Abstract
Single sign-on (SSO) techniques allow access control for multiple systems with a single login. The aim of our study is to construct an authentication algorithm that provides the authentication information of a user to a requester without requiring any specific token, thereby achieving domain-free access control. In this study, we propose an authentication algorithm for SSO based on a verifiable encryption (VE)-based authentication algorithm and implementation. VE is a kind of cryptosystem that allows calculation on cyphertexts, generating an encrypted result, which matches the distance between two plaintexts when decrypting. In our approach, we first construct the mathematical SSO algorithm based on the VE-based algorithm, and then implement the algorithm by applying the one-time pad to the algorithm and using sample data. We also consider robustness against theoretical attacks such as man-in-the-middle attack. In addition to that, our algorithm is robust against the well-known classical and theoretical attacks, the man-in-the-middle attack against the proposed algorithm is also impracticable. Furthermore, with security analysis using Proverif, the algorithm has been shown to be secure. The execution speed is less than 1 ms even with a text length of 8192 bits. Based on our results, it is evident that the computational burden of trusted third parties, such as a certificate authority, can be alleviated because the public key agreement is not required in our algorithm. Moreover, since only the authentication information is disclosed to the service provider, big tech such as GAFA cannot obtain personal information of the user without consent. As for the originality of our algorithm, any personal information, such as biometric information and non-contact magnetic IC cards in addition to the pair of ID and password, which is used for common SSO algorithms, is available.
Highlights
According to the 2019 mid-year estimates of the world internet usage and population statistics, there are more than 4.5 billion internet users in the world, and this number is persistently increasing [1].From 2000 to 2019, the number of internet users increased by 1157%; this significant increase in the number of users can be attributed to the remarkable developments in network technologies.In general, a system or device accepts or rejects a user’s request for a network service by first verifying the user’s identity when it receives the request
This identity verification process is called authentication, which refers to the act of checking whether the identity provided by Alice is the same as the identity of Alice held by Bob
We propose an authentication algorithm based on verifiable encryption, which is a type of cryptosystem that allows calculation on the space of cyphertexts and returns an encrypted result representing the distance between two plaintexts
Summary
A system or device accepts or rejects a user’s request for a network service by first verifying the user’s identity when it receives the request. In a traditional electronic system or device, the validity of a service request is verified by checking whether the pair of ID and password provided by the user matches the stored ID and password information. This identity verification process is called authentication, which refers to the act of checking whether the identity provided by Alice is the same as the identity of Alice held by Bob. Here, Bob is called a verifier, while Alice is called a Cryptography 2020, 4, 16; doi:10.3390/cryptography4020016 www.mdpi.com/journal/cryptography
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
