Computationally Efficient PKI-Based Single Sign-On Protocol, PKASSO for Mobile Devices

In an attempt to expand Public Key Infrastructure (PKI) usage to a ubiquitous and mobile computing environment, we found that the deployment of the PKI on a resource-constrained device such as an 8-bit microprocessor leads to user-obstructive latency or additional circuitry for the operations. To alleviate these limitations, we propose a new PKI-based authentication protocol and security infrastructure, namely, PKASSO, which is enhanced with the single sign-on and delegation technology that is used especially for mobile devices with restricted computation power. PKASSO offloads complex PKI operations from the mobile devices to the infrastructure so as to keep the hardware and software complexity of the devices as low as possible. In addition, even though a conventional delegation mechanism cannot support a nonrepudiation mechanism against malicious user behavior, PKASSO can provide such a mechanism by devising a referee server that, on one hand, generates binding information between a device and authentication messages and, on the other hand, retains the information in its local storage for future accusation. We present the detailed design and performance evaluation of PKASSO and offer a protocol analysis in terms of user authentication latency and the completeness of the protocol. According to the performance evaluation, the authentication latency of our infrastructure (which averages 0.082 second) is much shorter than the authentication latency of a conventional PKI-based authentication latency (which averages 5.01 seconds).