On the security of an identity-based single-sign-on scheme

Author

Zhang, Jianhong ; Liu, Xue

Author_Institution

Coll. of Sci., North China Univ. of Technol., Beijing, China

Volume

3

fYear

2010

fDate

9-11 July 2010

Firstpage

117

Lastpage

120

Abstract

At present, to access to email account or bank account, a network user has to remember the registered account number of the user and the corresponding password for every service with which they are registered. However, when multiple systems are involved, the user is then required to authenticate to each system individually and repeatedly. It results in inconvenience to each authentication. Recently, to overcome the problem, an identity-based single-sign-on scheme was proposed to achieve user identification and authentication to multiple security-protected systems simultaneously through a single operation. The security of the scheme is claimed to be related to the well-Known RSA cryptosystem and the discrete logarithm problem. Unfortunately, in this work we show that Ren´s scheme is suffering an unforgeable attack, namely, any one can pass verification in name of any user´s identity. Finally, an improved version is proposed.

Keywords

message authentication; public key cryptography; RSA cryptosystem; Ren scheme; discrete logarithm problem; identity authentication; identity-based single-sign-on scheme; multiple security-protected systems; Authentication; Cryptography; Law; forgeable attack; identity authentication; identity-based cryptography; single-sign-on;

fLanguage

English

Publisher

ieee

Conference_Titel

Computer Science and Information Technology (ICCSIT), 2010 3rd IEEE International Conference on

Conference_Location

Chengdu

Print_ISBN

978-1-4244-5537-9

Type

conf

DOI

10.1109/ICCSIT.2010.5564492

Filename

5564492