A hybrid approach for highly available and secure storage of Pseudo-SSO credentials
NordSec'12 Proceedings of the 17th Nordic conference on Secure IT Systems
Hi-index | 0.00 |
A Single Sign-On (SSO) system allow single authentication for multiple services. It is a potential solution to the implications of security, credentials management, et al. Recently, several works have used the threshold-based secret sharing scheme to create a distributed SSO service. All these works setup the threshold parameters first in the system initiation. But in some real-world applications, the threshold value should be dynamically changed in the authentication phase. In this paper, we present a novel threshold-based distributed Single Sign-On scheme with a dynamically changed threshold value(DctSSO). In DctSSO, two different degree secret polynomials are constructed. Each authentication server has two kinds of secret keys: keys for initiation shares and keys for authentication shares. Through the simply XOR operation, authentication shares keys can be delivered securely. DctSSO is not only as good as Threspassport on the aspects of security, portability, intrusion and fault tolerance, scalability, reliability, and availability, but also it offers two significant advantages over ThresPassport : it has the dynamically, securely and availably changed threshold value in the authentication phase, and it can prevent conspiracy-impersonation attacks.