Security Analysis of a Single Sign-On Mechanism for Distributed Computer Networks

Security Analysis of a Single Sign-On Mechanism for Distributed Computer Networks

Abstract

Single sign-on (SSO) is a new authentication mechanism that enables a legal user with a single credential to be authenticated by multiple service providers in a distributed computer network. Recently, Chang and Lee proposed a new SSO scheme and claimed its security by providing well-organized security arguments.

We present two impersonation attacks. The first attack allows a malicious service provider, who has successfully communicated with a legal user twice, to recover the user’s credential and then to impersonate the user to access resources and services offered by other service providers. In another attack, an outsider without any credential may be able to enjoy network services freely by impersonating any legal user or a nonexistent user.

We identify the flaws in their security arguments to explain why attacks are possible against their SSO scheme. Our attacks also apply to another SSO scheme proposed by Hsu and Chuang, which inspired the design of the Chang–Lee scheme. Moreover, by employing an efficient verifiable encryption of RSA signatures proposed by Ateniese, we propose an improvement for repairing the Chang–Lee scheme. Security Analysis of a Single Sign-On Mechanism for Distributed Computer Networks

HARDWARE & SOFTWARE REQUIREMENTS:

HARDWARE REQUIREMENT:

• Speed       –    1 GHz
• RAM       –    256 MB (min)
• Hard Disk      –   20 GB
• Floppy Drive       –    44 MB
• Key Board      –    Standard Windows Keyboard
• Mouse       –    Two or Three Button Mouse
• Monitor              –    SVGA
• Processor                                 –    Pentium –IV

SOFTWARE REQUIREMENTS:

• Operating System        :           Windows XP          
• Application Server                 :           .NET Web Server                                           
• Front End       :           Visual Studio 2008 ASP .NET                  
• Scripts                                    :           C# Script.
• Database      :           SQL Server 2005

Existing System:              

User identification is an important access control mechanism for client–server networking architectures. The concept of single sign-on can allow legal users to use the unitary token to access different service providers in distributed computer networks. Recently, some user identification schemes have been proposed for distributed computer networks. Unfortunately, most existing schemes cannot preserve user anonymity when possible attacks occur.

When users have to keep so much secret information, security problems can occur and increase the overhead for the networks. In a unidirectional identification scheme, an entity identifies the other party by challenging some secret information. In addition, the mutual identification protocol can allow two communicating parties to verify each other. Thus, there are four important security problems that the user identification scheme must solve,

•  It must determine whether users are legitimate or not;
•  Service providers must be authenticated;
•  A common session key must be appropriately established; and
• The privacy of legal users must be ensured

Proposed System:

Our attacks also apply to another SSO scheme proposed by Hsu and Chuang, which inspired the design of the Chang–Lee scheme. Moreover, by employing an efficient verifiable encryption of RSA signatures proposed by Ateniese, we propose an improvement for repairing the Chang–Lee scheme. We proposed a user identification and key distribution scheme to maintain user anonymity in distributed computer networks.