Achieving Decentralized and Dynamic SSO-Identity Access Management System for Multi-Application Outsourced in Cloud

Abstract

Existing single sign-on (SSO) access control systems typically rely on the traditional protocols requiring additional authentication mechanism and/or identity providers. As the growing demand in outsourcing system resources such as data and applications to the cloud platform, implementing traditional SSO models to support efficient and fine-grained access control for multi-user and multi-application environment is not practical. In this paper, we propose a blockchain-based identification and access management (IAM) scheme called D <sup xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">2</sup> -IAM to provide strong security measures for controlling SSO access to resources in the cloud. At a core of D <sup xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">2</sup> -IAM, all access control processes are done by the smart contracts and blockchain where the access transactions are well retained for the accountability. In our system, the SSO authentication is based on highest authentication level and hashed-based token that significantly reduces the communication overhead for multi-system authentication. For the authorization system, D <sup xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">2</sup> -IAM enables fine-grained access through the access policy modeled in document database written and enforced to each customer. Finally, we conducted the experiments on Google cloud to show that our D <sup xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">2</sup> -IAM system is efficient for the implementation. The performance test showed that our proposed system is approximately 4 times efficient than the average processing time of three existing works.