Confidence Analysis of a Solo Sign-On Device for Distributed Computer Networks
Solo Sign-On (SSO) is a new authentication mechanism that enables a legal user with a single credential to be authenticated by multiple service providers in a distributed computer network. Recently, a SSO scheme proposed and claimed its security by providing well organized security arguments. But their scheme is actually insecure as it fails to meet credential privacy and soundness of authentication. Specifically, the authors present two impersonation attacks i.e., credential recovering attack and impersonation attack without credentials.