Abstract
More and more, people will continuously be using ubiquitously available networked computational devices as they go about their lives: small personal devices that they carry, appliances that they find in their surroundings, and servers in remote data centers. Some of the data exchanged by these devices will be private and should be protected. Normally to protect data, users would need to authenticate themselves with a device by signing on to it. However it will be physically impossible to sign onto devices that have limited or no user interface and even if they all had a sufficient user interface it will be an intolerable burden to have to sign on to each of many devices, particularly as the membership of the ensemble of devices continuously changes with the user’s movements. Making authentication in this environment more difficult is the fact that these devices are usually connected in a personal area network that is neither secure nor reliable and uses a broadcast medium for communication. In this paper, we present a simple easy-to-use scheme that allows users to sign on to a single device and enable the rest of the devices connected in the personal area network automatically without requiring a central server or synchronized clocks. As well as being simple for the user, our solution is designed not only to prevent commonly used attacks like replay and man-in-the-middle but also to protect the user’s data even if the devices are lost or stolen.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Bellare, M., Rogaway, P.: Entity Authentication and Key Distribution. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 232–249. Springer, Heidelberg (1994)
Bird, R., Gopal, I., Herzberg, A., Janson, P., Kutten, S., Lolva, R., Yung, M.: Systematic design of two-party authentication protocols. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 44–61. Springer, Heidelberg (1992)
Bellovin, S.M., Merritt, M.: Encrypted Key Exchange: Password-Based Protocols Secure Against Dictionary Attacks. In: Proceedings of the IEEE Symposium on Research in Security and Privacy, Oakland (May 1992)
Bellovin, S.M., Merritt, M.: Augmented Encrypted Key Exchange: a Password-Based Protocols Secure Against Dictionary Attacks and Password File Compromise. In: Proceedings of the 1st ACM Conference on Computer and Communications Security (1993)
Corner, M., Noble, B.: Zero-interaction authentication. In: Proceedings of the Eighth International conference on Mobile Computing and Networking (MOBICOM), pp. 1–11. ACM Press, New York (2002)
Woo, T., Lam, S.: A semantic model for authentication protocols. In: Proceedings 1993 IEEE Symposium on Research in Security and Privacy (May 1993)
Steiner, J.G., Neuman, B.C., Schiller, J.I.: Kerberos: An Authentication Service for Open Network Systems. In: Usenix Conference Proceedings (1988)
Bellovin, S.M., Merritt, M.: Limitations of the kerberos authenication system. Computer Communication Review 20(5), 119–132 (1990)
Kormann, D.P., Rubin, A.D.: Risks of the Passport Single Signon Protocol. Computer Networks 33 (2000)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Reddy, P., O’Brien-Strain, E., Rowson, J. (2005). Securely Propagating Authentication in an Ensemble of Personal Devices Using Single Sign-on. In: Castelluccia, C., Hartenstein, H., Paar, C., Westhoff, D. (eds) Security in Ad-hoc and Sensor Networks. ESAS 2004. Lecture Notes in Computer Science, vol 3313. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-30496-8_15
Download citation
DOI: https://doi.org/10.1007/978-3-540-30496-8_15
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-24396-0
Online ISBN: 978-3-540-30496-8
eBook Packages: Computer ScienceComputer Science (R0)