Device-Enhanced Password-Based Threshold Single-Sign-On Authentication

Password-based threshold single-sign-on authentication (PbTA) allows multiple identity servers to in a threshold manner authenticate a user and issue a token, with which the user accesses relevant services. We analyze existing PbTA schemes and reveal a potential threat: vulnerability against perpetual credential leakage, in which “perpetual” adversaries could perpetually attempt to compromise long-lived credential databases maintained by identity servers. Compromising a threshold number of credential databases enables the adversaries to launch offline dictionary guessing attacks (DGA) or illegally obtain users’ tokens. To address these issues, we first propose a basic device-enhanced PbTA scheme (DE-PbTA), where an auxiliary device collaborates with identity servers in hardening a user’s password during authentication, such that perpetual adversaries cannot learn the password from compromised credentials via offline DGA. Using the hardened password, a private key can be derived to decrypt ciphertexts from identity servers for token construction, which protects the user’s tokens against perpetual adversaries. Then, we extend basic DE-PbTA to support dynamic usage of multiple devices, where a user can actively choose $t^{\prime } $ devices out of $n^{\prime } $ for authentication. Provable security and high efficiency of the basic/enhanced DE-PbTA scheme are demonstrated by comprehensive analysis and experimental evaluations.