Single sign-on using trusted platforms

by Andreas Pashalidis and Chris Mitchell

Abstract:

Network users today have to remember one username/password pair for
every service they are registered with. One solution to the security
and usability implications of this situation is Single Sign-On, a
mechanism by which the user authenticates only once to an entity
termed the `Authentication Service Provider’ (ASP) and subsequently
uses disparate Service Providers (SPs) without necessarily
re-authenticating. The information about the user’s authentication
status is handled between the ASP and the desired SP in a manner
transparent to the user. This paper demonstrates a method by which the
end-user’s computing platform itself plays the role of the ASP. The
platform has to be a Trusted Platform conforming to the Trusted
Computing Platform Alliance (TCPA) specifications. The relevant TCPA
architectural components and security services are described and
associated threats are analysed.