Computationally Efficient PKI-Based Single Sign-On Protocol, PKASSO for Mobile Devices
In an attempt to expand Public Key Infrastructure (PKI) usage to a ubiquitous and mobile computing environment, we found that the deployment of the PKI on a resource-constrained device such as an 8-bit microprocessor leads to user-obstructive latency or additional circuitry for the operations. To al...
Gespeichert in:
| Veröffentlicht in: | IEEE transactions on computers 2008-06, Vol.57 (6), p.821-834 |
|---|---|
| Hauptverfasser: | , , |
| Format: | Artikel |
| Sprache: | eng |
| Schlagworte: | |
| Online-Zugang: | Volltext bestellen |
| Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
| container_end_page | 834 |
|---|---|
| container_issue | 6 |
| container_start_page | 821 |
| container_title | IEEE transactions on computers |
| container_volume | 57 |
| creator | Park, Ki-Woong Lim, Sang Seok Park, Kyu Ho |
| description | In an attempt to expand Public Key Infrastructure (PKI) usage to a ubiquitous and mobile computing environment, we found that the deployment of the PKI on a resource-constrained device such as an 8-bit microprocessor leads to user-obstructive latency or additional circuitry for the operations. To alleviate these limitations, we propose a new PKI-based authentication protocol and security infrastructure, namely, PKASSO, which is enhanced with the single sign-on and delegation technology that is used especially for mobile devices with restricted computation power. PKASSO offloads complex PKI operations from the mobile devices to the infrastructure so as to keep the hardware and software complexity of the devices as low as possible. In addition, even though a conventional delegation mechanism cannot support a nonrepudiation mechanism against malicious user behavior, PKASSO can provide such a mechanism by devising a referee server that, on one hand, generates binding information between a device and authentication messages and, on the other hand, retains the information in its local storage for future accusation. We present the detailed design and performance evaluation of PKASSO and offer a protocol analysis in terms of user authentication latency and the completeness of the protocol. According to the performance evaluation, the authentication latency of our infrastructure (which averages 0.082 second) is much shorter than the authentication latency of a conventional PKI-based authentication latency (which averages 5.01 seconds). |
| doi_str_mv | 10.1109/TC.2008.36 |
| format | Article |
| fullrecord | <record><control><sourceid>proquest_RIE</sourceid><recordid>TN_cdi_crossref_primary_10_1109_TC_2008_36</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><ieee_id>4459312</ieee_id><sourcerecordid>875090251</sourcerecordid><originalsourceid>FETCH-LOGICAL-c373t-2db1eea13084b1ebaa2aa4ff6e09c57c798a03c7e71871a956d3fc87782d1aae3</originalsourceid><addsrcrecordid>eNqF0U1LAzEQBuAgCtaPi1cviwcFcesk2U02R13rB1YqtHpd0nRWIttNTbZC_70pFQ8e9DRzeHhh5iXkiEKfUlCXk7LPAIo-F1ukR_NcpkrlYpv0AGiRKp7BLtkL4R0ABAPVI6-lmy-Wne6sa3XTrJJBXVtjse2S58eH9FoHnCVj2741GMdbm47a5Nm7zhnXXERyNR6Pktr55MlNbTQ3-GkNhgOyU-sm4OH33Ccvt4NJeZ8OR3cP5dUwNVzyLmWzKUXUlEORxW2qNdM6q2uBoEwujVSFBm4kSlpIquMpM16bQsqCzajWyPfJ2SZ34d3HEkNXzW0w2DS6RbcMlQIuKFci-1cWMgcFLKdRnv4peZaBpJxFePILvrulj2-MaYLlgjEGEZ1vkPEuBI91tfB2rv2qolCtO6smZbXurOIi4uMNtoj4A7MsV5wy_gXzV4-X</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>862562220</pqid></control><display><type>article</type><title>Computationally Efficient PKI-Based Single Sign-On Protocol, PKASSO for Mobile Devices</title><source>IEEE Electronic Library (IEL)</source><creator>Park, Ki-Woong ; Lim, Sang Seok ; Park, Kyu Ho</creator><creatorcontrib>Park, Ki-Woong ; Lim, Sang Seok ; Park, Kyu Ho</creatorcontrib><description>In an attempt to expand Public Key Infrastructure (PKI) usage to a ubiquitous and mobile computing environment, we found that the deployment of the PKI on a