-3536</identifier><identifier>DOI: 10.1109/ACCESS.2024.3485996</identifier><identifier>CODEN: IAECCG</identifier><language>eng</language><publisher>IEEE</publisher><subject>Access control ; Authentication ; Authorization ; Cloud computing ; Load management ; Load modeling ; Privacy ; privacy-preserving ; Scalability ; Security ; Servers ; Single sign-on</subject><ispartof>IEEE access, 2024, Vol.12, p.157888-157900</ispartof><lds50>peer_reviewed</lds50><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed><cites>FETCH-LOGICAL-c216t-4947517a2de6bd729eb5477a52dd3a1ef9527239fd1dfea9003b66a332b90313</cites><orcidid>0009-0007-2445-7696 ; 0000-0001-7156-184X</orcidid></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://ieeexplore.ieee.org/document/10734102$$EHTML$$P50$$Gieee$$Hfree_for_read</linktohtml><link.rule.ids>314,780,784,864,2102,4024,27633,27923,27924,27925,54933</link.rule.ids></links><search><creatorcontrib>Fugkeaw, Somchart</creatorcontrib><creatorcontrib>Rattagool, Sorravich</creatorcontrib><creatorcontrib>Jiangthiranan, Pawat</creatorcontrib><creatorcontrib>Pholwiset, Peerawichaya</creatorcontrib><title>FPRESSO: Fast and Privacy-Preserving SSO Authentication With Dynamic Load Balancing for Multi-Cloud-Based Web Applications</title><title>IEEE access</title><addtitle>Access</addtitle><description>Existing cloud-based Single Sign-on (SSO) model generally rely on token-based and secure API leveraging authentication standard models such as OAuth 2.0, FIDO 2, OpenID Connect. Even though these models enable secure and fast login experiences across websites and applications, most of them did not focus on the privacy of the SSO token generated for the authentication with many applications. In addition, they are incapable to support dynamic authorization binding of the multiple privileges of user in accessing multiple applications in the SSO token. In this paper, we propose a scheme called FPRESSO providing a fast and privacy-preserving SSO authentication system with anonymous authorization binding designed for multi-application environments hosted on cloud. We utilize random perturbation to safeguard the SSO token, which is structured as a JSON Web Token (JWT). Essentially, our approach stores tokens in cookies to efficiently manage access and facilitate SSO recovery. Additionally, we introduced the anonymous authorization binding protocol to bundle user roles and permissions of the user into the SSO token, enhancing the efficiency and agility of access control across applications. To deliver high scalability of the system in accommodating a large number of users in cloud environment, we introduced multi-threaded load balancing algorithm to dynamically handle both SSO token generation and verification requests, ensuring efficient distribution of load across multiple servers. We conducted experiments to assess the performance of our proposed system. The results show that the token generation and verification processes are more efficient than those in comparable studies. By implementing the new cookie strategy, latency decreased significantly compared to the method without cookies.</description><subject>Access control</subject><subject>Authentication</subject><subject>Authorization</subject><subject>Cloud computing</subject><subject>Load management</subject><subject>Load modeling</subject><subject>Privacy</subject><subject>privacy-preserving</subject><subject>Scalability</subject><subject>Security</subject><subject>Servers</subject><subject>Single sign-on</subject><issn>2169-3536</issn><issn>2169-3536</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2024</creationdate><recordtype>article</recordtype><sourceid>ESBDL</sourceid><sourceid>RIE</sourceid><sourceid>DOA</sourceid><recordid>eNpNkd1Kw0AQhYMoKLVPoBf7Aqn7l2zXuxpbFSotttDLZZLZ6EpMym4q1Kc3NUU6NzMc5nzMcKLohtERY1TfTbJsulqNOOVyJOQ40To9i644S3UsEpGen8yX0TCET9rVuJMSdRX9zJZvnXtxT2YQWgI1kqV331Ds46W3wfpvV7-TboFMdu2HrVtXQOuammxc-0Ee9zV8uYLMG0DyABXUxWG9bDx53VWti7Oq2WH8AMEi2dicTLbb6kgI19FFCVWww2MfROvZdJ09x_PF00s2mcdFd3cbSy1VwhRwtGmOimubJ1IpSDiiAGZLnXDFhS6RYWlBUyryNAUheK6pYGIQvfRYbODTbL37Ar83DTjzJzT-3YDv3qqsQZqDQi0Sy6TEMYIukEuhxkiVlmXesUTPKnwTgrflP49RcwjD9GGYQxjmGEbnuu1dzlp74lBCMsrFL4Zshd0</recordid><startdate>2024</startdate><enddate>2024</enddate><creator>Fugkeaw, Somchart</creator><creator>Rattagool, Sorravich</creator><creator>Jiangthiranan, Pawat</creator><creator>Pholwiset, Peerawichaya</creator><general>IEEE</general><scope>97E</scope><scope>ESBDL</scope><scope>RIA</scope><scope>RIE</scope><scope>AAYXX</scope><scope>CITATION</scope><scope>DOA</scope><orcidid>https://orcid.org/0009-0007-2445-7696</orcidid><orcidid>https://orcid.org/0000-0001-7156-184X</orcidid></search><sort><creationdate>2024</creationdate><title>FPRESSO: Fast and Privacy-Preserving SSO Authentication With Dynamic Load Balancing for Multi-Cloud-Based Web Applications</title><author>Fugkeaw, Somchart ; Rattagool, Sorravich ; Jiangthiranan, Pawat ; Pholwiset, Peerawichaya</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c216t-4947517a2de6bd729eb5477a52dd3a1ef9527239fd1dfea9003b66a332b90313</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2024</creationdate><topic>Access