Abstract
In this paper, we present ThresPassport (Threshold scheme-based Passport), a web-based, distributed Single Sign-On (SSO) system which utilizes a threshold-based secret sharing scheme to split a service provider’s authentication key into partial shares distributed to authentication servers. Each authentication server generates a partial authentication token upon request by a legitimate user after proper authentication. Those partial authentication tokens are combined to compute an authentication token to sign the user on to a service provider. ThresPassport depends on neither Public Key Infrastructure (PKI) nor existence of a trustworthy authority. The sign-on process is as transparent to users as Microsoft’s .NET Passport. ThresPassport offers many significant advantages over .NET Passport and other SSOs on security, portability, intrusion and fault tolerance, scalability, reliability, and availability.
This work was done when Tierui Chen was an intern at Microsoft Research Asia.
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Internet Engineering Task Force, RFC 1510: The Kerberos Network Authentication Service (V5) (September 1993)
Pashalidis, A., Mitchell, C.J.: A Taxonomy of Single Sign-On Systems. In: Safavi-Naini, R., Seberry, J. (eds.) ACISP 2003. LNCS, vol. 2727, pp. 249–264. Springer, Heidelberg (2003)
http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=security
Kormann, D.P., Rubin, A.D.: Risks of the Passport Single Signon Protocol. IEEE Computer Networks 33, 51–58 (2000)
Oppliger, R.: Microsoft.NET Passport: A Security Analysis. IEEE Computer Magazine 36(7), 29–35 (2003)
Shamir, A.: How to Share a Secret. Communications of ACM 24(11), 612–613 (1979)
Shoup, V.: Practical Threshold Signatures. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 207–220. Springer, Heidelberg (2000)
Josephson, W.K., Sirer, E.G., Schneider, F.B.: Peer-to-Peer Authentication with a Distributed Single Sign-On Service. In: Voelker, G.M., Shenker, S. (eds.) IPTPS 2004. LNCS, vol. 3279, pp. 250–258. Springer, Heidelberg (2005)
Menezes, A.J., van Oorschot, P.C., Vanstone, S.A.: Handbook of Applied Cryptography. CRC Press, London (1997)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Chen, T., Zhu, B.B., Li, S., Cheng, X. (2005). ThresPassport – A Distributed Single Sign-On Service. In: Huang, DS., Zhang, XP., Huang, GB. (eds) Advances in Intelligent Computing. ICIC 2005. Lecture Notes in Computer Science, vol 3645. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11538356_80
Download citation
DOI: https://doi.org/10.1007/11538356_80
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-28227-3
Online ISBN: 978-3-540-31907-8
eBook Packages: Computer ScienceComputer Science (R0)