resource-constrained device such as an 8-bit microprocessor leads to user-obstructive latency or additional circuitry for the operations. To alleviate these limitations, we propose a new PKI-based authentication protocol and security infrastructure, namely, PKASSO, which is enhanced with the single sign-on and delegation technology that is used especially for mobile devices with restricted computation power. PKASSO offloads complex PKI operations from the mobile devices to the infrastructure so as to keep the hardware and software complexity of the devices as low as possible. In addition, even though a conventional delegation mechanism cannot support a nonrepudiation mechanism against malicious user behavior, PKASSO can provide such a mechanism by devising a referee server that, on one hand, generates binding information between a device and authentication messages and, on the other hand, retains the information in its local storage for future accusation. We present the detailed design and performance evaluation of PKASSO and offer a protocol analysis in terms of user authentication latency and the completeness of the protocol. According to the performance evaluation, the authentication latency of our infrastructure (which averages 0.082 second) is much shorter than the authentication latency of a conventional PKI-based authentication latency (which averages 5.01 seconds).</description><identifier>ISSN: 0018-9340</identifier><identifier>EISSN: 1557-9956</identifier><identifier>DOI: 10.1109/TC.2008.36</identifier><identifier>CODEN: ITCOB4</identifier><language>eng</language><publisher>New York: IEEE</publisher><subject>Authentication ; Computation ; Computer programs ; Devices ; Infrastructure ; Mobile communication systems ; Network security ; Network-level security and protection ; Performance evaluation ; Public Key Infrastructure ; Security ; Servers ; Studies ; Ubiquitous computing</subject><ispartof>IEEE transactions on computers, 2008-06, Vol.57 (6), p.821-834</ispartof><rights>Copyright The Institute of Electrical and Electronics Engineers, Inc. (IEEE) 2008</rights><lds50>peer_reviewed</lds50><woscitedreferencessubscribed>false</woscitedreferencessubscribed><citedby>FETCH-LOGICAL-c373t-2db1eea13084b1ebaa2aa4ff6e09c57c798a03c7e71871a956d3fc87782d1aae3</citedby><cites>FETCH-LOGICAL-c373t-2db1eea13084b1ebaa2aa4ff6e09c57c798a03c7e71871a956d3fc87782d1aae3</cites></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://ieeexplore.ieee.org/document/4459312$$EHTML$$P50$$Gieee$$H</linktohtml><link.rule.ids>314,776,780,792,27901,27902,54733</link.rule.ids><linktorsrc>$$Uhttps://ieeexplore.ieee.org/document/4459312$$EView_record_in_IEEE$$FView_record_in_$$GIEEE</linktorsrc></links><search><creatorcontrib>Park, Ki-Woong</creatorcontrib><creatorcontrib>Lim, Sang Seok</creatorcontrib><creatorcontrib>Park, Kyu Ho</creatorcontrib><title>Computationally Efficient PKI-Based Single Sign-On Protocol, PKASSO for Mobile Devices</title><title>IEEE transactions on computers</title><addtitle>TC</addtitle><description>In an attempt to expand Public Key Infrastructure (PKI) usage to a ubiquitous and mobile computing environment, we found that the deployment of the PKI on a resource-constrained device such as an 8-bit microprocessor leads to user-obstructive latency or additional circuitry for the operations. To alleviate these limitations, we propose a new PKI-based authentication protocol and security infrastructure, namely, PKASSO, which is enhanced with the single sign-on and delegation technology that is used especially for mobile devices with restricted computation power. PKASSO offloads complex PKI operations from the mobile devices to the infrastructure so as to keep the hardware and software complexity of the devices as low as possible. In addition, even though a conventional delegation mechanism cannot support a nonrepudiation mechanism against malicious user behavior, PKASSO can