A hybrid approach for highly available and secure storage of Pseudo-SSO credentials
NordSec'12 Proceedings of the 17th Nordic conference on Secure IT Systems
| Hi-index | 0.00 |
In this paper we present a novel single sign-on scheme known as Secure Distributed Single Sign-On (SeDSSO). SeDSSO provides secure fault-tolerant authentication using threshold key encryption with a distributed authentication service. The authentication service consists of n total authentication servers utilizing a (t, n) threshold encryption scheme, where t distinct server-signed messages are required to generate a message signed by the service. SeDSSO provides secure portable identities by defining a two-factor identity that uses both a username/password and a unique USB device. The combination of a distributed authentication service and two-factor identities allows SeDSSO to securely authenticate users in any environment.