Security Analysis of a Single Sign-On Mechanism For Distributed Computer Networks
Journal Title: IOSR Journals (IOSR Journal of Computer Engineering) - Year 2014, Vol 16, Issue 3
Abstract
Abstract: Single sign on mechanisms allow users to sign on only once and have their identities automatically verified by each application or service they want to access afterwards. There are few practical and secure single sign on models, even though it is of great importance to current distributed application environments. Most of current application architectures require the user to memorize and utilize a different set of credentials (eg username/password or tokens) for each application he/she wants to access. However, this approach is inefficient and insecure with the exponential growth in the number of applications and services a user has to access both inside corporative environments and at the Internet. Single sign on (SSO) is a new authentication mechanism that enables a legal user with a single credential to be authenticated by multiple service providers in distributed computer networks. Recently, Chang and Lee proposed a new SSO scheme and claimed its security by providing well organized security arguments. In this paper, however, it is shown that their scheme is actually insecure as it fails to meet security during communication, in order to provide a secure authentication digital signature with hash function is researched for future work.
Authors and Affiliations
C. Ramakrishnan , S. Dhanabal
Keywords
Related Articles
- EP ID EP142113
- DOI 10.9790/0661-1633146149
- Views 96
- Downloads 0
A novel fuzzy rule based system for assessment of ground water potability: A case study in South India
Groundwater is an important water resource for domestic, irrigation, and industrial needs. The most widely exploited use of this resource is for consumption. Assessment of potability of any ground water samples &...
A Survey on Different Levels of Risks during Different Phases in Data Warehouse
Abstract: The term Data Warehouse represents huge collection of historical data which are subject-oriented, non-volatile, integrated, and time-variant and such data is required for the business needs [1]. Data warehouses...
Performance Evaluation of IPv4 Vs Ipv6 and TunnellingTechniques Using Optimized Network Engineering Tools(OPNET)
Abstract: Internet Protocol version 6 (IPv6) is the latest version of the Internet Protocol (IP). IPv6 is intendedto replace IPv4, which is still widely used, in order to deal with the problem of IPv4 address exhau...
Intelligence Billing System Using Radio Frequency Identification(RFID) and ZIGBEE
Abstract: As we know that there is a huge crowd in the malls in metro cities. Especially it becomes morecrowded on holidays. People purchase different items in the malls and puts them in the trolley. At the cashcounter b...
Survey on adverse influencing factors in the way of successfulrequirement engineering
Abstract: Requirement engineering is the first phase for the development of any software. Software have beendiscarded due to poor and ambiguous requirements. This study based on the results of surveys conducted to...