The Preliminary Investigation of SSO Protocol for the Suitability of Mission Critical Applications

R  Deeptha    and Rajeswari Mukesh

doi:10.17485/ijst/2017/v10i42/120340

Article

The Preliminary Investigation of SSO Protocol for the Suitability of Mission Critical Applications

VIEWS 1670
PDF 1266

Abstract
Full-Text HTML
Full-Text PDF
How to Cite

Indian Journal of Science and Technology

DOI: 10.17485/ijst/2017/v10i42/120340

Year: 2017, Volume: 10, Issue: 42, Pages: 1-10

Original Article

The Preliminary Investigation of SSO Protocol for the Suitability of Mission Critical Applications

R. Deeptha^{1 *} and Rajeswari Mukesh²

¹Department of Information Technology, Hindustan University, Chennai – 603103, Tamil Nadu, India; [email protected]²Department of the School of Computing Sciences, Hindustan University, Chennai – 603103, Tamil Nadu, India; [email protected]

*Author For Correspondence
R. Deeptha
Department of Information Technology, Hindustan University, Chennai – 603103, Tamil Nadu, India; [email protected]

This work is licensed under a Creative Commons Attribution 4.0 International License.

Abstract

Objective: Single Sign-On (SSO) mechanism mitigates the complexity by providing a single set of login credentials for disparate systems. The main objective of SSO in mission critical applications is to provide a most trusted authentication provider while ensuring the secured online service. Methods: Exploiting third party identity provider leads Open ID connect to not fit in banking services. Since traditional banking systems refuse to disclose the user-sensitive information to any third party, the conventional models lack in maintaining the consistent revocation model. However, the maintenance of user details at server needs to follow the consistent revocation model at all connected banks. The conventional SSO protocols follow different ways to develop the access control policies to recognize the user identity. However, the banking services need role-based access control policy. Findings: In order to provide the secure SSO to banking services, this work presents the extended Open ID connect protocol with additional security features which are more suitable to the online banking systems. The extended Open ID connect provides the role of identity provider to RBI which is a centralized authority to connect all the banks and their user accounts. It exploits the chaotic sequence encryption algorithm to dynamically manage the session, which facilitates the common revocation model. This restricts the impersonation, modification, and eavesdropping attacks while accessing the online banking services with SSO mechanism. The request identification and validation using random user ID in every subsequent page access ensures the security of the online transaction. Moreover, the request identification and validation using random user ID in every subsequent page access ensures the security of the online transaction. Application/Improvements: The proposed model tightens the security of Open ID connect with the support of Chaotic sequence encryption, common revocation model, and request identification. It successfully extends the usage of SSO to mission critical applications.

Keywords: Banking Service, Chaotic Sequence Encryption, Open ID connect, Revocation, Identity Provider