Authentication Session Migration

  • Sanna Suoranta
  • Jani Heikkinen
  • Pekka Silvekoski
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7127)

Abstract

Consumers increasingly access services with different devices such as desktop workstations, notepad computers and mobile phones. When they want to switch to another device while using a service, they have to re-authenticate. If several services and authenticated sessions are open, switching between the devices becomes cumbersome. Single Sign-on (SSO) techniques help to log in to several services but re-authentication is still necessary after changing the device. This clearly violates the goal of seamless mobility that is the target of much recent research. In this paper, we propose and implement migration of authentication session between a desktop computer and a mobile device. The solution is based on transferring the authentication session cookies. We tested the session migration with the OpenID, Shibboleth and CAS single sign-on systems and show that when the authentication cookies are transferred, the service sessions continue seamlessly and do not require re-authentication. The migration requires changes on the client web browsers but they can be implemented as web browser extensions and only minimal configuration changes on server side are sometimes required. The results of our study show that the client-to-client authentication session migration enables easy switching between client devices in online services where the service state is kept in the cloud and the web browser is acting as the user interface.

Keywords

Session Initiation Protocol Target Device Identity Provider Service Session Original Device 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Accetta, M., Baron, R., Bolosky, W., Golub, D., Rashid, R., Tevanian, A., Young, M.: Mach: A new kernel foundation for UNIX development. In: Proceedings of the Summer USENIX Conference (1986)Google Scholar
  2. 2.
    Adeyeye, M., Ventura, N.: A sip-based web client for http session mobility and multimedia services. Computer Communications 33(8) (2010)Google Scholar
  3. 3.
    Allard, F., Bonnin, J.M.: An application of the context transfer protocol: IPsec in a IPv6 mobility environment. International Journal of Communication Networks and Distributed Systems 1(1) (2008)Google Scholar
  4. 4.
    Barak, A., Laden, O., Yarom, Y.: The NOW MOSIX and its preemptive process migration scheme. Bulletin of the IEEE Technical Committee on Operating Systems and Application Environments 7(2), 5–11 (1995)Google Scholar
  5. 5.
    Baratto, R.A., Potter, S., Su, G., Nieh, J.: Mobidesk: mobile virtual desktop computing. In: MobiCom 2004: Proceedings of the 10th Annual International Conference on Mobile Computing and Networking (2004)Google Scholar
  6. 6.
    Bolla, R., Rapuzzi, R., Repetto, M., Barsocchi, P., Chessa, S., Lenzi, S.: Automatic multimedia session migration by means of a context-aware mobility framework. In: Mobility 2009, The 6th International Conference on Mobile Technology, Application & Systems (2009)Google Scholar
  7. 7.
    Bolla, R., Rapuzzi, R., Repetto, M.: Handling mobility over the network. In: CFI 2009: Proceedings of the 4th International Conference on Future Internet Technologies (2009)Google Scholar
  8. 8.
    Bournelle, J., Laurent-Maknavicius, M., Tschofenig, H., Mghazli, Y.E.: Handover-aware access control mechanism: CTP for PANA. Universal Multiservice Networks (2004)Google Scholar
  9. 9.
    Budzisz, L., Ferrús, R., Brunstrom, A., Grinnemo, K.J., Fracchia, R., Galante, G., Casadevall, F.: Towards transport-layer mobility: Evolution of SCTP multihoming. Computer Communications 31(5) (March 2008)Google Scholar
  10. 10.
    Chalandar, M.E., Darvish, P., Rahmani, A.M.: A centralized cookie-based single sign-on in distributed systems. In: ITI 5th International Conference on Information and Communications Technology (ICICT 2007), pp. 163–165 (2007)Google Scholar
  11. 11.
    claimID.com, Inc: claimID (2010), http://claimid.com (referred 2.8.2010)
  12. 12.
    Clark, C., Fraser, K., Hand, S., Hansen, J.G., Jul, E., Limpach, C., Pratt, I., Warfield, A.: Live migration of virtual machines. In: NSDI 2005: 2nd Symposium on Networked Systems Desgin and Implementation. USENIX Association (2005)Google Scholar
  13. 13.
    Cui, Y., Nahrstedt, K., Xu, D.: Seamless user-level handoff in ubiquitous multimedia service delivery. Multimedia Tools and Applications 22(2) (February 2004)Google Scholar
  14. 14.
    Dierks, T., Rescorla, E.: The transport layer security (TLS) protocol version 1.1. RFC 4346, IETF (April 2006)Google Scholar
  15. 15.
    Diniz, J.R.B., Ferraz, C.A.G., Melo, H.: An architecture of services for session management and contents adaptation in ubiquitous medical environments. In: SAC 2008: Proceedings of the 2008 ACM Symposium on Applied Computing (2008)Google Scholar
  16. 16.
    Douglis, F.: Process migration in the Sprite operating system. In: Proceedings of the 7th International Conference on Distributed Computing Systems, pp. 18–25 (1987)Google Scholar
  17. 17.
