Skip to main content
SpringerLink
Log in

Flexible and Survivable Single Sign-On

  • Conference paper
  • First Online:
Cyberspace Safety and Security (CSS 2021)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 13172))

Included in the following conference series:

Abstract

Single sign-on (SSO) is a popular authentication method that is vulnerable to attacks exploiting the single points of failure of its centralized design. This problem is addressed by survivable SSO protocols relying on distributed architectures that enable a set of servers to collectively authenticate a user. However, existing survivable SSO protocols have limitations because they do not allow service providers to modify security parameters after protocol setup. This paper introduces the first survivable SSO protocol that guarantees flexibility. This property is of utmost importance for SSO because it allows service providers to tailor the trade-off between performance overhead and security requirements of multiple services and even to preserve compatibility with non-survivable SSO.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 54.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 69.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Regulation (EU) no 910/2014 of the European parliament and of the council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market and repealing directive 1999/93/EC. Technical report, European Parliament, Council of the European Union (2014). https://eur-lex.europa.eu/eli/reg/2014/910/oj

  2. Detecting abuse of authentication mechanisms. Technical report, National Security Agency (2020)

    Google Scholar 

  3. Agrawal, S., Miao, P., Mohassel, P., Mukherjee, P.: PASTA: PASsword-based threshold authentication. In: Proceedings of the ACM SIGSAC Conference on Computer and Communications Security (2018)

    Google Scholar 

  4. Andreolini, M., Pietri, M., Tosi, S., Balboni, A.: Monitoring large cloud-based systems. In: 4th International Conference on Cloud Computing and Services Science, CLOSER. SciTePress (2014)

    Google Scholar 

  5. Avizienis, A., Laprie, J., Randell, B., Landwehr, C.: Basic concepts and taxonomy of dependable and secure computing. IEEE Trans. Dependable Secure Comput. 1(1), 11–33 (2004)

    Article  Google Scholar 

  6. Baum, C., Frederiksen, T.K., Hesse, J., Lehmann, A., Yanai, A.: PESTO: proactively secure distributed single sign-on, or how to trust a hacked server. In: 5th IEEE European Symposium on Security and Privacy (2019)

    Google Scholar 

  7. Biryukov, A., Dinu, D., Khovratovich, D.: Argon2: new generation of memory-hard functions for password hashing and other applications. In: European Symposium on Security and Privacy. IEEE (2016)

    Google Scholar 

  8. Boeyen, S., Santesson, S., Polk, T., Housley, R., Farrell, S., Cooper, D.: Internet X.509 public key infrastructure certificate and certificate revocation list (CRL) profile. Technical report, IETF (2008)

    Google Scholar 

  9. Boldyreva, A.: Threshold signatures, multisignatures and blind signatures based on the gap-Diffie-Hellman-group signature scheme. In: Desmedt, Y.G. (ed.) PKC 2003. LNCS, vol. 2567, pp. 31–46. Springer, Heidelberg (2003). https://doi.org/10.1007/3-540-36288-6_3

    Chapter  Google Scholar 

  10. Cash, D., Meltzer, M., Koessel, S., Adair, S., Lancaster, T.: Dark halo leverages solarwinds compromise to breach organizations. Technical report, Volexity (2020). https://www.volexity.com/blog/2020/12/14/dark-halo-leverages-solarwinds-compromise-to-breach-organizations/

  11. Damgård, I., Jakobsen, T.P., Nielsen, J.B., Pagter, J.I.: Secure key management in the cloud. In: Stam, M. (ed.) IMACC 2013. LNCS, vol. 8308, pp. 270–289. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-45239-0_16

    Chapter  Google Scholar 

  12. Eldefrawy, K., Ostrovsky, R., Park, S., Yung, M.: Proactive secure multiparty computation with a dishonest majority. In: Catalano, D., De Prisco, R. (eds.) SCN 2018. LNCS, vol. 11035, pp. 200–215. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-98113-0_11

    Chapter  Google Scholar 

  13. Fisher, W., et al.: Mobile application single sign-on: improving authentication for public safety first responders (2nd draft). Technical report, National Institute of Standards and Technology (2019). Special Publication 1800-13B

    Google Scholar 

  14. Freedman, M.J., Ishai, Y., Pinkas, B., Reingold, O.: Keyword search and oblivious pseudorandom functions. In: Kilian, J. (ed.) TCC 2005. LNCS, vol. 3378, pp. 303–324. Springer, Heidelberg (2005). https://doi.org/10.1007/978-3-540-30576-7_17

