Degree Name

Master of Computer Science - Research


School of Computer Science and Software Engineering


With the extensive need of the internet, users are usually required to access mulitiple services on a daily basis, and therefore they may have to maintain a lot of username/password pairs. Nevertheless, with the growth in the number of service providers this approach becomes either inefficient if each login should be unique for each service, or insecure if the same login is used for multiple services. Fortunately, in a single sign-on (SSO) model, during a given period (eg. one day) a user may perform just one single sign-on to a trusted third party (TTP), which is trusted by all the applications he/she needs to access. Later on, each time the user wants to access an application, he/she will be automatically authenticated by the interaction between his client and the TTP, without requiring direct involvement from the user.

Our research focuses on formalising the notions of single sign-on (SSO) and anonymous single sign-on (ASSO). These notions are motivated by the need of strong security requirements, low trust level in the TTP and anonymity in a single sign-on system. Then, we construct generic SSO schemes from digital signatures and prove that our transformations are secure under some assumptions. Our work can be summarized as follows:

Motivated by the fact that most existing SSO schemes either fail to satisfy the security notions or has a high trust level in the TTP, we formalise a security model of single sign-on (SSO), which not only satisfies strong security notions but also has a low trust level in the TTP. We then propose a generic construction of SSO from nominative signatures, and present a concrete initialisation. We also provide formal proofs to show that the proposed SSO scheme is secure according to our new formal model, if the underlying nominative signature is secure. We note that this is the first study that investigates the link between SSO and nominative signatures.

Motivated by anonymity being an essential privacy requirement in certain scenarios, we first formalize a security model of anonymous single-sign on (ASSO). Subsequently, we present a generic ASSO scheme which is transformed from group signatures. Formal proofs show that the proposed ASSO is secure under the assumption that the underlying group signature is secure according to Bellare et al.'s model introduced at CT-RSA 2005. Compared to existing SSO schemes, our transformation not only implements the user's anonymity, but also reduces the trust level in the TTP.