A New PKI-based Single Sign-On Protocol for a Diminutive Security Device, PANDA, in a Ubiquitous Security Environment

This paper describes the issues and challenges in the design of a new PKI-based security infrastructure enhanced with single sign-on and delegation technology for a diminutive security device in a ubiquitous security environment. In order to provide the PKI-based ubiquitous security infrastructure in consideration of the issues, we propose a PKI-based single signon protocol that provides a user with a transparent security mechanism and seamless authentication services using delegation technology. It also enables cost-effective deployment of the security services by offloading complex PKI operations from the devices to the infrastructure. Although a conventional delegation mechanism cannot support non-repudiation mechanism against malicious user’s behavior, our proposed protocol and security infrastructure can provide the mechanism by devising a referee server that generates binding information between a device and authentication messages, and retains the information in its local storage for future accusation. The detailed design of the protocol and a PKI-based service infrastructure are presented and then protocol analysis is given in terms of a user authentication latency and the protocol’s completeness.