Title :
On the security of an identity-based single-sign-on scheme
Author :
Zhang, Jianhong ; Liu, Xue
Author_Institution :
Coll. of Sci., North China Univ. of Technol., Beijing, China
Abstract :
At present, to access to email account or bank account, a network user has to remember the registered account number of the user and the corresponding password for every service with which they are registered. However, when multiple systems are involved, the user is then required to authenticate to each system individually and repeatedly. It results in inconvenience to each authentication. Recently, to overcome the problem, an identity-based single-sign-on scheme was proposed to achieve user identification and authentication to multiple security-protected systems simultaneously through a single operation. The security of the scheme is claimed to be related to the well-Known RSA cryptosystem and the discrete logarithm problem. Unfortunately, in this work we show that Ren´s scheme is suffering an unforgeable attack, namely, any one can pass verification in name of any user´s identity. Finally, an improved version is proposed.
Keywords :
message authentication; public key cryptography; RSA cryptosystem; Ren scheme; discrete logarithm problem; identity authentication; identity-based single-sign-on scheme; multiple security-protected systems; Authentication; Cryptography; Law; forgeable attack; identity authentication; identity-based cryptography; single-sign-on;
Conference_Titel :
Computer Science and Information Technology (ICCSIT), 2010 3rd IEEE International Conference on
Conference_Location :
Chengdu
Print_ISBN :
978-1-4244-5537-9
DOI :
10.1109/ICCSIT.2010.5564492
