Title :
An Improved Scheme of Single Sign-on Protocol
Author_Institution :
Dept. of Comput. Sci. & Technol., Dezhou Univ., Dezhou, China
Abstract :
Because of the password attack and the replay attack are existing comparatively serious threats for a traditional single sign-on protocol, and the most methods of this issue solving are all not paying the attention to impact on the whole system caused by unsafe client. In this regard, this study proposes an improved single sign-on protocol. Based on the traditional single sign-on protocol, it increases the two data flows which from authentication server AS to ticket-granting server TGS and from TGS to application servers V, and it adopts public key encryption system and USB cryptogram key to prevent password attack, which is leading to improve the client work efficiency and degrade its security gravity; moreover, it adds the authenticated clients database for the authentication validation and the authorized clients database for the authority validation, which would greatly be enhanced the ability of preventing from the replay attack of the system and benefit to the system´s audit.
Keywords :
authorisation; cryptographic protocols; database management systems; message authentication; public key cryptography; USB cryptogram key; authenticated client database; authentication server AS; authorized client database; password attack; public key encryption; replay attack; single sign-on protocol; ticket-granting server; Authentication; Computer science; Computer security; Cryptography; Data security; Databases; Information security; Protocols; Public key; Universal Serial Bus; kerberos protocol; password attack; replay attack; single sign-on (SSO);
Conference_Titel :
Information Assurance and Security, 2009. IAS '09. Fifth International Conference on
Conference_Location :
Xian
Print_ISBN :
978-0-7695-3744-3
DOI :
10.1109/IAS.2009.202
