Objective: Single Sign-On (SSO) mechanism mitigates the complexity by providing a single set of login credentials for disparate systems. The main objective of SSO in mission critical applications is to provide a most trusted authentication provider while ensuring the secured online service. Methods: Exploiting third party identity provider leads Open ID connect to not fit in banking services. Since traditional banking systems refuse to disclose the user-sensitive information to any third party, the conventional models lack in maintaining the consistent revocation model. However, the maintenance of user details at server needs to follow the consistent revocation model at all connected banks. The conventional SSO protocols follow different ways to develop the access control policies to recognize the user identity. However, the banking services need role-based access control policy. Findings: In order to provide the secure SSO to banking services, this work presents the extended Open ID connect protocol with additional security features which are more suitable to the online banking systems. The extended Open ID connect provides the role of identity provider to RBI which is a centralized authority to connect all the banks and their user accounts. It exploits the chaotic sequence encryption algorithm to dynamically manage the session, which facilitates the common revocation model. This restricts the impersonation, modification, and eavesdropping attacks while accessing the online banking services with SSO mechanism. The request identification and validation using random user ID in every subsequent page access ensures the security of the online transaction. Moreover, the request identification and validation using random user ID in every subsequent page access ensures the security of the online transaction. Application/Improvements: The proposed model tightens the security of Open ID connect with the support of Chaotic sequence encryption, common revocation model, and request identification. It successfully extends the usage of SSO to mission critical applications. Keywords: Banking Service, Chaotic Sequence Encryption, Open ID connect, Revocation, Identity Provider
Read full abstract