SECURITY ANALYSIS OF A SINGLE SIGN-ON MECHANISM USING ELLIPTIC CURVE CRYPTOGRAPHY IN DISTRIBUTED COMPUTER NETWORKS

Single sign-on (shortly called as SSO) is an authentication mechanism that enables a legal user with a single credential to be authenticated by multiple service providers in a distributed computer network. Recently, Chang and Lee proposed a new SSO scheme and claimed its security by providing well-organized security arguments. In another attack, an outsider without any credential may be able to enjoy network services freely by impersonating any legal user or a nonexistent user. We identify the flaws in their security arguments to explain why attacks are possible against their SSO scheme. Our attacks also apply to another SSO scheme proposed by Hsu and Chuang, which inspired the design of the Chang–Lee scheme. In our proposed work we use Elliptic Curve Cryptography (shortly ECC) for high efficiency with smaller key sizes useful for security arguments that has limited power .In the proposed system using ECC the cryptographic operations will be performed with fewer processor cycles and operation can be performed much faster and providing well-organized security arguments in distributed computer network.