A generic construction of dynamic Single Sign-On with strong security

Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering

Volumn 50 LNICST, Issue , 2010, Pages 181-198

  Han, Jinguang ^a,c   Mu, Yi ^a   Susilo, Willy ^a   Yan, Jun ^b  

^a School of Computer Science and Software Engineering   (Australia)

^b UNIVERSITY OF WOLLONGONG   (Australia)

^c HOHAI UNIVERSITY   (China)

Author keywords

Authentication; Security; Single Sign On

Indexed keywords

CORE COMPONENTS; FEDERATED IDENTITY; FORMAL DEFINITION; FORMAL SECURITY; GENERIC CONSTRUCTION; PERSONAL CREDENTIAL; SECURITY; SECURITY MODEL; SERVICE REQUIREMENTS; SINGLE SIGN ON;

TELECOMMUNICATION NETWORKS;

EID: 84885890418     PISSN: 18678211     EISSN: None     Source Type: Book Series    
DOI: 10.1007/978-3-642-16161-2_11     Document Type: Conference Paper

References (31)

1. Boneh, D., Gentry, C., Waters, B.: Collusion resistant broadcast ecryption with short ciphertexts and private keys. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 258-275. Springer, Heidelberg (2005) (Pubitemid 43902118)
2. Boneh, D., Shen, E., Waters, B.: Strongly unforgeable signatures based on computational diffie-hellman. In: Yung, M., Dodis, Y., Kiayias, A., Malkin, T.G. (eds.) PKC 2006. LNCS, vol. 3958, pp. 229-240. Springer, Heidelberg (2006) (Pubitemid 44029584)
3. Camenisch, J., Herreweghen, E.V.: Design and Implementation of the idemix Anonymous Credential System. In: Atluri, V. (ed.) ACM CCS 2001, pp. 93-118. ACM, Innsbruck (2001)
4. Camenisch, J., Lysyanskaya, A.: An efficient system for non-transferable anonymous credentials with optional anonymity revocation. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 93-118. Springer, Heidelberg (2001) (Pubitemid 33275827)
5. Camenisch, J. and Pfitzmann, B.: Federated identity management. In: Petkovic, M. and Jonker, W. (eds.), Preceedings: Security, Privacy, and Trust in Modern Data Management. Data-Centric Systems and Applications, vol. 2851, pp 213-238. Springer, Heidelberg (2007)
6. Cameron, K.: The laws of identity. Architect of Identity. Microsoft Corporation (2005)
7. Chen, T., Zhu, B.B., Li, S., Cheng, X.: Threspassport-A distributed single sign-on service. In: Huang, D.-S., Zhang, X.-P., Huang, G.-B. (eds.) ICIC 2005. LNCS, vol. 3645, pp. 772-780. Springer, Heidelberg (2005)
8. Diffie, W., Hellman, M.E.: New directions in cryptography. IEEE Transactions on Information Theory 22(6), 644-654 (1976)
9. Dodis, Y., Fazio, N.: Public key trace and revoke scheme secure against adaptive chosen ciphertext attack. In: Desmedt, Y.G. (ed.) PKC 2003. LNCS, vol. 2567, pp. 100-115. Springer, Heidelberg (2002) (Pubitemid 36137131)
10. Fiat, A., Naor, M.: Broadcast encryption. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 480-491. Springer, Heidelberg (1994)
11. Fiege, U., Fiat, A., Shamir, A.: Zero knowledge proofs of identity. In: ACM STOC 1987, pp. 210-217. ACM, New York (1987)
12. Goldreich, O., Micali, S., Wigderson, A.: Proofs that yield nothing but their validity or all languages in NP have zero-knowledge proof systems. Journal of the Association for Comptuing Machinery 38(1), 691-729 (1991)
13. Goldwasser, S., Micali, S., Rivest, R.L.: A digital signature scheme secure against adaptive chosen-message attacks. SIAM Journal on Computing 17(2), 281-308 (1988)
14. Goldwasser, S., Micali, S., Rackoff, C.: The knowledge complexity of interactive proof-systems. In: ACM STOC 1985, pp. 291-304. ACM, Providence (1985)
15. Josephson, W.K., Sirer, E.G., Schneider, F.B.: Peer-to-peer authentication with a distributed single sign-on service. In: Voelker, G.M., Shenker, S. (eds.) IPTPS 2004. LNCS, vol. 3279, pp. 250-258. Springer, Heidelberg (2005)
16. Kormann, D.P., Rubin, A.D.: Risks of the passport single signon protocol. Computer Networks 33(1), 51-58 (2000)
17. Liberty Alliance, http://www.projectliberty.org
18. Liberty Alliance. Liberty ID-WSF Authentication Service and Single Sign-On Service Specification Version: v2.0, http://www.projectliberty.org/ liberty/content/download/871/6189/file/liberty-idwsf-authn-svc-v2.0.pdf
19. Lysyanskaya, A., Rivest, R.L., Sahai, A., Wolf, S.: Pseudonym systems. In: Heys, H.M., Adams, C.M. (eds.) SAC 1999. LNCS, vol. 1758, pp. 184-199. Springer, Heidelberg (2000)
20. OECD. OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Datal (1980), http://it.ojp.gov/documents/OECD-FIPs.pdf
21. OpenID, http://openid.net
22. Oppliger, R.: Microsoft .Net passport: a security analysis. Computer 36(7), 29-35 (2003)
23. Oppliger, R.: Microsoft. Net passport and identity managemen. Information Security Technical Report 9(1), 26-34 (2004)
24. Pashalidis, A., Mitchell, C.J.: A taxonomy of single sign-on systems. In: Safavi-Naini, R., Seberry, J. (eds.) ACISP 2003. LNCS, vol. 2727, pp. 249-265. Springer, Heidelberg (2003)
25. Pashalidis, A., Mitchell, C.J.: Single sign-on using trusted platforms. In: Safavi-Naini, R., Seberry, J. (eds.) ISC 2003. LNCS, vol. 2851, pp. 54-68. Springer, Heidelberg (2003)
26. Pashalidis, A., Mitchell, C.J.: Using GSM/UMTS for single sign-on. In: IEEE Sym-poTIC 2003, pp. 138-145. IEEE, Bratislava (2003)
27. Perlman, R., Kaufman, C.: User-centric PKI. In: Seamons, K., McBurnett, N., Polk, T. (eds.) IDtrust 2008, pp. 59-71. ACM, Gaithersburg (2008)
28. Rehmant, R.U.: Get Ready for OpenID. Conformix Technologies Inc. (2008)
29. Sahai, A., Waters, B.: Fuzzy Identity-Based Encryption. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 457-473. Springer, Heidelberg (2005) (Pubitemid 41313969)
30. Spantzely, A.B., Camenisch, J., Gross, T., Dieter Sommer, D.: User centricity: a taxonomy and open issues. In: ACM DIM 2006, pp. 1-10. ACM, Alexandria (2006) (Pubitemid 47165639)
31. Suriadi, S., Foo, E., Jsang, A.: A user-centric federated single sign-on system. Journal of Network and Computer Applications 32(2), 388-401 (2009)