Abstract
Consumers increasingly access services with different devices such as desktop workstations, notepad computers and mobile phones. When they want to switch to another device while using a service, they have to re-authenticate. If several services and authenticated sessions are open, switching between the devices becomes cumbersome. Single Sign-on (SSO) techniques help to log in to several services but re-authentication is still necessary after changing the device. This clearly violates the goal of seamless mobility that is the target of much recent research. In this paper, we propose and implement migration of authentication session between a desktop computer and a mobile device. The solution is based on transferring the authentication session cookies. We tested the session migration with the OpenID, Shibboleth and CAS single sign-on systems and show that when the authentication cookies are transferred, the service sessions continue seamlessly and do not require re-authentication. The migration requires changes on the client web browsers but they can be implemented as web browser extensions and only minimal configuration changes on server side are sometimes required. The results of our study show that the client-to-client authentication session migration enables easy switching between client devices in online services where the service state is kept in the cloud and the web browser is acting as the user interface.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Accetta, M., Baron, R., Bolosky, W., Golub, D., Rashid, R., Tevanian, A., Young, M.: Mach: A new kernel foundation for UNIX development. In: Proceedings of the Summer USENIX Conference (1986)
Adeyeye, M., Ventura, N.: A sip-based web client for http session mobility and multimedia services. Computer Communications 33(8) (2010)
Allard, F., Bonnin, J.M.: An application of the context transfer protocol: IPsec in a IPv6 mobility environment. International Journal of Communication Networks and Distributed Systems 1(1) (2008)
Barak, A., Laden, O., Yarom, Y.: The NOW MOSIX and its preemptive process migration scheme. Bulletin of the IEEE Technical Committee on Operating Systems and Application Environments 7(2), 5–11 (1995)
Baratto, R.A., Potter, S., Su, G., Nieh, J.: Mobidesk: mobile virtual desktop computing. In: MobiCom 2004: Proceedings of the 10th Annual International Conference on Mobile Computing and Networking (2004)
Bolla, R., Rapuzzi, R., Repetto, M., Barsocchi, P., Chessa, S., Lenzi, S.: Automatic multimedia session migration by means of a context-aware mobility framework. In: Mobility 2009, The 6th International Conference on Mobile Technology, Application & Systems (2009)
Bolla, R., Rapuzzi, R., Repetto, M.: Handling mobility over the network. In: CFI 2009: Proceedings of the 4th International Conference on Future Internet Technologies (2009)
Bournelle, J., Laurent-Maknavicius, M., Tschofenig, H., Mghazli, Y.E.: Handover-aware access control mechanism: CTP for PANA. Universal Multiservice Networks (2004)
Budzisz, L., Ferrús, R., Brunstrom, A., Grinnemo, K.J., Fracchia, R., Galante, G., Casadevall, F.: Towards transport-layer mobility: Evolution of SCTP multihoming. Computer Communications 31(5) (March 2008)
Chalandar, M.E., Darvish, P., Rahmani, A.M.: A centralized cookie-based single sign-on in distributed systems. In: ITI 5th International Conference on Information and Communications Technology (ICICT 2007), pp. 163–165 (2007)
claimID.com, Inc: claimID (2010), http://claimid.com (referred 2.8.2010)
Clark, C., Fraser, K., Hand, S., Hansen, J.G., Jul, E., Limpach, C., Pratt, I., Warfield, A.: Live migration of virtual machines. In: NSDI 2005: 2nd Symposium on Networked Systems Desgin and Implementation. USENIX Association (2005)
Cui, Y., Nahrstedt, K., Xu, D.: Seamless user-level handoff in ubiquitous multimedia service delivery. Multimedia Tools and Applications 22(2) (February 2004)
Dierks, T., Rescorla, E.: The transport layer security (TLS) protocol version 1.1. RFC 4346, IETF (April 2006)
Diniz, J.R.B., Ferraz, C.A.G., Melo, H.: An architecture of services for session management and contents adaptation in ubiquitous medical environments. In: SAC 2008: Proceedings of the 2008 ACM Symposium on Applied Computing (2008)
Douglis, F.: Process migration in the Sprite operating system. In: Proceedings of the 7th International Conference on Distributed Computing Systems, pp. 18–25 (1987)
Fielding, R., Gettys, J., Mogul, J., Frystyk, H., Masinter, L., Leach, P., Berners-Lee, T.: Hypertext transfer protocol – http/1.1. RFC 2616, IETF (June 1999)
