Hardening SAML by integrating SSO and Multi-Factor Authentication (MFA) in the Cloud

Authors

Nickson M. Karie, Edith Cowan UniversityFollow
Victor R. Kebande
Richard A. Ikuesan
Mehdi Sookhak
H. S. Venter

Document Type

Conference Proceeding

Publication Title

ACM International Conference Proceeding Series

Publisher

Association for Computing Machinery Digital Library

School

School of Science

RAS ID

32361

Comments

Karie, N. M., Kebande, V. R., Ikuesan, R. A., Sookhak, M., & Venter, H. S. (2020, March). Hardening SAML by Integrating SSO and Multi-Factor Authentication (MFA) in the Cloud. In Proceedings of the 3rd International Conference on Networking, Information Systems & Security (pp. 1-6). https://doi.org/10.1145/3386723.3387875

Abstract

© 2020 ACM. Even though the cloud paradigm and its associated services has been adopted in various enterprise applications, there has been major issues with regard to authenticating users' critical data. Single Sign on (SSO) is a user authentication technique through which a server authenticates and allows a user to use a single aspect of login credentials, for example, to access multiple services in the cloud. Even though SSO reduces the number of logins that are needed over heterogeneous environments, the risk that might be associated with the security of SSO might be detrimental if, for example, a Man-in-the Middle (MITM) attacker manages to gain control of the SSO credentials. It is also possible to get the identity of the users who have logged into Active Directory or intranet and this identity can easily be used to log into other web-based applications, and this requires the use of the Security Assertion Mark-up Language (SAML). SAML is basically a standard that allows users to be logged into applications as per their sessions. The problem that this paper addresses is the lack of a proactive technique of hardening cloud-based SAML while combining SSO with a Multi-Factor Authentication (MFA) at the time of writing this paper. The authors have, therefore, proposed an effective approach that unifies SSO with MFA in this context. Based on the base score index conducted over Common Vulnerability Scoring System (CVSS), the architecture proves to be reliable, feasible and with better performance.

DOI

10.1145/3386723.3387875

Access Rights

subscription content