Confidence Analysis of a Solo Sign-On Device for Distributed Computer Networks: A Modeling Approach

Solo sign-on (SSO) is a new authentication mechanism that allows a legal user to be authenticated by numerous service providers in a distributed computer network using a single credential. A SSO technique recently suggested and claimed security by presenting well-organized security reasons. However, their technique is insecure since it violates credential privacy and authentication soundness. We describe two impersonation attacks in particular: credential recovery attacks and impersonation attacks without credentials. As a result, we present a stronger authentication technique that uses efficient verifiable encryption of RSA signatures to overcome these attacks and flaws. As one open problem, we support the formal study of the soundness of authentication.