provide such a mechanism by devising a referee server that, on one hand, generates binding information between a device and authentication messages and, on the other hand, retains the information in its local storage for future accusation. We present the detailed design and performance evaluation of PKASSO and offer a protocol analysis in terms of user authentication latency and the completeness of the protocol. According to the performance evaluation, the authentication latency of our infrastructure (which averages 0.082 second) is much shorter than the authentication latency of a conventional PKI-based authentication latency (which averages 5.01 seconds).</description><subject>Authentication</subject><subject>Computation</subject><subject>Computer programs</subject><subject>Devices</subject><subject>Infrastructure</subject><subject>Mobile communication systems</subject><subject>Network security</subject><subject>Network-level security and protection</subject><subject>Performance evaluation</subject><subject>Public Key Infrastructure</subject><subject>Security</subject><subject>Servers</subject><subject>Studies</subject><subject>Ubiquitous computing</subject><issn>0018-9340</issn><issn>1557-9956</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2008</creationdate><recordtype>article</recordtype><sourceid>RIE</sourceid><recordid>eNqF0U1LAzEQBuAgCtaPi1cviwcFcesk2U02R13rB1YqtHpd0nRWIttNTbZC_70pFQ8e9DRzeHhh5iXkiEKfUlCXk7LPAIo-F1ukR_NcpkrlYpv0AGiRKp7BLtkL4R0ABAPVI6-lmy-Wne6sa3XTrJJBXVtjse2S58eH9FoHnCVj2741GMdbm47a5Nm7zhnXXERyNR6Pktr55MlNbTQ3-GkNhgOyU-sm4OH33Ccvt4NJeZ8OR3cP5dUwNVzyLmWzKUXUlEORxW2qNdM6q2uBoEwujVSFBm4kSlpIquMpM16bQsqCzajWyPfJ2SZ34d3HEkNXzW0w2DS6RbcMlQIuKFci-1cWMgcFLKdRnv4peZaBpJxFePILvrulj2-MaYLlgjEGEZ1vkPEuBI91tfB2rv2qolCtO6smZbXurOIi4uMNtoj4A7MsV5wy_gXzV4-X</recordid><startdate>20080601</startdate><enddate>20080601</enddate><creator>Park, Ki-Woong</creator><creator>Lim, Sang Seok</creator><creator>Park, Kyu Ho</creator><general>IEEE</general><general>The Institute of Electrical and Electronics Engineers, Inc. (IEEE)</general><scope>97E</scope><scope>RIA</scope><scope>RIE</scope><scope>AAYXX</scope><scope>CITATION</scope><scope>7SC</scope><scope>7SP</scope><scope>8FD</scope><scope>JQ2</scope><scope>L7M</scope><scope>L~C</scope><scope>L~D</scope><scope>F28</scope><scope>FR3</scope></search><sort><creationdate>20080601</creationdate><title>Computationally Efficient PKI-Based Single Sign-On Protocol, PKASSO for Mobile Devices</title><author>Park, Ki-Woong ; Lim, Sang Seok ; Park, Kyu Ho</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c373t-2db1eea13084b1ebaa2aa4ff6e09c57c798a03c7e71871a956d3fc87782d1aae3</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2008</creationdate><topic>Authentication</topic><topic>Computation</topic><topic>Computer programs</topic><topic>Devices</topic><topic>Infrastructure</topic><topic>Mobile communication systems</topic><topic>Network security</topic><topic>Network-level security and protection</topic><topic>Performance evaluation</topic><topic>Public Key Infrastructure</topic><topic>Security</topic><topic>Servers</topic><topic>Studies</topic><topic>Ubiquitous computing</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Park, Ki-Woong</creatorcontrib><creatorcontrib>Lim, Sang Seok</creatorcontrib><creatorcontrib>Park, Kyu Ho</creatorcontrib><collection>IEEE All-Society Periodicals Package (ASPP) 2005-present</collection><collection>IEEE All-Society Periodicals Package (ASPP) 1998-Present</collection><collection>IEEE Electronic Library (IEL)</collection><collection>CrossRef</collection><collection>Computer and Information Systems Abstracts</collection><collection>Electronics & Communications Abstracts</collection><collection>Technology Research Database</collection><collection>ProQuest Computer Science Collection</collection><collection>Advanced Technologies Database with Aerospace</collection><collection>Computer and