The Single sign-on (SSO) is an authentication mechanism that enables a legal user with a single credential to be authenticated by multiple service providers in a distributed computer network. The Chang and Lee proposed a new SSO scheme and claimed its security by providing well-organized security arguments. Their scheme is actually insecure as it fails to meet credential privacy and soundness of authentication. Specifically, it present two impersonation attacks. The first attack allows malicious service provider has successfully communicated with a user twice, to recover the credential of a user and then to impersonate the user to access resources and services offered by other service providers. The another attack is that an outsider without any credential may be able to enjoy network services freely by impersonating any legal user .The formal study of the soundness of authentication as one open problem.
 Lamport L. (1981) ‗Password authentication with insecure communication‘ Commun. ACM, vol. 24, no. 11, pp. 770–772.  Lee W.B. and Chang C.C (2000) ‗User identification and key distribution maintaining anonymity for distributed computer networks‘ Comput. Syst. Sci. Eng., vol. 15, no. 4, pp. 113–116.  Weaver A.C. and Condtry M.W. (2003) ‗Distributing internet services to the network‘s edge‘ IEEE Trans. Ind. Electron., vol. 50, no. 3, pp. 404–411.  Wu T.S. and Hsu C.L. (2004) ‗Efficient user identification scheme with key distribution preserving anonymity for distributed computer networks‘ Comput. Security, vol. 23, no. 2, pp. 120–125. Juang W. Chen S. and Liaw H.(2008) ‗Robust and efficient password authenticated key agreement using smart cards‘ IEEE Trans. Ind. Electron., vol. 15, no. 6, pp. 2551–2556.  Barolli L. and Xhafa F. (2010) ‗JXTA-OVERLAY: A P2P platform for distributed, collaborative and ubiquitous computing‘ IEEE Trans. Ind. Electron., vol. 58, no. 6, pp. 2163–2172.  Cheminod M., Pironti A., and Sisto R. (2011) ‗Formal vulnerability analysis of a security system for remote fieldbus access‘ IEEE Trans. Ind. Inf., vol. 7, no. 1, pp.  Valenzano A., Durante L., and Cheminod M. (2012) ‗Review of security issues in industrial networks‘ IEEE Trans. Ind. Inf., vol. PP, no. 99.  M. Bellare and P. Rogaway, ―Entity authentication and key distribution,‖ in Proc. of CRYPTO’, 1993, pp. 232–249 .  X. Li,W. Qiu, D. Zheng, K. Chen, and J. Li, ―Anonymity enhancement on robust and efficient password-authenticated key agreement using smart cards,‖ IEEE Trans. Ind. Electron., vol. 57, no. 2, pp. 793–800,Feb. 2010.  G. Ateniese, J. Camenisch, M. Joye, and G. Tsudik, ―A practical and provably secure coalition-resistant group signature scheme,‖ in Proc.CRYPTO, 2000, pp. 255–270.  G. Wang, J. Yu, and Q. Xie, Security analysis of a single sign-on mechanism for distributed computer networks Cryptology ePrint Archive, Rep. 102, Feb. 2012 [Online]. Available: http://eprint.iacr.org/2012/107.  B.Wang and M. Ma, ―A server independent authentication for RFID systems,‖ IEEE Trans. Ind. Inf., vol. 8, no. 3, pp. 689–696.
Single sign-on, authentication, distributed computer networks ,security analysis.