Impostor: a single sign-on system for use from untrusted devices

Author

Pashalidis, Andreas ; Mitchell, Chris J.

Author_Institution

Inf. Security Group, Univ. of London, UK

Volume

4

fYear

2004

fDate

29 Nov.-3 Dec. 2004

Firstpage

2191

Abstract

At present, network users have to manage a set of authentication credentials (usually a username/password pair) for every service with which they are registered. Single sign-on (SSO) has been proposed as a solution to the usability, security and management implications of this situation. Under SSO, users need to manage only one set of authentication credentials in order to log into the services they subsequently use. This paper presents the design of an SSO system that is based on a trusted proxy, and that is suitable for use from an untrusted network access device. Unlike existing proxy-based SSO schemes, which require an infrastructure to be in place between the proxy and the service providers, the one presented here does not. An open-source implementation of the scheme, called ´Impostor´, is also described. The prototype is implemented as an HTTP proxy, resulting in a system that works with common Web browsers.

Keywords

message authentication; online front-ends; subscriber loops; telecommunication security; transport protocols; ubiquitous computing; HTTP proxy; Impostor; SSO system; Web browsers; authentication credentials; security management; single sign-on system; trusted proxy; ubiquitous computing; untrusted network access device; username/password pair; Airports; Authentication; Concrete; Cryptography; Electronic mail; IP networks; Information security; Protection; Prototypes; Usability;

fLanguage

English

Publisher

ieee

Conference_Titel

Global Telecommunications Conference, 2004. GLOBECOM '04. IEEE

Print_ISBN

0-7803-8794-5

Type

conf

DOI

10.1109/GLOCOM.2004.1378398

Filename

1378398