A little-used internet authentication system from the 1980s could enable web users to securely log in only once per internet session, says a new study.
PhD researcher S. Suriadi from Queensland University of Technology (QUT) Information Security Institute said a secure single sign-on system was more than simply using the same password for multiple accounts.
Suriadi said any future single sign-on system, which could potentially give web users access to a multitude of accounts, including e-mail, bank and shopping, would require extreme privacy to avoid information spies and account hackers.
“Single sign-on systems are already being used by organisations,” he said. “For example, a bank could link their internet banking site to an online trading site, thus relieving users from having to perform an extra log in step.
“However, if one of the parties is compromised, for example by a virus, a 'denial of service' attack or insecure set-up, it puts all the user's linked accounts at risk.”
Suriadi said his research investigated a little-used “anonymous credential system”, which dates back to the 1980s, but recently received renewed interest from the research community.
“Using this credential system, we could enhance the security and privacy of a single sign-on system,” he said.
“The system works by revealing as little information about who you are as necessary for logging into an account, therefore allowing you to remain anonymous.
“This way, a company wouldn't be able to track your shopping habits and target spam or marketing at you. This method could also confirm you are over 18 and not reveal your
Suriadi said a single sign-on system backed by the anonymous credential system required the cooperation of businesses and organisations to enable it.
“One use of this could be for the research community, with online libraries and databases applying the anonymous credential system so that the privacy of researchers can be preserved,” he said, according to a QUT release.