Abstract
Single Sign-On (SSO) is a core component in a federated identity management (FIM). Dynamic Single Sign-on (DSSO) is a more flexible SSO where users can change their service requirements dynamically. However, the security in the current SSO and DSSO systems remain questionable. As an example, personal credentials could be illegally used to allow illegal users to access the services. It is indeed a challenging task to achieve strong security in SSO and DSSO. In this paper, we propose a generic construction of DSSO with strong security. We propose the formal definitions and security models for SSO and DSSO, which enable one to achieve the security of SSO and DSSO with the underlying (standard) security assumptions. We also provide a formal security proof on our generic DSSO scheme.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Boneh, D., Gentry, C., Waters, B.: Collusion resistant broadcast ecryption with short ciphertexts and private keys. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 258–275. Springer, Heidelberg (2005)
Boneh, D., Shen, E., Waters, B.: Strongly unforgeable signatures based on computational diffie-hellman. In: Yung, M., Dodis, Y., Kiayias, A., Malkin, T.G. (eds.) PKC 2006. LNCS, vol. 3958, pp. 229–240. Springer, Heidelberg (2006)
Camenisch, J., Herreweghen, E.V.: Design and Implementation of the idemix Anonymous Credential System. In: Atluri, V. (ed.) ACM CCS 2001, pp. 93–118. ACM, Innsbruck (2001)
Camenisch, J., Lysyanskaya, A.: An efficient system for non-transferable anonymous credentials with optional anonymity revocation. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 93–118. Springer, Heidelberg (2001)
Camenisch, J. and Pfitzmann, B.: Federated identity management. In: Petkovic, M. and Jonker, W. (eds.), Preceedings: Security, Privacy, and Trust in Modern Data Management. Data-Centric Systems and Applications, vol. 2851, pp 213–238. Springer, Heidelberg (2007)
Cameron, K.: The laws of identity. Architect of Identity. Microsoft Corporation (2005)
Chen, T., Zhu, B.B., Li, S., Cheng, X.: Threspassport-A distributed single sign-on service. In: Huang, D.-S., Zhang, X.-P., Huang, G.-B. (eds.) ICIC 2005. LNCS, vol. 3645, pp. 772–780. Springer, Heidelberg (2005)
Diffie, W., Hellman, M.E.: New directions in cryptography. IEEE Transactions on Information Theory 22(6), 644–654 (1976)
Dodis, Y., Fazio, N.: Public key trace and revoke scheme secure against adaptive chosen ciphertext attack. In: Desmedt, Y.G. (ed.) PKC 2003. LNCS, vol. 2567, pp. 100–115. Springer, Heidelberg (2002)
Fiat, A., Naor, M.: Broadcast encryption. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 480–491. Springer, Heidelberg (1994)
Fiege, U., Fiat, A., Shamir, A.: Zero knowledge proofs of identity. In: ACM STOC 1987, pp. 210–217. ACM, New York (1987)
Goldreich, O., Micali, S., Wigderson, A.: Proofs that yield nothing but their validity or all languages in NP have zero-knowledge proof systems. Journal of the Association for Comptuing Machinery 38(1), 691–729 (1991)
Goldwasser, S., Micali, S., Rivest, R.L.: A digital signature scheme secure against adaptive chosen-message attacks. SIAM Journal on Computing 17(2), 281–308 (1988)
Goldwasser, S., Micali, S., Rackoff, C.: The knowledge complexity of interactive proof-systems. In: ACM STOC 1985, pp. 291–304. ACM, Providence (1985)
Josephson, W.K., Sirer, E.G., Schneider, F.B.: Peer-to-peer authentication with a distributed single sign-on service. In: Voelker, G.M., Shenker, S. (eds.) IPTPS 2004. LNCS, vol. 3279, pp. 250–258. Springer, Heidelberg (2005)
Kormann, D.P., Rubin, A.D.: Risks of the passport single signon protocol. Computer Networks 33(1), 51–58 (2000)
Liberty Alliance, http://www.projectliberty.org
Liberty Alliance. Liberty ID-WSF Authentication Service and Single Sign-On Service Specification Version: v2.0, http://www.projectliberty.org/liberty/content/download/871/6189/file/liberty-idwsf-authn-svc-v2.0.pdf
Lysyanskaya, A., Rivest, R.L., Sahai, A., Wolf, S.: Pseudonym systems. In: Heys, H.M., Adams, C.M. (eds.) SAC 1999. LNCS, vol. 1758, pp. 184–199. Springer, Heidelberg (2000)
OECD. OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Datal (1980), http://it.ojp.gov/documents/OECD-FIPs.pdf
OpenID, http://openid.net
Oppliger, R.: Microsoft .Net passport: a security analysis. Computer 36(7), 29–35 (2003)
Oppliger, R.: Microsoft. Net passport and identity managemen. Information Security Technical Report 9(1), 26–34 (2004)
Pashalidis, A., Mitchell, C.J.: A taxonomy of single sign-on systems. In: Safavi-Naini, R., Seberry, J. (eds.) ACISP 2003. LNCS, vol. 2727, pp. 249–265. Springer, Heidelberg (2003)
Pashalidis, A., Mitchell, C.J.: Single sign-on using trusted platforms. In: Safavi-Naini, R., Seberry, J. (eds.) ISC 2003. LNCS, vol. 2851, pp. 54–68. Springer, Heidelberg (2003)
Pashalidis, A., Mitchell, C.J.: Using GSM/UMTS for single sign-on. In: IEEE SympoTIC 2003, pp. 138–145. IEEE, Bratislava (2003)
Perlman, R., Kaufman, C.: User-centric PKI. In: Seamons, K., McBurnett, N., Polk, T. (eds.) IDtrust 2008, pp. 59–71. ACM, Gaithersburg (2008)
Rehmant, R.U.: Get Ready for OpenID. Conformix Technologies Inc. (2008)
Sahai, A., Waters, B.: Fuzzy Identity-Based Encryption. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 457–473. Springer, Heidelberg (2005)
Spantzely, A.B., Camenisch, J., Gross, T., Dieter Sommer, D.: User centricity: a taxonomy and open issues. In: ACM DIM 2006, pp. 1–10. ACM, Alexandria (2006)
Suriadi, S., Foo, E., Jsang, A.: A user-centric federated single sign-on system. Journal of Network and Computer Applications 32(2), 388–401 (2009)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 ICST Institute for Computer Science, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Han, J., Mu, Y., Susilo, W., Yan, J. (2010). A Generic Construction of Dynamic Single Sign-on with Strong Security. In: Jajodia, S., Zhou, J. (eds) Security and Privacy in Communication Networks. SecureComm 2010. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 50. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-16161-2_11
Download citation
DOI: https://doi.org/10.1007/978-3-642-16161-2_11
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-16160-5
Online ISBN: 978-3-642-16161-2
eBook Packages: Computer ScienceComputer Science (R0)