A Novel Distributed Single Sign-On Scheme with Dynamically Changed Threshold Value
A Single Sign-On (SSO) system allow single authentication for multiple services. It is a potential solution to the implications of security, credentials management, et al. Recently, several works have used the threshold-based secret sharing scheme to create a distributed SSO service. All these works setup the threshold parameters first in the system initiation. But in some real-world applications, the threshold value should be dynamically changed in the authentication phase. In this paper, we present a novel threshold-based distributed Single Sign-On scheme with a dynamically changed threshold value(DctSSO). In DctSSO, two different degree secret polynomials are constructed. Each authentication server has two kinds of secret keys: keys for initiation shares and keys for authentication shares. Through the simply XOR operation, authentication shares keys can be delivered securely. DctSSO is not only as good as Threspassport on the aspects of security, portability, intrusion and fault tolerance, scalability, reliability, and availability, but also it offers two significant advantages over ThresPassport:it has the dynamically, securely and availably changed threshold value in the authentication phase, and it can prevent conspiracy-impersonation attacks.
Single Sign-On scheme threshold-based dynamically changed threshold value conspiracyimpersonation attack DctSSO
Shangping Zhong Xiangwen Liao Xue Zhang Jingqu Lin
Department of Computer Science and Technology,Fuzhou University Fuzhou,China,350002
国际会议
The Fifth International Conference on Information Assurance and Security(第五届信息保障与安全国际会议)
西安
英文
563-566
2009-08-18(万方平台首次上网日期,不代表论文的发表时间)