Double SSO – A Prudent and Lightweight SSO Scheme

University essay from Chalmers tekniska högskola/Institutionen för data- och informationsteknik

Author: Sari Haj Hussein; [2010]

Keywords: Single Sign-On; Single Sign-Out; Digital Identity; Credentials; Authentication; Uni-Factor Authentication; Multi-Factor Authentication; Identity Provider; Service Provider; Key to Kingdom Argument; Taxonomy; Authentication Authority; Authentication Server; Homogenous Environment; Heterogeneous Environment; Token; Public Key Infrastructure; Credential Synchronization; Credential Caching; Pseudo-SSO Component; Authentication Service Provider; Pseudo SSO; True SSO; Proxy; Kerberos; Web SSO; Enterprise SSO; Network SSO; Security Assertion Markup Language; Identity-Based Signature; Password-Based Identification Protocol; Challenge-Response Identification Protocol; Zero-KnowledgeIdentification Protocol; Identity Verification Scheme; Ubiquitous Smart Environment; Replay Attack; Man-in-the-Middle Attack; Weakest Link Attack; Forward Search Cryptanalytic Attack; DOS Attack; Repudiated Parties; Single Point of Failure; Certificate Revocation Problem; Implicit Certification; Private Key Escrow.;

Abstract: User authentication means the verification of a user identity in a computer system. In a typicalscenario, users in an organization have access to several independent services, each of themrequires separate credentials (e.g., user name and password) for user authentication. Userswaste a considerable amount of time trying to recall their different credentials. The helpdeskworkload caused by lost or forgotten credentials is also significant. Single Sign-On (SSO) wasshown to be a successful authentication mechanism in networking environments where a largenumber of credentials would otherwise be required. SSO means that users authenticate onlyonce and are granted access to the services they subsequently use without the need to reauthenticate.Obviously, SSO would increase users' productivity and satisfaction and reducehelpdesk calls. It also improves the usability of the system utilizing it. As a consequence, SSOhas become an alluring feature called for by IT managers of organizations of various sizes.
In this thesis, we study the SSO technology from two analogous perspectives. In the firstperspective, we view the technology from an industrial angle and introduce the knowledgenecessary for an organization to determine its strategic SSO solution. We accomplish this bydescribing the taxonomies of SSO solutions and their qualities, in addition to presenting thearchitectures and operations of example SSO solutions in use today. In the secondperspective, we move to (what we suppose) the next level and present our own SSO solution;namely Double SSO. Double SSO is a new SSO scheme designed to be lightweight, efficientand safe to implement in any wired or wireless networking infrastructure where SSO isneeded, especially if the devices used in that infrastructure are resource constrained. Thisscheme appeals for a number of reasons. Of those reasons we mention; the minimum numberof computations required and the minimum number of keys needed to accomplish the SSOexperience, the ability to use digital identities of any type and to function in ubiquitous smartenvironments, and the immunity against known attacks.

  CLICK HERE TO DOWNLOAD THE WHOLE ESSAY. (in PDF format)