Computer Science

Computer Science ›› 2015, Vol. 42 ›› Issue (4): 106-110.doi: 10.11896/j.issn.1002-137X.2015.04.020

Previous Articles     Next Articles

SAML Cross-domain Single Sign-on Authentication Protocol Based on Convertible Proxy Signcryption

WANG Guan-zhong, ZHANG Bin, FEI Xiao-fei and XIONG Hou-ren   

  • Online:2018-11-14 Published:2018-11-14

PDF (PC)

425

Abstract: Convertible proxy signcryption algorithm has the advantages of protecting user privacy,anti-replay attack,anti-disavowal etc.A SAML cross-domain single sign-on authentication protocol (SSPCPS) was proposed based on the algorithm.Through user and heterogeneous domain server interacting and authenticating directly,the protocol simplifies the process of SSO authentication.User token is generated by combining selected random parameters with the public key,and is transferred in the secret form,improving the security of protocol.The attacker cannot use the service,even though the token is stolen.Proxy signature key is used to signcrypt the digest,reducing the amount of computation,and ensuring the privacy of user as well.Session key is negotiated based on DH algorithm,simplifying the distribution process as well as reducing the management cost.The security of the protocol was proved by CK security model and performance analysis was presented.The result indicates that the protocol holds the features of forward secrecy,message integrity,etc,and the amount of computation and the computation time of generating token are better than SSPPS protocol,Juang scheme and Kerberos scheme,etc.

Key words: Proxy signcryption,Sigle-sign-on,SAML,Authentication

[1] Armando A,Carbone R,Compagna L,et al.An authentication flaw in browser-based single sign-on protocols:Impact and remediations[J].Computers & Security,2012,3:41-58
[2] Lutz D J,Stiller B.Combining identity federation with payment:the SAML-based payment protocol[C]∥2010 IEEE/IFIP Network Operations and Management Symposium(NOMS).2010:495-502
[3] 唐利娟.SAML及SSO研究与企业化SSO框架设计[D].济南:山东大学,2011
[4] 陈天玉.基于Web Service的单点登录认证模型的研究与实现[D].长沙:湖南大学,2010
[5] 何倩,王芳,柴华昕,等.Web服务认证技术综述[J].桂林电子科技大学学报,2013,33(3):246-252
[6] 邱罡,张崇,周利华.基于可信计算的Web单点登录方案[J].计算机科学,2010,37(9):121-123
[7] 尹星.基于SAML的单点登录模型及安全的研究与实现[D].镇江:江苏大学,2005
[8] 王曦,张斌.基于代理签名的SAML单点登录协议[J].计算机工程,2012,38(16):130-133
[9] 王亚弟,束妮娜,韩继红,等.密码协议形式化分析[M].北京:机械工业出版社,2007:169-180
[10] 谢琪,吴吉义,等.云计算中基于可转换代理签密的可证安全的认证协议[J].中国科学,2012,42(3):303-313
[11] 孙华,郑雪峰.一种可证安全的有效无证书签密方案[J].计算机科学,2013,40(11):112-116
[12] Nicolosi A,Krohn M,Dodis Y,et al.Proactive two-party signatures for user authentication[C]∥Proceedings of the Network and Distributed System Security Symposium.San Diego,2003
[13] Chen L,Chen Z,Smart N P.Identity-based key agreement protocols from pairings[J].Int J Inf Sec,2007,6:213-241
[14] Canetti R,Krawczyk H.Analysis of key-exchange protocols and their use for building secure channels[C]∥Advances in Cryptogy(EUROCYPT’01).London:Springer-Verlag,2001:453-474
[15] Bellare M,Canetti R,Krawczyk H.A modular approach to the design and analysis of authentication and key-exchange protocols[J].30th STOC.1998:419-428
[16] Mitchell C J,Ward M,Wilson P.Key control in key agree- ment protocols[J].Electronics Letters,1998,34:980-981
[17] Guhe C G.An identity-based key-exchange protocol[C]∥Proceedings of the Eurocrypt 89.Belgium,1990:29-37
[18] Juang W S,Chiu J Y,Chang H Y.A secure and efficient delegation-based authentication scheme in public clouds[C]∥The 1st Cross-Straits Conference On Information Security.Hangzhou,2011:96-102
[19] Clom,Michael.Pairing Calculation on super singular GenusCurves[C]∥Proceedings of the 13th International Conference on Selected Areas in Cryptography(SAC’06).2006
No related articles found!
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
Add:18# Honghu West Rd., Yubei ,Chongqing,China    Post Code: 401121
Tel: 023-63500828/023-67039612/023-67039623
E-mail: jsjkx12@163.com
Powered by Beijing Magtech Co., Ltd.