    Fielding, R., Gettys, J., Mogul, J., Frystyk, H., Masinter, L., Leach, P., Berners-Lee, T.: Hypertext transfer protocol – http/1.1. RFC 2616, IETF (June 1999)Google Scholar
  18. 18.
    Finnish IT center for science (CSC): HAKA federation, http://www.csc.fi/english/institutions/haka (referred 10.2.2010)
  19. 19.
    Forsberg, D., Ohba, Y., Patil, B., Tschofenig, H., Yesig, A.: Protocol for carrying authentication for network access (PANA). RFC 5191, IETF (May 2008)Google Scholar
  20. 20.
    Georgiades, M., Akhtar, N., Politis, C., Tafazolli, R.: Enhancing mobility management protocols to minimise AAA impact on handoff performance. Computer Communications 30, 608–628 (2007)CrossRefGoogle Scholar
  21. 21.
    Google: Pybluez (bluetooth library for python), http//code.google.com/p/pybluez/ (referred 15.12.2009)Google Scholar
  22. 22.
    Hager, C., Midkiff, S.: An analysis of bluetooth security vulnerabilities. In: Proceedings of IEEE Wireless Communications and Networking (WCNC 2003) (March 2003)Google Scholar
  23. 23.
    Hatsugai, R., Saito, T.: Load-balancing SSL cluster using session migration. In: AINA 2007: Proceedings of the 21st International Conference on Advanced Networking and Applications. IEEE Computer Society (May 2007)Google Scholar
  24. 24.
    Hsieh, M., Wang, T., Sai, C., Tseng, C.: Stateful session handoff for mobile www. Information Sciences 176(9), 1241–1265 (2006)CrossRefMATHGoogle Scholar
  25. 25.
    Internet2: Shibboleth (2006), http://shibboleth.internet2.edu/ (referred 5.9.2006)
  26. 26.
    Jasig: Central authentication service (CAS), http://www.jasig.org/cas (ref. 15.1.2009)
  27. 27.
    Kempf, J.: Problem description: Reasons for performing context transfers between nodes in an IP access network. RFC 3374, IETF (September 2002)Google Scholar
  28. 28.
    Koponen, T., Eronen, P., Särelä, M.: Esilient connections for SSH and TLS. In: USENIX Annual Technical Conference (2006)Google Scholar
  29. 29.
    KVM: Kvm migration, http://www.linux-kvm.org/page/Migration (referred 27.7.2010)
  30. 30.
    Livejournal: Livejournal, http://www.livejournal.com (referred 16.1.2010)
  31. 31.
    Loughney, J., Nakhjiri, M., Perkins, C., Koodli, R.: Context transfer protocol (CXTP). RFC 4067, IETF (July 2005)Google Scholar
  32. 32.
    Milojicic, D.S., Douglis, F., Paindaveine, Y., Wheeler, R., Zhou, S.: Process migration. ACM Compuring Surveys 32(3), 241–299 (2000)CrossRefGoogle Scholar
  33. 33.
    Montenegro, G., Roberts, P., Patil, B.: IP routing for wireless/mobile hosts (mobileip) (concluded ietf working group) (August 2001), http://datatracker.ietf.org/wg/mobileip/charter/ (referred 26.7.2010)
  34. 34.
    Morgan, P.: nsIFile (mozilla extension reference), http://developer.mozilla.org/en/nsIFile (referred 15.12.2009)
  35. 35.
    OpenID.net: Openid.net (2008), http://openid.net/
  36. 36.
    OpenSSL: Openssl project (2005), http://www.openssl.org/ (referred 17.10.2008)
  37. 37.
    OpenVZ: Checkpointing and live migration (September 6, 2007), http://wiki.openvz.org/Checkpointing_and_live_migration (referred 27.7.2010)
  38. 38.
    Park, J.S., Sandhu, R.: Secure cookies on the web. IEEE Internet Computing 4(4), 36–44 (2000)CrossRefGoogle Scholar
  39. 39.
    Ragouzis, N., Hughes, J., Philpott, R., Maler, E., Madsen, P., Scavo, T.: Security assertion markup language (saml) v2.0 technical overview. Tech. rep., OASIS (February 2007)Google Scholar
  40. 40.
    Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston, A., Sparks, J.P.R., Handley, M., Schooler, E.: Sip: Session initiation protocol. RFC 3261, IETF (2002)Google Scholar
  41. 41.
    Samar, V.: Single sign-on using cookies for web applications. In: Proceedings of IEEE 8th International Workshop on Enabling Technologies: Infrastructure for Collaborative Enterprises (WET ICE 1999), pp. 158–163 (June 1999)Google Scholar
  42. 42.
    Shacham, R., Schulzrinne, H., Thakolsri, S., Kellerer, W.: Ubiquitous device personalization and use: The next generation of IP multimedia communications. Transactions on Multimedia Computing, Communications, and Applications (TOMCCAP) 3(2) (May 2007)Google Scholar
  43. 43.
    Shepherd, E.: nsICookie (mozilla extension reference), http://developer.mozilla.org/en/nsICookie (referred 15.12.2009)
  44. 44.
    Shepherd, E.: nsICookieManager (mozilla extension reference), http://developer.mozilla.org/en/nsICookieManager (referred 26.7.2010)
  45. 45.
    Shepherd, E., Smedberg, B.: nsIProcess (mozilla extension reference) (May 2009), http://developer.mozilla.org/en/nsIProcess (referred 15.12.2009)
  46. 46.
    Silvekoski, P.: Client-side migration of authentication session. Master’s thesis, Aalto University School of Science and Technology (2010)Google Scholar
  47. 47.
    Sizzlelab.org: Otasizzle (April 2010), http://sizl.org/ (referred 28.7.2010)
  48. 48.
    Stewart, R.: Stream control transmission protocol. RFC 4960, IETF (September 2007)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Sanna Suoranta
    • 1
  • Jani Heikkinen
    • 1
  • Pekka Silvekoski
    • 1
  1. 1.School of Science and TechnologyAalto UniversityEspooFinland

Personalised recommendations