control</topic><topic>Authentication</topic><topic>Authorization</topic><topic>Cloud computing</topic><topic>Load management</topic><topic>Load modeling</topic><topic>Privacy</topic><topic>privacy-preserving</topic><topic>Scalability</topic><topic>Security</topic><topic>Servers</topic><topic>Single sign-on</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Fugkeaw, Somchart</creatorcontrib><creatorcontrib>Rattagool, Sorravich</creatorcontrib><creatorcontrib>Jiangthiranan, Pawat</creatorcontrib><creatorcontrib>Pholwiset, Peerawichaya</creatorcontrib><collection>IEEE All-Society Periodicals Package (ASPP) 2005-present</collection><collection>IEEE Open Access Journals</collection><collection>IEEE All-Society Periodicals Package (ASPP) 1998-Present</collection><collection>IEEE Electronic Library (IEL)</collection><collection>CrossRef</collection><collection>DOAJ Directory of Open Access Journals</collection><jtitle>IEEE access</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Fugkeaw, Somchart</au><au>Rattagool, Sorravich</au><au>Jiangthiranan, Pawat</au><au>Pholwiset, Peerawichaya</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>FPRESSO: Fast and Privacy-Preserving SSO Authentication With Dynamic Load Balancing for Multi-Cloud-Based Web Applications</atitle><jtitle>IEEE access</jtitle><stitle>Access</stitle><date>2024</date><risdate>2024</risdate><volume>12</volume><spage>157888</spage><epage>157900</epage><pages>157888-157900</pages><issn>2169-3536</issn><eissn>2169-3536</eissn><coden>IAECCG</coden><abstract>Existing cloud-based Single Sign-on (SSO) model generally rely on token-based and secure API leveraging authentication standard models such as OAuth 2.0, FIDO 2, OpenID Connect. Even though these models enable secure and fast login experiences across websites and applications, most of them did not focus on the privacy of the SSO token generated for the authentication with many applications. In addition, they are incapable to support dynamic authorization binding of the multiple privileges of user in accessing multiple applications in the SSO token. In this paper, we propose a scheme called FPRESSO providing a fast and privacy-preserving SSO authentication system with anonymous authorization binding designed for multi-application environments hosted on cloud. We utilize random perturbation to safeguard the SSO token, which is structured as a JSON Web Token (JWT). Essentially, our approach stores tokens in cookies to efficiently manage access and facilitate SSO recovery. Additionally, we introduced the anonymous authorization binding protocol to bundle user roles and permissions of the user into the SSO token, enhancing the efficiency and agility of access control across applications. To deliver high scalability of the system in accommodating a large number of users in cloud environment, we introduced multi-threaded load balancing algorithm to dynamically handle both SSO token generation and verification requests, ensuring efficient distribution of load across multiple servers. We conducted experiments to assess the performance of our proposed system. The results show that the token generation and verification processes are more efficient than those in comparable studies. By implementing the new cookie strategy, latency decreased significantly compared to the method without cookies.</abstract><pub>IEEE</pub><doi>10.1109/ACCESS.2024.3485996</doi><tpages>13</tpages><orcidid>https://orcid.org/0009-0007-2445-7696</orcidid><orcidid>https://orcid.org/0000-0001-7156-184X</orcidid><oa>free_for_read</oa></addata></record>
fulltext fulltext
identifier ISSN: 2169-3536
ispartof IEEE access, 2024, Vol.12, p.157888-157900
issn 2169-3536
2169-3536
language eng
recordid cdi_crossref_primary_10_1109_ACCESS_2024_3485996
source IEEE Open Access Journals; DOAJ Directory of Open Access Journals; EZB-FREE-00999 freely available EZB journals
subjects Access control
Authentication
Authorization
Cloud computing
Load management
Load modeling
Privacy
privacy-preserving
Scalability
Security
Servers
Single sign-on
title FPRESSO: Fast and Privacy-Preserving SSO Authentication With Dynamic Load Balancing for Multi-Cloud-Based Web Applications
url https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2024-12-25T22%3A39%3A03IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-doaj_cross&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=FPRESSO:%20Fast%20and%20Privacy-Preserving%20SSO%20Authentication%20With%20Dynamic%20Load%20Balancing%20for%20Multi-Cloud-Based%20Web%20Applications&rft.jtitle=IEEE%20access&rft.au=Fugkeaw,%20Somchart&rft.date=2024&rft.volume=12&rft.spage=157888&rft.epage=157900&rft.pages=157888-157900&rft.issn=2169-3536&rft.eissn=2169-3536&rft.coden=IAECCG&rft_id=info:doi/10.1109/ACCESS.2024.3485996&rft_dat=%3Cdoaj_cross%3Eoai_doaj_org_article_d0ba7d935e144d8da9cd24378d0794fb%3C/doaj_cross%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_id=info:pmid/&rft_ieee_id=10734102&rft_doaj_id=oai_doaj_org_article_d0ba7d935e144d8da9cd24378d0794fb&rfr_iscdi=true