Authentication latency reduction technique based on a delegation mechanism and an efficient PKI-based single sign-on protocol

Abstract

This thesis presents a diminutive security device for a ubiquitous security environment and a new PKI-based security infrastructure enhanced with single sign-on and delegation technology for the diminutive security device in a ubiquitous security environment. In an attempt to realize the environment without compromising any security level, we identified the two challenging issues in the device and infrastructure. From the device``s perspective, PKI operations are too much time and power consuming, considering the device``s limited computing power and battery life time. From the infrastructure``s perspective, the relatively large number of ubiquitous service devices makes it extremely difficult for the infrastructure to manage critical information of the devices. Thus, in order to provide the PKI-based ubiquitous security infrastructure in consideration of the issues, we propose a diminutive security device and a PKI-based single sign-on protocol that provides a user with a transparent security mechanism and seamless authentication services using delegation technology. It also enables cost-effective deployment of the security services by offloading complex PKI operations from the devices to the infrastructure. Although a conventional delegation mechanism cannot support non-repudiation mechanism against malicious user``s behavior, our proposed protocol and security infrastructure can provide the mechanism by devising a referee server that generates binding information between a device and authentication messages, and retains the information in its local storage for future accusation. The detailed design and implementation of the protocol and a PKI-based service infrastructure are presented and then protocol analysis is given in terms of a user authentication latency and the protocol``s completeness.