Securely Propagating Authentication in an Ensemble of Personal Devices Using Single Sign-on

摘要

More and more, people will continuously be using ubiquitously available networked computational devices as they go about their lives: small personal devices that they carry, appliances that they find in their surroundings, and servers in remote data centers. Some of the data exchanged by these devices will be private and should be protected. Normally to protect data, users would need to authenticate themselves with a device by signing on to it. However it will be physically impossible to sign onto devices that have limited or no user interface and even if they all had a sufficient user interface it will be an intolerable burden to have to sign on to each of many devices, particularly as the membership of the ensemble of devices continuously changes with the user's movements. Making authentication in this environment more difficult is the fact that these devices are usually connected in a personal area network that is neither secure nor reliable and uses a broadcast medium for communication. In this paper, we present a simple easy-to-use scheme that allows users to sign on to a single device and enable the rest of the devices connected in the personal area network automatically without requiring a central server or synchronized clocks. As well as being simple for the user, our solution is designed not only to prevent commonly used attacks like replay and man-in-the-middle but also to protect the user's data even if the devices are lost or stolen.