Authors:
Anass Sbai
;
Cyril Drocourt
and
Gilles Dequen
Affiliation:
MIS Laboratory, University of Picardie Jules Verne, Amiens, France
Keyword(s):
Authentication, Delegation, Single Signe On, Proxy Re-Encryption.
Abstract:
New trends highlight the use of delegated authentication solutions where identity providers do not need to synchronize user credentials with services. It is a facility for service providers and also for users who do not have to create multiple accounts. Different solutions for single sign-on and delegated authentication exist. Most of these solutions require many exchanges between the different actors involved in the protocol, an additional TLS layer and/or the use of signature schemes which, in terms of security, rely on random oracles for reasons of efficiency. In this article, we recall the concept of the best known solutions (e.g. Kerberos, OpenID, ...), briefly discuss the possibility of using one-way accumulators and define the Proxy Re-Encryption (PRE). Next, we propose a new delegated authentication protocol that allows users to authenticate anonymously on insecure networks and therefore asynchronously without direct communication between identity providers and service provid
ers while minimizing the number of interactions. We based our solution on the use of PRE which could be instantiated by schemes based on standard assumptions. We first show how our protocol behaves against different types of attacks. Then in a more formal manner, we present the proof of security based on an adaptation of BAN logic method that supports the use of PRE functionalities.
(More)