Secure Single Sign-On Schemes Constructed from Nominative Signatures

Author

Jingquan Wang ; Guilin Wang ; Susilo, Willy

Author_Institution

Center for Comput. & Inf. Security Res., Univ. of Wollongong, Wollongong, NSW, Australia

fYear

2013

fDate

16-18 July 2013

Firstpage

620

Lastpage

627

Abstract

Single Sign-on (SSO) allows users to only log on once and then access different services via automatic authentication by using the same credential. However, most existing SSO schemes do not satisfy security notions or require a high trust level on a trusted third party (TTP), even though SSO has become popular in new distributed systems and computer networks. Motivated by this fact, we formalise a new security model of single sign-on, which not only satisfies strong security notions but also has a low trust level on TTP. We then propose a generic construction of SSO from nominative signatures, and present concrete initialisation. We also provide formal proofs to show that the proposed SSO scheme is secure according to our new formal model, if the underlying nominative signature is secure. We note that this is the first study that investigates the link between SSO and nominative signatures, which also be of an independent interest.

Keywords

authorisation; digital signatures; SSO scheme; TTP; automatic authentication; concrete initialisation; formal model; formal proofs; nominative signature; secure single sign-on schemes; trusted third party; Authentication; Games; Protocols; Public key; Servers; Syntactics; Authentication; Nominative signature; Security; Single sign-on;

fLanguage

English

Publisher

ieee

Conference_Titel

Trust, Security and Privacy in Computing and Communications (TrustCom), 2013 12th IEEE International Conference on

Conference_Location

Melbourne, VIC

Type

conf

DOI

10.1109/TrustCom.2013.238

Filename

6680894