Security and Privacy in Communication Networks. 6th Iternational ICST Conference, SecureComm 2010, Singapore, September 7-9, 2010. Proceedings

Research Article

A Generic Construction of Dynamic Single Sign-on with Strong Security

Download117 downloads
  • @INPROCEEDINGS{10.1007/978-3-642-16161-2_11,
        author={Jinguang Han and Yi Mu and Willy Susilo and Jun Yan},
        title={A Generic Construction of Dynamic Single Sign-on with Strong Security},
        proceedings={Security and Privacy in Communication Networks. 6th Iternational ICST Conference, SecureComm 2010, Singapore, September 7-9, 2010. Proceedings},
        proceedings_a={SECURECOMM},
        year={2012},
        month={5},
        keywords={Single Sign-on Authentication Security},
        doi={10.1007/978-3-642-16161-2_11}
    }
    
  • Jinguang Han
    Yi Mu
    Willy Susilo
    Jun Yan
    Year: 2012
    A Generic Construction of Dynamic Single Sign-on with Strong Security
    SECURECOMM
    Springer
    DOI: 10.1007/978-3-642-16161-2_11
Jinguang Han,*, Yi Mu1,*, Willy Susilo1,*, Jun Yan2,*
  • 1: Centre for Computer and Information Security Research
  • 2: University of Wollongong
*Contact email: jh843@uow.edu.au, ymu@uow.edu.au, wsusilo@uow.edu.au, jyan@uow.edu.au

Abstract

Single Sign-On (SSO) is a core component in a federated identity management (FIM). Dynamic Single Sign-on (DSSO) is a more flexible SSO where users can change their service requirements dynamically. However, the security in the current SSO and DSSO systems remain questionable. As an example, personal credentials could be illegally used to allow illegal users to access the services. It is indeed a challenging task to achieve strong security in SSO and DSSO. In this paper, we propose a generic construction of DSSO with strong security. We propose the formal definitions and security models for SSO and DSSO, which enable one to achieve the security of SSO and DSSO with the underlying (standard) security assumptions. We also provide a formal security proof on our generic DSSO scheme.