论文信息 - An identity-based single-sign-on scheme for computer networks

An identity-based single-sign-on scheme for computer networks

Conventionally, no user identification is required for a user to log into a security-protected system. User authentication is based on what the user knows, or what the user has, which can be easily shared among others. Moreover, when multiple systems are involved, the user is then required to authenticate to each system individually and repeatedly. In this paper, we present a scheme to achieve secure user identification and authentication to multiple security-protected systems simultaneously through a single operation. The proposed scheme is based on the well-known RSA cryptosystem, the discrete logarithm problem and the subset-sum NP-complete problem. Security analysis shows that the proposed scheme is secure to all known security attacks and can be easily implemented in various environments including very resource constrained environment such as Smart Cards.

Jian Ren

[1] Victor Shoup. On the Security of a Practical Identification Scheme , 1996, EUROCRYPT.

[2] Taher El Gamal. A public key cryptosystem and a signature scheme based on discrete logarithms , 1984, IEEE Trans. Inf. Theory.

[3] C. P. Schnorr,et al. Efficient Identification and Signatures for Smart Cards (Abstract) , 1989, EUROCRYPT.

[4] William Stallings,et al. Cryptography and network security - principles and practice (3. ed.) , 2014 .

[5] Adi Shamir,et al. A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[6] William Stallings,et al. Cryptography and Network Security: Principles and Practice , 1998 .

[7] Whitfield Diffie,et al. New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[8] Gustavus J. Simmons,et al. An Impersonation-Proof Identity Verfication Scheme , 1987, CRYPTO.

[9] Amos Fiat,et al. How to Prove Yourself: Practical Solutions to Identification and Signature Problems , 1986, CRYPTO.