Finnish IT center for science (CSC): HAKA federation, http://www.csc.fi/english/institutions/haka (referred 10.2.2010)
Forsberg, D., Ohba, Y., Patil, B., Tschofenig, H., Yesig, A.: Protocol for carrying authentication for network access (PANA). RFC 5191, IETF (May 2008)
Georgiades, M., Akhtar, N., Politis, C., Tafazolli, R.: Enhancing mobility management protocols to minimise AAA impact on handoff performance. Computer Communications 30, 608–628 (2007)
Google: Pybluez (bluetooth library for python), http//code.google.com/p/pybluez/ (referred 15.12.2009)
Hager, C., Midkiff, S.: An analysis of bluetooth security vulnerabilities. In: Proceedings of IEEE Wireless Communications and Networking (WCNC 2003) (March 2003)
Hatsugai, R., Saito, T.: Load-balancing SSL cluster using session migration. In: AINA 2007: Proceedings of the 21st International Conference on Advanced Networking and Applications. IEEE Computer Society (May 2007)
Hsieh, M., Wang, T., Sai, C., Tseng, C.: Stateful session handoff for mobile www. Information Sciences 176(9), 1241–1265 (2006)
Internet2: Shibboleth (2006), http://shibboleth.internet2.edu/ (referred 5.9.2006)
Jasig: Central authentication service (CAS), http://www.jasig.org/cas (ref. 15.1.2009)
Kempf, J.: Problem description: Reasons for performing context transfers between nodes in an IP access network. RFC 3374, IETF (September 2002)
Koponen, T., Eronen, P., Särelä, M.: Esilient connections for SSH and TLS. In: USENIX Annual Technical Conference (2006)
KVM: Kvm migration, http://www.linux-kvm.org/page/Migration (referred 27.7.2010)
Livejournal: Livejournal, http://www.livejournal.com (referred 16.1.2010)
Loughney, J., Nakhjiri, M., Perkins, C., Koodli, R.: Context transfer protocol (CXTP). RFC 4067, IETF (July 2005)
Milojicic, D.S., Douglis, F., Paindaveine, Y., Wheeler, R., Zhou, S.: Process migration. ACM Compuring Surveys 32(3), 241–299 (2000)
Montenegro, G., Roberts, P., Patil, B.: IP routing for wireless/mobile hosts (mobileip) (concluded ietf working group) (August 2001), http://datatracker.ietf.org/wg/mobileip/charter/ (referred 26.7.2010)
Morgan, P.: nsIFile (mozilla extension reference), http://developer.mozilla.org/en/nsIFile (referred 15.12.2009)
OpenID.net: Openid.net (2008), http://openid.net/
OpenSSL: Openssl project (2005), http://www.openssl.org/ (referred 17.10.2008)
OpenVZ: Checkpointing and live migration (September 6, 2007), http://wiki.openvz.org/Checkpointing_and_live_migration (referred 27.7.2010)
Park, J.S., Sandhu, R.: Secure cookies on the web. IEEE Internet Computing 4(4), 36–44 (2000)
Ragouzis, N., Hughes, J., Philpott, R., Maler, E., Madsen, P., Scavo, T.: Security assertion markup language (saml) v2.0 technical overview. Tech. rep., OASIS (February 2007)
Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston, A., Sparks, J.P.R., Handley, M., Schooler, E.: Sip: Session initiation protocol. RFC 3261, IETF (2002)
Samar, V.: Single sign-on using cookies for web applications. In: Proceedings of IEEE 8th International Workshop on Enabling Technologies: Infrastructure for Collaborative Enterprises (WET ICE 1999), pp. 158–163 (June 1999)
Shacham, R., Schulzrinne, H., Thakolsri, S., Kellerer, W.: Ubiquitous device personalization and use: The next generation of IP multimedia communications. Transactions on Multimedia Computing, Communications, and Applications (TOMCCAP)Â 3(2) (May 2007)
Shepherd, E.: nsICookie (mozilla extension reference), http://developer.mozilla.org/en/nsICookie (referred 15.12.2009)
Shepherd, E.: nsICookieManager (mozilla extension reference), http://developer.mozilla.org/en/nsICookieManager (referred 26.7.2010)
Shepherd, E., Smedberg, B.: nsIProcess (mozilla extension reference) (May 2009), http://developer.mozilla.org/en/nsIProcess (referred 15.12.2009)
Silvekoski, P.: Client-side migration of authentication session. Master’s thesis, Aalto University School of Science and Technology (2010)
Sizzlelab.org: Otasizzle (April 2010), http://sizl.org/ (referred 28.7.2010)
Stewart, R.: Stream control transmission protocol. RFC 4960, IETF (September 2007)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Suoranta, S., Heikkinen, J., Silvekoski, P. (2012). Authentication Session Migration. In: Aura, T., Järvinen, K., Nyberg, K. (eds) Information Security Technology for Applications. NordSec 2010. Lecture Notes in Computer Science, vol 7127. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-27937-9_2
Download citation
DOI: https://doi.org/10.1007/978-3-642-27937-9_2
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-27936-2
Online ISBN: 978-3-642-27937-9
eBook Packages: Computer ScienceComputer Science (R0)