Information Systems Abstracts Academic</collection><collection>Computer and Information Systems Abstracts Professional</collection><collection>ANTE: Abstracts in New Technology & Engineering</collection><collection>Engineering Research Database</collection><jtitle>IEEE transactions on computers</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext_linktorsrc</fulltext></delivery><addata><au>Park, Ki-Woong</au><au>Lim, Sang Seok</au><au>Park, Kyu Ho</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>Computationally Efficient PKI-Based Single Sign-On Protocol, PKASSO for Mobile Devices</atitle><jtitle>IEEE transactions on computers</jtitle><stitle>TC</stitle><date>2008-06-01</date><risdate>2008</risdate><volume>57</volume><issue>6</issue><spage>821</spage><epage>834</epage><pages>821-834</pages><issn>0018-9340</issn><eissn>1557-9956</eissn><coden>ITCOB4</coden><abstract>In an attempt to expand Public Key Infrastructure (PKI) usage to a ubiquitous and mobile computing environment, we found that the deployment of the PKI on a resource-constrained device such as an 8-bit microprocessor leads to user-obstructive latency or additional circuitry for the operations. To alleviate these limitations, we propose a new PKI-based authentication protocol and security infrastructure, namely, PKASSO, which is enhanced with the single sign-on and delegation technology that is used especially for mobile devices with restricted computation power. PKASSO offloads complex PKI operations from the mobile devices to the infrastructure so as to keep the hardware and software complexity of the devices as low as possible. In addition, even though a conventional delegation mechanism cannot support a nonrepudiation mechanism against malicious user behavior, PKASSO can provide such a mechanism by devising a referee server that, on one hand, generates binding information between a device and authentication messages and, on the other hand, retains the information in its local storage for future accusation. We present the detailed design and performance evaluation of PKASSO and offer a protocol analysis in terms of user authentication latency and the completeness of the protocol. According to the performance evaluation, the authentication latency of our infrastructure (which averages 0.082 second) is much shorter than the authentication latency of a conventional PKI-based authentication latency (which averages 5.01 seconds).</abstract><cop>New York</cop><pub>IEEE</pub><doi>10.1109/TC.2008.36</doi><tpages>14</tpages></addata></record> |
| fulltext | fulltext_linktorsrc |
| identifier | ISSN: 0018-9340 |
| ispartof | IEEE transactions on computers, 2008-06, Vol.57 (6), p.821-834 |
| issn | 0018-9340 1557-9956 |
| language | eng |
| recordid | cdi_crossref_primary_10_1109_TC_2008_36 |
| source | IEEE Electronic Library (IEL) |
| subjects | Authentication Computation Computer programs Devices Infrastructure Mobile communication systems Network security Network-level security and protection Performance evaluation Public Key Infrastructure Security Servers Studies Ubiquitous computing |
| title | Computationally Efficient PKI-Based Single Sign-On Protocol, PKASSO for Mobile Devices |
| url | https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-02-10T02%3A06%3A37IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_RIE&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=Computationally%20Efficient%20PKI-Based%20Single%20Sign-On%20Protocol,%20PKASSO%20for%20Mobile%20Devices&rft.jtitle=IEEE%20transactions%20on%20computers&rft.au=Park,%20Ki-Woong&rft.date=2008-06-01&rft.volume=57&rft.issue=6&rft.spage=821&rft.epage=834&rft.pages=821-834&rft.issn=0018-9340&rft.eissn=1557-9956&rft.coden=ITCOB4&rft_id=info:doi/10.1109/TC.2008.36&rft_dat=%3Cproquest_RIE%3E875090251%3C/proquest_RIE%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_pqid=862562220&rft_id=info:pmid/&rft_ieee_id=4459312&rfr_iscdi=true |