Provably secure single sign-on scheme in distributed systems and networks

Jiangshan Yu; Guilin Wang; Yi Mu

doi:10.1109/TrustCom.2012.228

Provably secure single sign-on scheme in distributed systems and networks

Jiangshan Yu, Guilin Wang, Yi Mu

Research output: Chapter in Book/Report/Conference proceeding › Conference Paper › Research › peer-review

12 Citations (Scopus)

Abstract

Distributed systems and networks have been adopted by telecommunications, remote educations, businesses, armies and governments. A widely applied technique for distributed systems and networks is the single sign-on (SSO) which enables a user to use a unitary secure credential (or token) to access multiple computers and systems where he/she has access permissions. However, most existing SSO schemes have not been formally proved to satisfy credential privacy and soundness of credential based authentication. To overcome this drawback, we formalise the security model of single sign-on scheme with authenticated key exchange. Specially, we point out the difference between soundness and credential privacy, and define them together in one definition. Also, we propose a provably secure single sign-on authentication scheme, which satisfies soundness, preserves credential privacy, meets user anonymity, and supports session key exchange. The proposed scheme is very efficient so that it suits for mobile devices in distributed systems and networks.

Original language	English
Title of host publication	Proceedings of the The 11th IEEE International Conference on Trust, Security and Privacy in Computing and Communications - The 11th IEEE International Conference On Ubiquitous Computing and Communications
Subtitle of host publication	25-27 June 2012 / Liverpool, United Kingdom
Editors	Geyong Min, Yulei Wu, Lei (Chris) (Chris) Liu, Xiaolong Jin, Stephen Jarvis, Ahmed Y. Al-Dubai
Place of Publication	Piscataway NJ USA
Publisher	IEEE, Institute of Electrical and Electronics Engineers
Pages	271-278
Number of pages	8
ISBN (Electronic)	9780769547459
ISBN (Print)	9781467321723
DOIs	https://doi.org/10.1109/TrustCom.2012.228
Publication status	Published - 2012
Externally published	Yes
Event	IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom) 2012 - Liverpool, United Kingdom Duration: 25 Jun 2012 → 27 Jun 2012 Conference number: 11th https://ieeexplore.ieee.org/xpl/conhome/6294581/proceeding (Proceedings)

Conference

Conference	IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom) 2012
Abbreviated title	TrustCom 2012
Country	United Kingdom
City	Liverpool
Period	25/06/12 → 27/06/12
Internet address	https://ieeexplore.ieee.org/xpl/conhome/6294581/proceeding (Proceedings)

Keywords

Authentication
Distributed systems and networks
Information security
Single sign-on
Soundness

Access to Document

10.1109/TrustCom.2012.228

Link to publication in Scopus

Cite this

Yu, J., Wang, G., & Mu, Y. (2012). Provably secure single sign-on scheme in distributed systems and networks. In G. Min, Y. Wu, L. C. (Chris) Liu, X. Jin, S. Jarvis, & A. Y. Al-Dubai (Eds.), Proceedings of the The 11th IEEE International Conference on Trust, Security and Privacy in Computing and Communications - The 11th IEEE International Conference On Ubiquitous Computing and Communications: 25-27 June 2012 / Liverpool, United Kingdom (pp. 271-278). [6295985] IEEE, Institute of Electrical and Electronics Engineers. https://doi.org/10.1109/TrustCom.2012.228

Yu, Jiangshan ; Wang, Guilin ; Mu, Yi. / Provably secure single sign-on scheme in distributed systems and networks. Proceedings of the The 11th IEEE International Conference on Trust, Security and Privacy in Computing and Communications - The 11th IEEE International Conference On Ubiquitous Computing and Communications: 25-27 June 2012 / Liverpool, United Kingdom. editor / Geyong Min ; Yulei Wu ; Lei (Chris) (Chris) Liu ; Xiaolong Jin ; Stephen Jarvis ; Ahmed Y. Al-Dubai. Piscataway NJ USA : IEEE, Institute of Electrical and Electronics Engineers, 2012. pp. 271-278

@inproceedings{a08686ee7bfe49f396580b7d7e68e550,

title = "Provably secure single sign-on scheme in distributed systems and networks",

abstract = "Distributed systems and networks have been adopted by telecommunications, remote educations, businesses, armies and governments. A widely applied technique for distributed systems and networks is the single sign-on (SSO) which enables a user to use a unitary secure credential (or token) to access multiple computers and systems where he/she has access permissions. However, most existing SSO schemes have not been formally proved to satisfy credential privacy and soundness of credential based authentication. To overcome this drawback, we formalise the security model of single sign-on scheme with authenticated key exchange. Specially, we point out the difference between soundness and credential privacy, and define them together in one definition. Also, we propose a provably secure single sign-on authentication scheme, which satisfies soundness, preserves credential privacy, meets user anonymity, and supports session key exchange. The proposed scheme is very efficient so that it suits for mobile devices in distributed systems and networks.",

keywords = "Authentication, Distributed systems and networks, Information security, Single sign-on, Soundness",

author = "Jiangshan Yu and Guilin Wang and Yi Mu",

year = "2012",

doi = "10.1109/TrustCom.2012.228",

language = "English",

isbn = "9781467321723",

pages = "271--278",

editor = "Min, {Geyong } and { Wu}, {Yulei } and {(Chris) Liu}, {Lei (Chris) } and Jin, {Xiaolong } and Jarvis, {Stephen } and {Y. Al-Dubai}, {Ahmed }",

