Single Sign-on (SSO) allows a user to obtain a single credential from a Trusted Third Party (TTP) once and then authenticates himself/herself to different service providers by using the same credential. Though different SSO schemes have been obtained from various primitives, user anonymity has not yet been studied formally. Motivated by the fact that anonymity is a very essential security requirement in certain scenarios, in this paper we first formalize a security model of anonymous single-sign on (ASSO). Subsequently, we present a generic ASSO scheme which is transformed from group signatures. Formal proofs are provided to show that the proposed ASSO is secure under the assumption that the underlying group signature is secure according to Bell are et al.'s model introduced at CT-RSA 2005. Compared to existing SSO schemes, our transformation not only implements the user's anonymity, but also reduces the trust level in TTP.
History
Citation
Wang, J., Wang, G. & Susilo, W. (2013). Anonymous single sign-on schemes transformed from group signatures. The 5th IEEE International Conference on Intelligent Networking and Collaborative Systems (INCoS-2013) (pp. 560-567). United States: IEEE Computer Society.
Parent title
Proceedings - 5th International Conference on Intelligent Networking and Collaborative Systems, INCoS 2013