Anonymous authentication for mobile Single Sign-On to protect user privacy

Elmufti, Kalid; Weerasinghe, Dasun; Rajarajan, Muttukrishnan; Rakocevic, Veselin

doi:10.1504/ijmc.2008.019824

Cited by 10 publications

(6 citation statements)

References 6 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…RP) protected by the IdP, without revealing their identities. Anonymous SSO was proposed for the global system for mobile (GSM) communications [40], and the notion of anonymous SSO was formalized [41]. Privacy-preserving primitives, such as group signature, zero-knowledge proof, Chebyshev Chaotic Maps and proxy re-verification, etc., were adopted to design anonymous SSO systems [41][42][43][44].…”

Section: Extended Related Workmentioning

confidence: 99%

UPPRESSO: Untraceable and Unlinkable Privacy-PREserving Single Sign-On Services

Guo¹,

Lin²,

Cai³

et al. 2021

Preprint

View full text Add to dashboard Cite

Single sign-on (SSO) allows a user to maintain only the credential at the identity provider (IdP), instead of one credential for each relying party (RP), to login to numerous RPs. However, SSO introduces extra privacy leakage threats, compared with traditional authentication mechanisms, as (a) the IdP could track all the RPs which a user is visiting, and (b) collusive RPs could learn a user's online profile by linking his identities across these RPs. Several privacy-preserving SSO solutions have been proposed to defend against either the curious IdP or collusive RPs, but none of them addresses both of these privacy leakage threats at the same time.In this paper, we propose a privacy-preserving SSO system, called UPPRESSO, to protect a user's login traces against both the curious IdP and collusive RPs simultaneously. We analyze the identity dilemma between the SSO security requirements and these privacy concerns, and convert the SSO privacy problems into an identity-transformation challenge. In each login instance of UPPRESSO, an ephemeral pseudo-identity (denoted as PID RP ) of the RP which the user is attempting to visit, is firstly negotiated between the RP and the user. Then, PID RP is sent to the IdP and designated in the identity token, so that the IdP is not aware of the visited RP. Meanwhile, PID RP is used by the IdP to transform the permanent user identity ID U into an ephemeral user pseudo-identity (denoted as PID U ) in the identity token. On receiving the identity token, the RP transforms PID U into a permanent account (denoted as Acct) of the user, by a trapdoor in the negotiation. Given a user, the account at each RP is unique and different from ID U , so collusive RPs cannot link his identities across multiple RPs. To the best of our knowledge, this is the first practical SSO solution which solves the privacy problems caused by both the curious IdP and collusive RPs.We build the UPPRESSO prototype system for web applications, with standard functions of OpenID Connect (OIDC): the function of RP Dynamic Registration is used to support ephemeral PID RP , while the function of Core Sign-On is slightly modified to calculate PID U and Acct. The prototype system is implemented on top of open-source MITREid Con-nect, and the extensive evaluation shows that UPPRESSO introduces reasonable overheads and fulfills the requirements of both security and privacy.

show abstract

Section: Extended Related Workmentioning

confidence: 99%

UPPRESSO: Untraceable and Unlinkable Privacy-PREserving Single Sign-On Services

Guo¹,

Lin²,

Cai³

et al. 2021

Preprint

View full text Add to dashboard Cite

show abstract

“…1) Anonymous Single-Sign-On schemes: Elmufti et al [4] proposed an ASSO scheme which is suitable to the Global System for Mobile communication (GSM). In [4], to access a service, a user needs to generate a new one-time identity and uses it to authenticate to a trusted third party (TTP). If the authentication is successful, the TTP forwards the user's onetime identity to the service provider who provides the service.…”

Section: A Related Workmentioning

confidence: 99%

Anonymous Single Sign-On With Proxy Re-Verification

Han

Chen

Schneider

et al. 2020

IEEE Trans.Inform.Forensic Secur.

View full text Add to dashboard Cite

An anonymous Single Sign-on (ASSO) scheme allows users to access multiple services anonymously using one credential. We propose a new ASSO scheme, where users can access services anonymously through the use of anonymous credentials and unlinkably through the provision of designated verifiers. Notably, verifiers cannot link a user's service requests even if they collude. The novelty is that when a designated verifier is unavailable, a central authority can authorise new verifiers to authenticate the user on behalf of the original verifier. Furthermore, a central verifier can also be authorised to deanonymise users and trace their service requests. We formalise the scheme along with a security proof and provide an empirical evaluation of its performance. This scheme can be applied to smart ticketing where minimising the collection of personal information of users is increasingly important to transport organisations due to privacy regulations such as General Data Protection Regulations (GDPR).

show abstract

“…Anonymous single-sign-on schemes [18,24,36,27] exist which can protect a user's identity, but may not do so for all entities within a scheme. Moreover, a user's service request can be verified by all verifiers of a system rather than the one it is intended for which may pose a potential privacy risk to both the user and that verifier.…”

Section: Introductionmentioning

confidence: 99%

Anonymous Single-Sign-On for n Designated Services with Traceability

et al. 2018

View full text Add to dashboard Cite

Anonymous Single-Sign-On authentication schemes have been proposed to allow users to access a service protected by a verifier without revealing their identity which has become more important due to the introduction of strong privacy regulations. In this paper we describe a new approach whereby anonymous authentication to different verifiers is achieved via authorisation tags and pseudonyms. The particular innovation of our scheme is authentication can only occur between a user and its designated verifier for a service, and the verification cannot be performed by any other verifier. The benefit of this authentication approach is that it prevents information leakage of a user's service access information, even if the verifiers for these services collude which each other. Our scheme also supports a trusted third party who is authorised to de-anonymise the user and reveal her whole services access information if required. Furthermore, our scheme is lightweight because it does not rely on attribute or policy-based signature schemes to enable access to multiple services. The scheme's security model is given together with a security proof, an implementation and a performance evaluation.

show abstract

Anonymous authentication for mobile Single Sign-On to protect user privacy

Cited by 10 publications

References 6 publications

UPPRESSO: Untraceable and Unlinkable Privacy-PREserving Single Sign-On Services

UPPRESSO: Untraceable and Unlinkable Privacy-PREserving Single Sign-On Services

Anonymous Single Sign-On With Proxy Re-Verification

Anonymous Single-Sign-On for n Designated Services with Traceability

Contact Info

Product

Resources

About