International Journal of Information Technology and Computer Science (IJITCS)
IJITCS Vol. 6, No. 7, 8 Jun. 2014
Cover page and Table of Contents: PDF (size: 283KB)
Confidence Analysis of a Solo Sign-On Device for Distributed Computer Networks
Full Text (PDF, 283KB), PP.40-46
Views: 0 Downloads: 0
Author(s)
Sumanth C M
1,*
Adithyan B
1
Index Terms
Authentication, Distributed computer networks, Information security, Security analysis, Solo Sign-On
Abstract
Solo sign-on (SSO) is a new authentication mechanism that enables a legal user with a single credential to be authenticated by multiple service providers in a distributed computer network. Recently, a SSO scheme proposed and claimed its security by providing well organized security arguments. But their scheme is actually insecure as it fails to meet credential privacy and soundness of authentication. Specifically, we present two impersonation attacks i.e., credential recovering attack and impersonation attack without credentials. So we propose a more authentication scheme that overcomes these attacks and flaws by make use of efficient verifiable encryption of RSA signatures. We promote the formal study of the soundness of authentication as one open problem.
Cite This Paper
Sumanth C M, Adithyan B, "Confidence Analysis of a Solo Sign-On Device for Distributed Computer Networks", International Journal of Information Technology and Computer Science(IJITCS), vol.6, no.7, pp.40-46, 2014. DOI:10.5815/ijitcs.2014.07.06
Reference
[1]L.Lamport, “Password authentication with insecure communication,” Commun. ACM, vol. 24, no. 11, pp. 770–772, Nov. 1981.
[2]W. B. Lee and C. C. Chang, “User identification and key distribution maintaining anonymity for distributed computer networks,” Comput. Syst. Sci. Eng., vol. 15, no. 4, pp. 113–116, 2000.
[3]A. C. Weaver and M. W. Condtry, “Distributing internet services to the network’s edge,” IEEE Trans. Ind. Electron., vol. 50, no. 3, pp. 404–411, Jun. 2003.
[4]G. Ateniese, “Verifiable encryption of digital signatures and applications,” ACM Trans. Inf. Syst. Security., vol. 7, no.1, pp. 1–20, 2004.
[5]T.-S.Wu and C.-L. Hsu,“Efficient user identification scheme with key distribution preserving anonymity for distributed computer networks,” Computer Security, vol. 23, no. 2, pp. 120–125, 2004.
[6]Y. Yang, S. Wang, F. Bao, J. Wang, and R. H. Deng, “New efficient user identification and key distribution scheme providing enhanced security,” Computer Security, vol. 23, no. 8, pp. 697–704, 2004.
[7]K. V. Mangipudi and R. S. Katti, “A secure identification and key agreement protocol with user anonymity (SIKA),” Computer Security, vol. 25, no. 6, pp. 420–425, 2006.
[8]C.-C. Lee, M.-S. Hwang and I-E. Liao, “Security enhancement on a new authentication scheme with anonymity for wireless environments,” IEEE Trans. Ind. Electron., 53(5): 1683-1687, Oct. 2006.
[9]C.-L. Hsu and Y. -H. Chuang, “A novel user identification scheme with key distribution preserving user anonymity for distributed computer networks,” Inf. Sci., vol. 179, no. 4, pp. 422–429, 2009.
[10]X. Li,W. Qiu, D. Zheng, K. Chen, and J. Li, “Anonymity enhancement on robust and efficient password-authenticated key agreement using smart cards,” IEEE Trans. Ind. Electron., vol. 57, no. 2, pp. 793–800, Feb. 2010.
[11]M. Cheminod, A. Pironti, and R. Sisto, “Formal vulnerability analysis of a security system for remote fieldbus access,” IEEE Trans. Ind. Inf., vol. 7, no. 1, pp. 30–40, Feb. 2011.
[12]C -C. Chang and C-Y. Lee, “A secure single sign-on mechanism for distributed computer networks,” IEEE Trans. Ind. Electron, vol. 59, no. 1, pp. 629–637, Jan. 2012.
[13]The Open Group, “Security Forum on Single Sign-on”, http://www.opengroup.org/security/l2-sso.html.
[14]Wikipedia, RSA (algorithm). [online]. http://en.wikipedia.org/wiki/RSA_ (algorithm).
[15]PKCS, “Public key cryptography standards, PKCS #1 v2.1,” RSA Cryptography Standard, Draft 2, 2001.Available at http://www.rsasecurity.com /rsalabs/ pkcs/.