ارزیابی شکست امنیتی SSO در سرویسهای ابری  Evaluating single sign-on security failure in cloud services

1. Cloud single sign-on demand The problem of user authentication in the cloud environment has arisen as a usability issue, in that users object to repeating logon behavior multiple times, for multiple identities, for many different services and service providers (Shackel, 1990; Wang & Shao, 2011). Similarly, users may be using multiple devices to access services simultaneously and independently. The problem is accentuated in the cloud computing environment when the layers of complexity are reduced and the risk of unauthorized access to services increases. One of the broad research areas providing solutions to the problem has been that of federated identity management. Such solutions include single sign-on (SSO), OpenID, One Time Passwords (OTP), and other innovative designs that facilitate the ease of human behavior while hardening the technology protection (Gupta & Zhdanov, 2012; Hocking, Furnell, Clarke, & Reynolds, 2011). Each solution has usability strengths and weaknesses but also security risk and effectiveness trade-offs. In this article our interest is in the management of risk around an identity. All parties must accept that sufficient precautions are taken to prevent theft by an unauthorized party while allowing a seamless user experience for legitimate bene- ficial parties (Hess, McNab, & Basoglu, 2014). Federated authentication in the cloud environment relies on the advancement and development of authentication mechanisms that can securely and effectively distribute the identity information across platforms and devices (Yan, Rong, & Zhao, 2009). Current challenges relate to the proprietary nature of many services and the lack of general standardization for interoperability (Leandro, Nascimento, dos Santos, Westphall, & Westphall, 2012). To some extent the problem is addressed in independent authorization agencies to whom each service provider refers user authentication. The scope of authorization may be further controlled by the use of strong and weak determinations. For example, if three forms of identity including a biometric are provided then a strong assurance can be issued whereas if a singular password or PIN is provided then a weak assurance isissued (Madsen, Koga, & Takahashi, 2005). It is up to the authentication service user to determine the use of the authorization for matters of access control. In a cloud environment one point of entry authentication is desirable by the user but the chance of breach from a single set of credentials is higher than if multiple sets are used (assuming differentiation). The problem is accentuated if user identity is compromised or if a service is left open for long periods of time (Huang, Ma, & Chen, 2011). In both instances, user expectation presentstechnical and design challenges for information security. If the risk management requires a user to provide identification every two—three minutes to keep the service active or if each service or device activated requires a fresh authentication of identification, then the user must adopt new behaviors. The user may resist the new behaviors and forgo the service (Rivard & Lapointe, 2012). Both breach and non-use of a system are failures, hence the optimization of human behavior against a robust security design requires innovation and scoping for cloud environments(Sun et al., 2011). This article is structured to introduce the cloud identity problem and then to elaborate potential solutions. The following section briefly introduces federation theory and the SSO opportunity. The issues of risk and behavioral modification are discussed in terms of potential system failure. It is assumed humans prefer SSO as a behavioral solution but the challenge is to match this behavior with a secure architecture. The literature analysis shows that there is no model that can provide system integrity verification in the cloud SSO framework. We propose a mutual attestation framework based on a trusted platform model (TPM) that provides a platform verification check within the SSO protocol in order to implement trustworthiness among the cloud authentication workflow. The proposed model guarantees a secure mutual attestation with encrypted messages by using TPM keys. A solution is proposed and then tested theoretically (from the literature) for attack resistance. The article concludes with a discussion of trust as a utility facilitator in socio-technical security systems.