Browse Prior Art Database

Safe Single-Sign-On Protocol with Minimal Password Exposure No-Decryption, and Technology-Adaptivity

IP.com Disclosure Number: IPCOM000115090D
Original Publication Date: 1995-Mar-01
Included in the Prior Art Database: 2005-Mar-30
Document File: 4 page(s) / 178K

Publishing Venue

IBM

Related People

Janson, P: AUTHOR [+4]

Abstract

A user logging in to a system has either a password (which is a bad cryptographic key coming from a small key-space) or a master key stored in a special protected hardware (e.g., smart card, diskette). In both cases (in particular the first one) a server may use the initial key only once in the system to give the user a strong key for the duration of the session/day/logg-in unit. In both cases the idea is to protect the permanent secret, by a new secret (key) which is valid for the session (in the entire network). A basic mechanism to do it is suggested. The main property of the mechanism is that it is not sensitive to the exact safe-storage on which the permanent key is stored, and can be adapted to hardware changes/upgrades.

This text was extracted from an ASCII text file.
This is the abbreviated version, containing approximately 31% of the total text.

Safe Single-Sign-On Protocol with Minimal Password Exposure No-Decryption,
and Technology-Adaptivity

      A user logging in to a system has either a password (which is a
bad cryptographic key coming from a small key-space) or a master key
stored in a special protected hardware (e.g., smart card, diskette).
In both cases (in particular the first one) a server may use the
initial key only once in the system to give the user a strong key for
the duration of the session/day/logg-in unit.  In both cases the idea
is to protect the permanent secret, by a new secret (key) which is
valid for the session (in the entire network).  A basic mechanism to
do it is suggested.  The main property of the mechanism is that it is
not sensitive to the exact safe-storage on which the permanent key is
stored, and can be adapted to hardware changes/upgrades.  The
mechanism uses only encryption operations (no decryption) -- this is
an advantage in systems which do not support bulk-data
confidentiality and has only an access to an encryption device.  In
addition we usually do not need time-stamps/counters for the protocol
to work.  The protocol is secure against a very large set of attacks
on the network and is minimal in use of resources.  The mechanism can
adapt/be extended to various safe-storage technology mixes/changes
which is its main operational advantage over mechanisms relying on
specific storage medium.

      Single sign-on denotes the process by which a user presents his
'credentials' (master key, biometrics, password) only once at the
beginning of a work session to retrieve his basic secrets for the
rest of the session.  How the process may be carried out and what it
requires depends on the type of safe storage used.

      After deriving the permanent key from whatever secure media
used, the mechanism executes the exchange below.

      Each storage medium has a "retrieve mechanism" Kpw which
enables the user to retrieve the permanent key, and then possibly
randomizing it for the use in the protocol (which will give him a new
master session key to use for the session).  The separation of
fetching of permanent information method from the method for
generating and exchanging new session master keys is novel, and
enables mixed storage, mixed user population and easy maintenance and
upgrades of storage-technology, as well as reducing costs of
operation by providing the right security-cost tradeoff.
         Sign-On Protocol

      In this exchange, after the user has provided a nonce Na, he
receives from the server AS his basic master (session) key Ka,
exclusive-ored with the usual 2pp authentication expression, where
encryption is provided under a key (Kpw) formed through password
substitution involving the permanent key and the random Na of this
specific session (as another layer of safety)
to generate Kpwa=Epw(Na) is this key and it is used in the encryption
expression: Epwa(f(Na,Ns,AS)+Epwa(g(Na,Ns,AS)))+Ka.
    ...