Security analysis of a single sign-on mechanism for distributed computer networks

IEEE Transactions on Industrial Informatics

Volumn 9, Issue 1, 2013, Pages 294-302

  Wang, Guilin ^a   Yu, Jiangshan ^a   Xie, Qi ^b  

^a UNIVERSITY OF WOLLONGONG   (Australia)

^b HANGZHOU NORMAL UNIVERSITY   (China)

Author keywords

Authentication; distributed computer networks; information security; security analysis; single sign on (SSO)

Indexed keywords

AUTHENTICATION MECHANISMS; DISTRIBUTED COMPUTER NETWORKS; IMPERSONATION ATTACK; MULTIPLE SERVICES; NETWORK SERVICES; RSA SIGNATURES; SECURITY ANALYSIS; SERVICE PROVIDER; SINGLE SIGNON; VERIFIABLE ENCRYPTIONS;

SECURITY OF DATA; SECURITY SYSTEMS;

AUTHENTICATION;

EID: 84871821096     PISSN: 15513203     EISSN: None     Source Type: Journal    
DOI: 10.1109/TII.2012.2215877     Document Type: Article

References (37)

1. A. C. Weaver and M. W. Condtry, "Distributing internet services to the network's edge, " IEEE Trans. Ind. Electron., vol. 50, no. 3, pp. 404-411, Jun. 2003.
2. L. Barolli and F. Xhafa, "JXTA-OVERLAY: A P2P platform for distributed, collaborative and ubiquitous computing, " IEEE Trans. Ind. Electron., vol. 58, no. 6, pp. 2163-2172, Oct. 2010.
3. L. Lamport, "Password authentication with insecure communication, " Commun. ACM, vol. 24, no. 11, pp. 770-772, Nov. 1981.
4. W. B. Lee and C. C. Chang, "User identification and key distribution maintaining anonymity for distributed computer networks, " Comput. Syst. Sci. Eng., vol. 15, no. 4, pp. 113-116, 2000.
5. W. Juang, S. Chen, and H. Liaw, "Robust and efficient password authenticated key agreement using smart cards, " IEEE Trans. Ind. Electron., vol. 15, no. 6, pp. 2551-2556, Jun. 2008.
6. X. Li, W. Qiu, D. Zheng, K. Chen, and J. Li, "Anonymity enhancement on robust and efficient password-authenticated key agreement using smart cards, " IEEE Trans. Ind. Electron., vol. 57, no. 2, pp. 793-800, Feb. 2010.
7. M. Cheminod, A. Pironti, and R. Sisto, "Formal vulnerability analysis of a security system for remote fieldbus access, " IEEE Trans. Ind. Inf., vol. 7, no. 1, pp. 30-40, Feb. 2011.
8. A. Valenzano, L. Durante, and M. Cheminod, "Review of security issues in industrial networks, " IEEE Trans. Ind. Inf., vol. PP, no. 99, 2012, DOI 10. 1109/TII/2012. 2198666.
9. T.-S. Wu and C.-L. Hsu, "Efficient user identification scheme with key distribution preserving anonymity for distributed computer networks, " Comput. Security, vol. 23, no. 2, pp. 120-125, 2004.
10. Y. Yang, S. Wang, F. Bao, J. Wang, and R. H. Deng, "New efficient user identification and key distribution scheme providing enhanced security, " Comput. Security, vol. 23, no. 8, pp. 697-704, 2004.
11. K. V. Mangipudi and R. S. Katti, "A secure identification and key agreement protocol with user anonymity (SIKA), " Comput. Security, vol. 25, no. 6, pp. 420-425, 2006.
12. C.-L. Hsu and Y.-H. Chuang, "A novel user identification scheme with key distribution preserving user anonymity for distributed computer networks, " Inf. Sci., vol. 179, no. 4, pp. 422-429, 2009.
13. B. Wang and M. Ma, "A server independent authentication scheme for RFID systems, " IEEE Trans. Ind. Inf., vol. 8, no. 3, pp. 689-696, Aug. 2012.
14. B. Fabian, T. Ermakova, and C. Muller, "SHARDIS: A privacy-enhanced discovery service for RFID-based product information, " IEEE Trans. Ind. Inf., vol. 8, no. 3, pp. 707-718, Aug. 2012.
