Skip to main content
SpringerLink
Log in
Book cover

International Conference on Security and Privacy in Communication Systems

SecureComm 2010: Security and Privacy in Communication Networks pp 181–198Cite as

A Generic Construction of Dynamic Single Sign-on with Strong Security

  • Conference paper

Abstract

Single Sign-On (SSO) is a core component in a federated identity management (FIM). Dynamic Single Sign-on (DSSO) is a more flexible SSO where users can change their service requirements dynamically. However, the security in the current SSO and DSSO systems remain questionable. As an example, personal credentials could be illegally used to allow illegal users to access the services. It is indeed a challenging task to achieve strong security in SSO and DSSO. In this paper, we propose a generic construction of DSSO with strong security. We propose the formal definitions and security models for SSO and DSSO, which enable one to achieve the security of SSO and DSSO with the underlying (standard) security assumptions. We also provide a formal security proof on our generic DSSO scheme.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   84.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Boneh, D., Gentry, C., Waters, B.: Collusion resistant broadcast ecryption with short ciphertexts and private keys. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 258–275. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  2. Boneh, D., Shen, E., Waters, B.: Strongly unforgeable signatures based on computational diffie-hellman. In: Yung, M., Dodis, Y., Kiayias, A., Malkin, T.G. (eds.) PKC 2006. LNCS, vol. 3958, pp. 229–240. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  3. Camenisch, J., Herreweghen, E.V.: Design and Implementation of the idemix Anonymous Credential System. In: Atluri, V. (ed.) ACM CCS 2001, pp. 93–118. ACM, Innsbruck (2001)

    Google Scholar 

  4. Camenisch, J., Lysyanskaya, A.: An efficient system for non-transferable anonymous credentials with optional anonymity revocation. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 93–118. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  5. Camenisch, J. and Pfitzmann, B.: Federated identity management. In: Petkovic, M. and Jonker, W. (eds.), Preceedings: Security, Privacy, and Trust in Modern Data Management. Data-Centric Systems and Applications, vol. 2851, pp 213–238. Springer, Heidelberg (2007)

    Google Scholar 

  6. Cameron, K.: The laws of identity. Architect of Identity. Microsoft Corporation (2005)

    Google Scholar 

  7. Chen, T., Zhu, B.B., Li, S., Cheng, X.: Threspassport-A distributed single sign-on service. In: Huang, D.-S., Zhang, X.-P., Huang, G.-B. (eds.) ICIC 2005. LNCS, vol. 3645, pp. 772–780. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  8. Diffie, W., Hellman, M.E.: New directions in cryptography. IEEE Transactions on Information Theory 22(6), 644–654 (1976)

    Article  MathSciNet  MATH  Google Scholar 

  9. Dodis, Y., Fazio, N.: Public key trace and revoke scheme secure against adaptive chosen ciphertext attack. In: Desmedt, Y.G. (ed.) PKC 2003. LNCS, vol. 2567, pp. 100–115. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  10. Fiat, A., Naor, M.: Broadcast encryption. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 480–491. Springer, Heidelberg (1994)

    Chapter  Google Scholar 

  11. Fiege, U., Fiat, A., Shamir, A.: Zero knowledge proofs of identity. In: ACM STOC 1987, pp. 210–217. ACM, New York (1987)

    Google Scholar 

  12. Goldreich, O., Micali, S., Wigderson, A.: Proofs that yield nothing but their validity or all languages in NP have zero-knowledge proof systems. Journal of the Association for Comptuing Machinery 38(1), 691–729 (1991)

    MathSciNet  MATH  Google Scholar 

  13. Goldwasser, S., Micali, S., Rivest, R.L.: A digital signature scheme secure against adaptive chosen-message attacks. SIAM Journal on Computing 17(2), 281–308 (1988)

    Article  MathSciNet  MATH  Google Scholar 

  14. Goldwasser, S., Micali, S., Rackoff, C.: The knowledge complexity of interactive proof-systems. In: ACM STOC 1985, pp. 291–304. ACM, Providence (1985)