booktitle = "Proceedings of the The 11th IEEE International Conference on Trust, Security and Privacy in Computing and Communications - The 11th IEEE International Conference On Ubiquitous Computing and Communications",

publisher = "IEEE, Institute of Electrical and Electronics Engineers",

address = "United States of America",

note = "IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom) 2012, TrustCom 2012 ; Conference date: 25-06-2012 Through 27-06-2012",

url = "https://ieeexplore.ieee.org/xpl/conhome/6294581/proceeding",

}

Yu, J, Wang, G & Mu, Y 2012, Provably secure single sign-on scheme in distributed systems and networks. in G Min, Y Wu, LC (Chris) Liu, X Jin, S Jarvis & A Y. Al-Dubai (eds), Proceedings of the The 11th IEEE International Conference on Trust, Security and Privacy in Computing and Communications - The 11th IEEE International Conference On Ubiquitous Computing and Communications: 25-27 June 2012 / Liverpool, United Kingdom., 6295985, IEEE, Institute of Electrical and Electronics Engineers, Piscataway NJ USA , pp. 271-278, IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom) 2012, Liverpool, United Kingdom, 25/06/12. https://doi.org/10.1109/TrustCom.2012.228

Provably secure single sign-on scheme in distributed systems and networks. / Yu, Jiangshan; Wang, Guilin; Mu, Yi.

Proceedings of the The 11th IEEE International Conference on Trust, Security and Privacy in Computing and Communications - The 11th IEEE International Conference On Ubiquitous Computing and Communications: 25-27 June 2012 / Liverpool, United Kingdom. ed. / Geyong Min; Yulei Wu; Lei (Chris) (Chris) Liu; Xiaolong Jin; Stephen Jarvis; Ahmed Y. Al-Dubai. Piscataway NJ USA : IEEE, Institute of Electrical and Electronics Engineers, 2012. p. 271-278 6295985.

Research output: Chapter in Book/Report/Conference proceeding › Conference Paper › Research › peer-review

TY - GEN

T1 - Provably secure single sign-on scheme in distributed systems and networks

AU - Yu, Jiangshan

AU - Wang, Guilin

AU - Mu, Yi

N1 - Conference code: 11th

PY - 2012

Y1 - 2012

N2 - Distributed systems and networks have been adopted by telecommunications, remote educations, businesses, armies and governments. A widely applied technique for distributed systems and networks is the single sign-on (SSO) which enables a user to use a unitary secure credential (or token) to access multiple computers and systems where he/she has access permissions. However, most existing SSO schemes have not been formally proved to satisfy credential privacy and soundness of credential based authentication. To overcome this drawback, we formalise the security model of single sign-on scheme with authenticated key exchange. Specially, we point out the difference between soundness and credential privacy, and define them together in one definition. Also, we propose a provably secure single sign-on authentication scheme, which satisfies soundness, preserves credential privacy, meets user anonymity, and supports session key exchange. The proposed scheme is very efficient so that it suits for mobile devices in distributed systems and networks.

AB - Distributed systems and networks have been adopted by telecommunications, remote educations, businesses, armies and governments. A widely applied technique for distributed systems and networks is the single sign-on (SSO) which enables a user to use a unitary secure credential (or token) to access multiple computers and systems where he/she has access permissions. However, most existing SSO schemes have not been formally proved to satisfy credential privacy and soundness of credential based authentication. To overcome this drawback, we formalise the security model of single sign-on scheme with authenticated key exchange. Specially, we point out the difference between soundness and credential privacy, and define them together in one definition. Also, we propose a provably secure single sign-on authentication scheme, which satisfies soundness, preserves credential privacy, meets user anonymity, and supports session key exchange. The proposed scheme is very efficient so that it suits for mobile devices in distributed systems and networks.

KW - Authentication

KW - Distributed systems and networks

KW - Information security

KW - Single sign-on

KW - Soundness

UR - http://www.scopus.com/inward/record.url?scp=84868090556&partnerID=8YFLogxK

U2 - 10.1109/TrustCom.2012.228

DO - 10.1109/TrustCom.2012.228

M3 - Conference Paper

AN - SCOPUS:84868090556

SN - 9781467321723

SP - 271

EP - 278

BT - Proceedings of the The 11th IEEE International Conference on Trust, Security and Privacy in Computing and Communications - The 11th IEEE International Conference On Ubiquitous Computing and Communications

A2 - Min, Geyong

A2 - Wu, Yulei

A2 - (Chris) Liu, Lei (Chris)

A2 - Jin, Xiaolong

A2 - Jarvis, Stephen

A2 - Y. Al-Dubai, Ahmed

PB - IEEE, Institute of Electrical and Electronics Engineers

CY - Piscataway NJ USA

T2 - IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom) 2012

Y2 - 25 June 2012 through 27 June 2012

ER -

Yu J, Wang G, Mu Y. Provably secure single sign-on scheme in distributed systems and networks. In Min G, Wu Y, (Chris) Liu LC, Jin X, Jarvis S, Y. Al-Dubai A, editors, Proceedings of the The 11th IEEE International Conference on Trust, Security and Privacy in Computing and Communications - The 11th IEEE International Conference On Ubiquitous Computing and Communications: 25-27 June 2012 / Liverpool, United Kingdom. Piscataway NJ USA : IEEE, Institute of Electrical and Electronics Engineers. 2012. p. 271-278. 6295985 https://doi.org/10.1109/TrustCom.2012.228