Achieving Decentralized and Dynamic SSO-Identity Access Management System for Multi-Application Outsourced in Cloud

Abstract

Existing Single Sign-On (SSO) access control systems typically rely on the traditional protocols requiring additional authentication mechanism and/or identity providers. As the growing demand in outsourcing system resources such as data and applications to the cloud platform, implementing traditional SSO models to support efficient and fine-grained access control for multi-user and multi-application environment is not practical. In this paper, we propose a blockchain-based identification and access management (IAM) scheme called D2 -IAM to provide strong security measures for controlling SSO access to resources in the cloud. At a core of D2 -IAM, core access control processes are done by the smart contracts and blockchain where the access transactions are well retained for the accountability. In our system, the SSO authentication is based on the highest authentication level and the hashed-based token management. Owing to the autonomous authentication management, the communication overhead regarding the interaction with identity providers and third-party verification mechanism for multi-system authentication is minimized. For the authorization system, D2 -IAM enables fine-grained access through the access policy modeled in the document database written and enforced to each customer. Finally, we conducted the experiments on Google cloud to show that our D2 -IAM system is efficient for the implementation. The performance test showed that our proposed system was approximately 4 times efficient than the average processing time of three existing works.