    Google Scholar 

  15. Josephson, W.K., Sirer, E.G., Schneider, F.B.: Peer-to-peer authentication with a distributed single sign-on service. In: Voelker, G.M., Shenker, S. (eds.) IPTPS 2004. LNCS, vol. 3279, pp. 250–258. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  16. Kormann, D.P., Rubin, A.D.: Risks of the passport single signon protocol. Computer Networks 33(1), 51–58 (2000)

    Article  Google Scholar 

  17. Liberty Alliance, http://www.projectliberty.org

  18. Liberty Alliance. Liberty ID-WSF Authentication Service and Single Sign-On Service Specification Version: v2.0, http://www.projectliberty.org/liberty/content/download/871/6189/file/liberty-idwsf-authn-svc-v2.0.pdf

  19. Lysyanskaya, A., Rivest, R.L., Sahai, A., Wolf, S.: Pseudonym systems. In: Heys, H.M., Adams, C.M. (eds.) SAC 1999. LNCS, vol. 1758, pp. 184–199. Springer, Heidelberg (2000)

    Chapter  Google Scholar 

  20. OECD. OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Datal (1980), http://it.ojp.gov/documents/OECD-FIPs.pdf

  21. OpenID, http://openid.net

  22. Oppliger, R.: Microsoft .Net passport: a security analysis. Computer 36(7), 29–35 (2003)

    Google Scholar 

  23. Oppliger, R.: Microsoft. Net passport and identity managemen. Information Security Technical Report 9(1), 26–34 (2004)

    Google Scholar 

  24. Pashalidis, A., Mitchell, C.J.: A taxonomy of single sign-on systems. In: Safavi-Naini, R., Seberry, J. (eds.) ACISP 2003. LNCS, vol. 2727, pp. 249–265. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  25. Pashalidis, A., Mitchell, C.J.: Single sign-on using trusted platforms. In: Safavi-Naini, R., Seberry, J. (eds.) ISC 2003. LNCS, vol. 2851, pp. 54–68. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  26. Pashalidis, A., Mitchell, C.J.: Using GSM/UMTS for single sign-on. In: IEEE SympoTIC 2003, pp. 138–145. IEEE, Bratislava (2003)

    Google Scholar 

  27. Perlman, R., Kaufman, C.: User-centric PKI. In: Seamons, K., McBurnett, N., Polk, T. (eds.) IDtrust 2008, pp. 59–71. ACM, Gaithersburg (2008)

    Google Scholar 

  28. Rehmant, R.U.: Get Ready for OpenID. Conformix Technologies Inc. (2008)

    Google Scholar 

  29. Sahai, A., Waters, B.: Fuzzy Identity-Based Encryption. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 457–473. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  30. Spantzely, A.B., Camenisch, J., Gross, T., Dieter Sommer, D.: User centricity: a taxonomy and open issues. In: ACM DIM 2006, pp. 1–10. ACM, Alexandria (2006)

    Google Scholar 

  31. Suriadi, S., Foo, E., Jsang, A.: A user-centric federated single sign-on system. Journal of Network and Computer Applications 32(2), 388–401 (2009)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. School of Computer Science and Software Engineering, Centre for Computer and Information Security Research, Australia

    Jinguang Han, Yi Mu & Willy Susilo

  2. School of Information Systems and Technology, University of Wollongong, NSW, 2522, Australia

    Jun Yan

  3. College of Science, Hohai University, Nanjing, 210098, China

    Jinguang Han

Authors
  1. Jinguang Han
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Yi Mu
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Willy Susilo
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Jun Yan
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Center for Secure Information Systems, George Mason University, 4400 University Drive, 22030-4422, Fairfax, VA, USA

    Sushil Jajodia

  2. Institute for Infocomm Research, 1 Fusionopolis Way, 21-01 Connexis, 138632, South Tower, Singapore

    Jianying Zhou

Rights and permissions

Reprints and permissions

Copyright information

© 2010 ICST Institute for Computer Science, Social Informatics and Telecommunications Engineering

About this paper

Cite this paper

Han, J., Mu, Y., Susilo, W., Yan, J. (2010). A Generic Construction of Dynamic Single Sign-on with Strong Security. In: Jajodia, S., Zhou, J. (eds) Security and Privacy in Communication Networks. SecureComm 2010. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 50. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-16161-2_11

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-16161-2_11

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-16160-5

  • Online ISBN: 978-3-642-16161-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation