Double SSO – A Prudent and Lightweight SSO Scheme

Abstract

User authentication means the verification of a user identity in a computer system. In a typical scenario, users in an organization have access to several independent services, each of them requires separate credentials (e.g., user name and password) for user authentication. Users waste a considerable amount of time trying to recall their different credentials. The helpdesk workload caused by lost or forgotten credentials is also significant. Single Sign-On (SSO) was shown to be a successful authentication mechanism in networking environments where a large number of credentials would otherwise be required. SSO means that users authenticate only once and are granted access to the services they subsequently use without the need to reauthenticate. Obviously, SSO would increase users' productivity and satisfaction and reduce helpdesk calls. It also improves the usability of the system utilizing it. As a consequence, SSO has become an alluring feature called for by IT managers of organizations of various sizes. In this thesis, we study the SSO technology from two analogous perspectives. In the first perspective, we view the technology from an industrial angle and introduce the knowledge necessary for an organization to determine its strategic SSO solution. We accomplish this by describing the taxonomies of SSO solutions and their qualities, in addition to presenting the architectures and operations of example SSO solutions in use today. In the second perspective, we move to (what we suppose) the next level and present our own SSO solution; namely Double SSO. Double SSO is a new SSO scheme designed to be lightweight, efficient and safe to implement in any wired or wireless networking infrastructure where SSO is needed, especially if the devices used in that infrastructure are resource constrained. This scheme appeals for a number of reasons. Of those reasons we mention; the minimum number of computations required and the minimum number of keys needed to accomplish the SSO experience, the ability to use digital identities of any type and to function in ubiquitous smart environments, and the immunity against known attacks.