For Libraries For Publication Open Access Downloads About Us Contact Us
Paper Titles
Managing Fragmented Database Replication for Mygrants Using Binary Vote Assignment on Cloud Quorum
p.1342
A Novel Weighted Dynamic Time Warping for Light Weight Speaker-Dependent Speech Recognition in Noisy and Bad Recording Conditions
p.1347
Seismic Data Denoising Simulation Research Based on Wavelet Transform
p.1356
Trajectory Pattern Mining: Methods and Applications
p.1361
Authentication Algorithm Based on Hash-Tree for Web Single Sign-On
p.1368
P300 Feature Extraction of Visual and Auditory Evoked EEG Signal
p.1374
Numerical Analysis of Interaction of Single Pile and Soil Based on ADINA
p.1378
Data Acquisition and Control of Air-Conditioning Systems Based on Virtual Instrument Technology
p.1382
Research and Application of Multi-Dimensional Model in 110 Incidents Data Warehouse
p.1386

Authentication Algorithm Based on Hash-Tree for Web Single Sign-On

Article Preview

Abstract:

During the authentication process of web-based single sign-on system, it is insecure that all authentication messages are forwarded by the browser, and its integrity protection is not comprehensive. This vulnerability can be exploited by attackers to bypass the authentication systems, login any account. In this work we analyze the vulnerability threat model and its root causes in detail, and propose an authentication algorithm based on Hash-tree. This algorithm can not only improve the security of the system, but the processing efficiency of the system is also acceptable according to the simulation results.

You might also be interested in these eBooks
Mechanical Design and Power Engineering View Preview

Info:

Periodical:

Applied Mechanics and Materials (Volumes 490-491)

Pages:

1368-1373

DOI:

https://doi.org/10.4028/www.scientific.net/AMM.490-491.1368

Citation:

Cite this paper

Online since:

January 2014

Authors:

Qiang Wei, Ze Hui Wu, Rong Hua Tao, Dong Ren

Keywords:

Authentication Algorithm, Hash Tree, Single Sign-On

Export:

RIS, BibTeX

Price:

Permissions CCC:

Request Permissions

Permissions PLS:

Request Permissions

Сopyright:

© 2014 Trans Tech Publications Ltd. All Rights Reserved

Share:

Citation:

References

[1] Rui Wang, Shuo Chen, XiaoFeng Wang. Signing Me onto Your Accounts through Facebook and Google: a Traffic-Guided Security Study of Commercially Deployed Single-Sign-On Web Services[C]. /The 2012 IEEE Symposium on Security and Privacy, IEEE Computer Society Washington, DC, USA; 2012: 365-379.

DOI: 10.1109/sp.2012.30

Google Scholar

[2] Florencio D, Herley C. A large-scale study of web password habits[C]. /The 16th International Conference on World Wide Web, ACM New York, NY, USA; 2007: 657-669.

DOI: 10.1145/1242572.1242661

Google Scholar

[3] Alessandro Armando, Roberto Carbone, Luca Compagna, Jorge Cuellar, G. Pellegrino. From Multiple Credentials to Browser-based Single Sign-On: Are We More Secure[C]. / The 6th international conference on Tests and Proofs, Springer-Verlag Berlin, Heidelberg; 2012: 3-18.

DOI: 10.1007/978-3-642-21424-0_6

Google Scholar

[4] San-Tsai Sun, Eric Pospisil, Eric Pospisil, etc al. What Makes Users Refuse Web Single Sign-On? An Empirical Investigation of OpenID[C]. /The 7th Symposium on Usable Privacy and Security, ACM New York, NY, USA; 2011: 4-16.

DOI: 10.1145/2078827.2078833

Google Scholar

[5] Andreas Leicher, Andreas U., Yogendra Shah. Schmidt Trusted computing enhanced user authentication with OpenID and trustworthy user interface[J]. International Journal of Internet Technology and Secured Transactions archive. 2011: 3(4): 331-353.

DOI: 10.1504/ijitst.2011.043133

Google Scholar

[6] Harnik D, Kolodner E K, Shulman-Peleg A. Secure access mechanism for cloud storage[J]. Scalable Computing: Practice and Experience, 2011(12): 317-336.

Google Scholar

[7] Halevi S, Danny H , Shulman-Peleg A . Proofs of ownership in remote storage systems[C]. /The 18th ACM conference on Computer and communications security, New York: ACM, 2011: 491-500.

DOI: 10.1145/2046707.2046765

Google Scholar

[8] G. Ateniese, R. Burns, R. Curtmola, J. Herring, L. Kissner, Z. Peterson, and D. Song. Provable data possession at untrusted stores[C]. /The 14th ACM conference on Computer and communications security, New York: ACM, 2007: 598-609.

DOI: 10.1145/1315245.1315318

Google Scholar

[9] Dolev D, Yao A. On the securi ty of public key pro tocols[J]. IEEE Transactions on Informat ion Theory Mar. 1983: 29(2): 198-208.

Google Scholar

[10] W. Dai. Crypto++ Library, 5. 6. 1, Jan, 2011. http: /www. cryptopp. com.

Google Scholar

© 2025 Trans Tech Publications Ltd. All rights are reserved, including those for text and data mining, AI training, and similar technologies. For open access content, terms of the Creative Commons licensing CC-BY are applied.
Scientific.Net is a registered trademark of Trans Tech Publications Ltd.