Single Sign-on Model Based on Trusted-DAA Connection

Journal of System Simulation ›› 2016, Vol. 28 ›› Issue (4): 890-897.

Previous Articles Next Articles

Single Sign-on Model Based on Trusted-DAA Connection

Yang Xiaohui, Jiang Lijun, Wang Hong, Chang Siyuan

Institute of Network Technology, Hebei University, Baoding 071002, China

Received:2014-07-15 Revised:2014-10-20 Online:2016-04-08 Published:2020-07-02

Abstract

Abstract: Traditional single sign-on (SSO) models adopt SSL connections in the cloud computing environments, while there exist several problems such as certificates cannot be updated in time, certificate updating needs a third party CA, etc.. To solve above problems, TPM was introduced between cloud identity providers and cloud service providers, and a trusted DAA connection (T-D-SSL) was designed by adopting the DAA authentication method to implementation cross platform trusted authentication, secure channel establishment, and certificate updating operation. Combining with T-D-SSL, SAML2.0, and ID-FF1.2, a new SSO model of the cloud computing environments was proposed, which could make sure the system security and reduce the performance lose due to the introduction of TPM. The simulation experiment results indicate T-D-SSL model can realize cross domain SSO safely and efficiently in the cloud computing environments.

Key words: trusted computing, single sign-on, direct anonymous attestation, authentication

CLC Number:

TP393

Yang Xiaohui, Jiang Lijun, Wang Hong, Chang Siyuan. Single Sign-on Model Based on Trusted-DAA Connection[J]. Journal of System Simulation, 2016, 28(4): 890-897.

References

[1] 冯登国, 张敏, 张妍, 等. 云计算安全研究[J]. 软件学报, 2011, 22(1): 71-83.
[2] Radha V, Reddy D H.A Survey on Single Sign-On Techniques[J]. Procedia Technology (S1877-7058), 2012, 4: 134-139.
[3] Microsoft Windows Live ID服务 [EB/OL]. (2006-06-19) [2014-02-06] https://msdn.microsoft.com/zh-cn/library/aa479889.aspx.
[4] Cantor S, Hodges J, Kemp J, et al. Liberty ID-FF Architecture Overview [EB/OL]. (2004-09-30) [2014-02-06]http://www.projectliberty.org/liberty/.
[5] Internet2. Shibboleth Project [EB/OL]. (2014-02-26) [2014-03-10]http://shibboleth.net/about/.
[6] Lewis K D, Lewis J E.Web Single Sign-On Authentication using SAML[J]. International Journal of Computer Science Issues (IJCSI)(S1694-0784), 2010, 7(4): 41-48.
[7] Armando A, Carbone R, Compagna L, et al.From Multiple Credentials to Browser-based Single Sign-on: Are We More Secure?[M]// Future Challenges in Security and Privacy for Academia and Industry. Germany: Springer Berlin Heidelberg, 2011: 68-79.
[8] Kirandeep K, Divya B.Security Vulnerabilities in SAML based Single Sign-On Authentication in Cloud [C]// 1st International Workshop on Cloud Computing and Information Security. Amsterdam, Holland: Atlantis Press, 2013: 294-298.
[9] 沈昌祥, 张焕国, 王怀民, 等. 可信计算的研究与发展[J]. 中国科学: 信息科学, 2010, 40(2): 139-166.
[10] 冯登国, 秦宇, 汪丹, 等. 可信计算技术研究[J]. 计算机研究与发展, 2011, 48(8): 1332-1349.
[11] Brickell E, Camenisch J, Chen L.Direct anonymous attestation[C]// Proceedings of the 11th ACM conference on Computer and communications security. USA: ACM, 2004: 132-145.
[12] 张毅, 周鹏, 侯整风. 一种基于ELGamal签名和零知识证明的双向认证方案[J]. 系统仿真学报, 2011, 23(1): 307-309.
[13] 谭良, 孟伟明, 周明天. 一种优化的直接匿名证言协议方案[J]. 计算机研究与发展, 2014, 51(2): 334-343.
[14] 胡建军. GF(p)上构造安全椭圆曲线的一种新方法[J].武汉大学学报(工学版), 2014, 47(2): 286-288.

Single Sign-on Model Based on Trusted-DAA Connection

PDF (PC)

Knowledge

Abstract

Cite this article

share this article

References

Related Articles 2

Recommended Articles

Metrics

Comments

[1]	Gu Xiaojing, Fu Chuanqing, Gu Xingsheng. Facial Vital Sign Based Countermeasure Against 3D Mask Attacks [J]. Journal of System Simulation, 2016, 28(2): 361-368.
[2]	Zhou Weiwei, Yue Yuntian, Yu Bin. Research of Multi-factor Identity Authentication Scheme for ZigBee Network Nodes [J]. Journal of System Simulation, 2015, 27(4): 762-769.