Preventing Single Sign-On Impersonation Attacks With A Keyless Signature Scheme

Keywords

Authentication; Hash calendar; Hash tree; Single Sign-ON

Abstract

The mutli-server environment of many Internet services available today such as Google, and the availability of Single Sign-On (SSO) solutions have brought about promising technologies. Many of these and similar applications provide clients with the ability sign on using one set of username and password alleviating the need of multiple identities and multiple password. Although promising, SSO mechanisms need to be extra robust and provide utmost authentication for their users. Due to the unidirectional nature of the authentication channel between the service provider and the client in SSO and the lack of a recent authentication key, researchers have pointed out vulnerabilities in such schemes leading to attacks such as impersonation attacks. In this paper, we present a keyless signature scheme that remedies the aforementioned problem. By utilizing a combination of a Merkle hash tree and a hash calendar, the identity provider in SSO periodically creates an authentication key used by the client and the service provider. Traffic between the latter two is secured by a one-way hash chain to achieve bidirectional authentication. The proposed scheme is evaluated by simulation experiments and communication and computation costs are employed for evaluation. The optimal length of the one-way hash chain between the service providers and the client is validated analytically.

Publication Date

6-28-2017

Publication Title

Proceedings - WMNC 2017: 10th Wireless and Mobile Networking Conference

Volume

2018-January

Number of Pages

1-7

Document Type

Article; Proceedings Paper

Personal Identifier

scopus

DOI Link

https://doi.org/10.1109/WMNC.2017.8248852

Socpus ID

85049485913 (Scopus)

Source API URL

https://api.elsevier.com/content/abstract/scopus_id/85049485913

This document is currently not available here.

Share

COinS