15. H.-M. Sun, Y.-H. Chen, and Y.-H. Lin, "oPass: A user authentication protocol resistant to password stealing and password reuse attacks, " IEEE Trans. Inf. Forensics Security, vol. 7, no. 2, pp. 651-663, Apr. 2012.
16. "Security Forumon Single Sign-On, " TheOpenGroup [Online]. Available: http://www. opengroup. org/security/l2-sso. htm
17. J. Han, Y. Mu, W. Susilo, and J. Yan, "A generic construction of dynamic single sign-on with strong security, " in Proc. SecureComm', 2010, pp. 181-198, Springer.
18. L. Harn and J. Ren, "Generalized digital certificate for user authentication and key establishment for secure communications, " IEEE Trans. Wireless Commun., vol. 10, no. 7, pp. 2372-2379, Jul. 2011.
19. C.-C. Chang and C.-Y. Lee, "A secure single sign-on mechanism for distributed computer networks, " IEEE Trans. Ind. Electron., vol. 59, no. 1, pp. 629-637, Jan. 2012.
20. U. Feige, A. Fiat, and A. Shamir, "Zero-knowledge proofs of identity, " J. Crytography, vol. 1, no. 2, pp. 77-94, 1988.
21. G. Ateniese, "Verifiable encryption of digital signatures and applications, " ACM Trans. Inf. Syst. Secur., vol. 7, no. 1, pp. 1-20, 2004.
22. H. Delfs and H. Knebl, Introduction to Cryptography: Principles and Applications, 2nd ed. Berlin, Germany: Springer, 2006.
23. G. Tenenbaum, Introduction to Analytic and Probabilistic Number Theory. Cambridge, U. K.: Cambridge Univ., 1995, p. 41.
24. E. W. Weisstein, "Relatively Prime, " MathWorld-A Wolfram Web Resource [Online]. Available: http://mathworld. wolfram. com/RelativelyPrime. html
25. Public Key Cryptography Standards, PKCS #1 v2. 1, RSA Cryptography Standard, Draft 2, PKCS, 2001 [Online]. Available: http://www. rsasecurity. com/rsalabs/pkcs/
26. D. Boneh, "Twenty years of attacks on the RSA cryptosystem, " Notices Amer. Math. Soc., vol. 46, no. 2, pp. 203-213, 1999.
27. Wikipedia, RSA (algorithm) [Online]. Available: http://en. wikipedia. org/wiki/RSA-(algorithm)
28. Y. Xu, R. Song, L. Korba, L. Wang, W. Shen, and S. Y. T. Lang, "Distributed device networks with security constraints, " IEEE Trans. Ind. Inf., vol. 1, no. 4, pp. 217-225, Nov. 2005. (Pubitemid 41729785)
29. M. Burrows, M. Abadi, and R. Needham, "A logic of authentication, " ACM Trans. Comput. Syst., vol. 8, no. 1, pp. 18-36, 1990.
30. M. Bellare and P. Rogaway, "Entity authentication and key distribution, " in Proc. of CRYPTO', 1993, pp. 232-249.
31. C. Boyd and W. Mao, "On a limitation of BAN Logic, " in Proc. of EUROCRYPT, 1994, pp. 240-247.
32. N. Asokan, V. Shoup, and M. Waidner, "Optimistic fair exchange of digital signatures, " IEEE J. Sel. Areas Commun., vol. 18, no. 4, pp. 591-606, Apr. 2000.
33. J. Camenisch and M. Michels, "Confirmer signature schemes secure against adaptive adversaries, " in Proc. EUROCRYPT, 2000, pp. 243-258.
34. G. Ateniese, J. Camenisch, M. Joye, and G. Tsudik, "A practical and provably secure coalition-resistant group signature scheme, " in Proc. CRYPTO, 2000, pp. 255-270.
35. D. Chaum and T. P. Pedersen, "Wallet databases with observers, " in Proc. of CRYPTO, 1993, pp. 89-105.
36. G. Wang, J. Yu, and Q. Xie, Security analysis of a single sign-on mechanism for distributed computer networks Cryptology ePrint Archive, Rep. 102, Feb. 2012 [Online]. Available: http://eprint. iacr. org/2012/107
37. J. Yu, G. Wang, and Y. Mu, "Provably secure single sign-on scheme in distributed systems and networks, " in Proc. 11th IEEE TrustCom, Jun. 2012, pp. 271-278.