In English

Double SSO – A Prudent and Lightweight SSO Scheme

Sari Haj Hussein
Göteborg : Chalmers tekniska högskola, 2010. 75 s.
[Examensarbete på avancerad nivå]

User authentication means the verification of a user identity in a computer system. In a typical scenario, users in an organization have access to several independent services, each of them requires separate credentials (e.g., user name and password) for user authentication. Users waste a considerable amount of time trying to recall their different credentials. The helpdesk workload caused by lost or forgotten credentials is also significant. Single Sign-On (SSO) was shown to be a successful authentication mechanism in networking environments where a large number of credentials would otherwise be required. SSO means that users authenticate only once and are granted access to the services they subsequently use without the need to reauthenticate. Obviously, SSO would increase users' productivity and satisfaction and reduce helpdesk calls. It also improves the usability of the system utilizing it. As a consequence, SSO has become an alluring feature called for by IT managers of organizations of various sizes.
In this thesis, we study the SSO technology from two analogous perspectives. In the first perspective, we view the technology from an industrial angle and introduce the knowledge necessary for an organization to determine its strategic SSO solution. We accomplish this by describing the taxonomies of SSO solutions and their qualities, in addition to presenting the architectures and operations of example SSO solutions in use today. In the second perspective, we move to (what we suppose) the next level and present our own SSO solution; namely Double SSO. Double SSO is a new SSO scheme designed to be lightweight, efficient and safe to implement in any wired or wireless networking infrastructure where SSO is needed, especially if the devices used in that infrastructure are resource constrained. This scheme appeals for a number of reasons. Of those reasons we mention; the minimum number of computations required and the minimum number of keys needed to accomplish the SSO experience, the ability to use digital identities of any type and to function in ubiquitous smart environments, and the immunity against known attacks.

Nyckelord: Single Sign-On, Single Sign-Out, Digital Identity, Credentials, Authentication, Uni-Factor Authentication, Multi-Factor Authentication, Identity Provider, Service Provider, Key to Kingdom Argument, Taxonomy, Authentication Authority, Authentication Server, Homogenous Environment, Heterogeneous Environment, Token, Public Key Infrastructure, Credential Synchronization, Credential Caching, Pseudo-SSO Component, Authentication Service Provider, Pseudo SSO, True SSO, Proxy, Kerberos, Web SSO, Enterprise SSO, Network SSO, Security Assertion Markup Language, Identity-Based Signature, Password-Based Identification Protocol, Challenge-Response Identification Protocol, Zero-KnowledgeIdentification Protocol, Identity Verification Scheme, Ubiquitous Smart Environment, Replay Attack, Man-in-the-Middle Attack, Weakest Link Attack, Forward Search Cryptanalytic Attack, DOS Attack, Repudiated Parties, Single Point of Failure, Certificate Revocation Problem, Implicit Certification, Private Key Escrow.



Publikationen registrerades 2010-12-28. Den ändrades senast 2013-04-04

CPL ID: 131919

Detta är en tjänst från Chalmers bibliotek