    Chapter  Google Scholar 

  15. Garcia, M., Bessani, A., Gashi, I., Neves, N., Obelheiro, R.: Analysis of operating system diversity for intrusion tolerance. Softw. Pract. Exp. 44(6), 735–770 (2014)

    Article  Google Scholar 

  16. Grassi, P.A., Garcia, M.E., Fenton, J.L.: Digital identity guidelines. Technical report, National Institute of Standards and Technology (2017). DRAFT Special Publication 800-63c

    Google Scholar 

  17. Herzberg, A., Jarecki, S., Krawczyk, H., Yung, M.: Proactive secret sharing or: how to cope with perpetual leakage. In: Coppersmith, D. (ed.) CRYPTO 1995. LNCS, vol. 963, pp. 339–352. Springer, Heidelberg (1995). https://doi.org/10.1007/3-540-44750-4_27

    Chapter  Google Scholar 

  18. Jarecki, S., Krawczyk, H., Xu, J.: OPAQUE: an asymmetric PAKE protocol secure against pre-computation attacks. In: Nielsen, J.B., Rijmen, V. (eds.) EUROCRYPT 2018. LNCS, vol. 10822, pp. 456–486. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-78372-7_15

    Chapter  Google Scholar 

  19. Jhawar, R., Piuri, V.: Fault tolerance and resilience in cloud computing environments. In: Computer and Information Security Handbook. Elsevier (2017)

    Google Scholar 

  20. Magnanini, F., Ferretti, L., Colajanni, M.: Scalable, confidential and survivable software updates. IEEE Trans. Parallel Distrib. Syst. 33(1), 176–191 (2022). https://doi.org/10.1109/TPDS.2021.3090330

    Article  Google Scholar 

  21. Nikitin, K., et al.: CHAINIAC: proactive software-update transparency via collectively signed skipchains and verified builds. In: Proceedings of the 26th USENIX Security Symposium (2017)

    Google Scholar 

  22. Nystrom, M., Kaliski, B.: PKCS #10: Certification Request Syntax Specification Version 1.7. RFC 2986 (2000). https://rfc-editor.org/rfc/rfc2986.txt

  23. Ostrovsky, R., Yung, M.: How to withstand mobile virus attacks. In: Proceedings of the Tenth Annual ACM Symposium on Principles of Distributed Computing (1991)

    Google Scholar 

  24. Ray, I., Belyaev, K., Strizhov, M., Mulamba, D., Rajaram, M.: Secure logging as a service-delegating log management to the cloud. IEEE Syst. J. 7(2), 323–334 (2013)

    Article  Google Scholar 

  25. Rose, S., Borchert, O., Mitchell, S., Connelly, S.: Zero trust architecture. Technical report, National Institute of Standards and Technology (2020)

    Google Scholar 

  26. Zhang, Y., Xu, C., Li, H., Yang, K., Cheng, N., Shen, X.S.: PROTECT: efficient password-based threshold single-sign-on authentication for mobile users against perpetual leakage. IEEE Trans. Mob. Comput. 20(6), 2297–2312 (2021)

    Article  Google Scholar 

  27. Zhou, L., Schneider, F.B., Van Renesse, R.: COCA: a secure distributed on-line certification authority. ACM Trans. Comput. Syst. (TOCS) 20(4), 329–368 (2002)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. University of Modena and Reggio Emilia, Modena, Italy

    Federico Magnanini & Luca Ferretti

  2. University of Bologna, Bologna, Italy

    Michele Colajanni

Authors
  1. Federico Magnanini
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Luca Ferretti
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Michele Colajanni
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Federico Magnanini .

Editor information

Editors and Affiliations

  1. Technical University of Denmark, Kongens Lyngby, Denmark

    Weizhi Meng

  2. University of Padua, Padua, Italy

    Mauro Conti

Rights and permissions

Reprints and permissions

Copyright information

© 2022 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Magnanini, F., Ferretti, L., Colajanni, M. (2022). Flexible and Survivable Single Sign-On. In: Meng, W., Conti, M. (eds) Cyberspace Safety and Security. CSS 2021. Lecture Notes in Computer Science(), vol 13172. Springer, Cham. https://doi.org/10.1007/978-3-030-94029-4_13

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-94029-4_13

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-94028-7

  • Online ISBN: 978-3-030-94029-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation