Efficient and Secure Time-Key Based Single Sign-On Authentication for Mobile Devices

Abstract

In recent years, mobile devices are becoming an integrated part of our society, and this reinforces the need for security and privacy without incurring additional communication and computation costs. In this paper, we propose a new efficient privacy preserving time-key-based single sign-on (TK-SSO) authenticated key management protocol for mobile devices using elliptic curve cryptography. This allows us to achieve the desirable security properties along with significantly reduced computation and communication costs. TK-SSO also supports the revocation of mobile users and servers. We prove the security of TK-SSO in a widely accepted adversary real-or-random model, as well as using Burrows–Abadi–Needham (BAN) logic and the Automated Validation of Internet Security Protocols and Applications (AVISPA) simulation tool to demonstrate that TK-SSO can resist various known attacks. We then evaluate the performance of TK-SSO and three related protocols to demonstrate its utility.