Provably Secure Single Sign-on Scheme in Distributed Systems and Networks

Distributed systems and networks have been adopted by telecommunications, remote educations, businesses, armies and governments. A widely applied technique for distributed systems and networks is the single sign-on (SSO) which enables a user to use a unitary secure credential (or token) to access multiple computers and systems where he/she has access permissions. However, most existing SSO schemes have not been formally proved to satisfy credential privacy and soundness of credential based authentication. To overcome this drawback, we formalise the security model of single sign-on scheme with authenticated key exchange. Specially, we point out the difference between soundness and credential privacy, and define them together in one definition. Also, we propose a provably secure single sign-on authentication scheme, which satisfies soundness, preserves credential privacy, meets user anonymity, and supports session key exchange. The proposed scheme is very efficient so that it suits for mobile devices in distributed systems and networks.