Anonymous Single Sign-On With Proxy Re-Verification

Han, Jinguang; Chen, Liqun; Schneider, Steve; Treharne, Helen; Wesemeyer, Stephan; Wilson, Nick

doi:10.1109/tifs.2019.2919926

Cited by 12 publications

(6 citation statements)

References 39 publications

(64 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Anonymous SSO was proposed for the global system for mobile (GSM) communications [40], and the notion of anonymous SSO was formalized [41]. Privacy-preserving primitives, such as group signature, zero-knowledge proof, Chebyshev Chaotic Maps and proxy re-verification, etc., were adopted to design anonymous SSO systems [41][42][43][44]. Anonymous SSO schemes work for special applications, but are unapplicable to lots of systems that require user identification for customized services.…”

Section: Extended Related Workmentioning

confidence: 99%

UPPRESSO: Untraceable and Unlinkable Privacy-PREserving Single Sign-On Services

Guo¹,

Lin²,

Cai³

et al. 2021

Preprint

View full text Add to dashboard Cite

Single sign-on (SSO) allows a user to maintain only the credential at the identity provider (IdP), instead of one credential for each relying party (RP), to login to numerous RPs. However, SSO introduces extra privacy leakage threats, compared with traditional authentication mechanisms, as (a) the IdP could track all the RPs which a user is visiting, and (b) collusive RPs could learn a user's online profile by linking his identities across these RPs. Several privacy-preserving SSO solutions have been proposed to defend against either the curious IdP or collusive RPs, but none of them addresses both of these privacy leakage threats at the same time.In this paper, we propose a privacy-preserving SSO system, called UPPRESSO, to protect a user's login traces against both the curious IdP and collusive RPs simultaneously. We analyze the identity dilemma between the SSO security requirements and these privacy concerns, and convert the SSO privacy problems into an identity-transformation challenge. In each login instance of UPPRESSO, an ephemeral pseudo-identity (denoted as PID RP ) of the RP which the user is attempting to visit, is firstly negotiated between the RP and the user. Then, PID RP is sent to the IdP and designated in the identity token, so that the IdP is not aware of the visited RP. Meanwhile, PID RP is used by the IdP to transform the permanent user identity ID U into an ephemeral user pseudo-identity (denoted as PID U ) in the identity token. On receiving the identity token, the RP transforms PID U into a permanent account (denoted as Acct) of the user, by a trapdoor in the negotiation. Given a user, the account at each RP is unique and different from ID U , so collusive RPs cannot link his identities across multiple RPs. To the best of our knowledge, this is the first practical SSO solution which solves the privacy problems caused by both the curious IdP and collusive RPs.We build the UPPRESSO prototype system for web applications, with standard functions of OpenID Connect (OIDC): the function of RP Dynamic Registration is used to support ephemeral PID RP , while the function of Core Sign-On is slightly modified to calculate PID U and Acct. The prototype system is implemented on top of open-source MITREid Con-nect, and the extensive evaluation shows that UPPRESSO introduces reasonable overheads and fulfills the requirements of both security and privacy.

show abstract

Section: Extended Related Workmentioning

confidence: 99%

UPPRESSO: Untraceable and Unlinkable Privacy-PREserving Single Sign-On Services

Guo¹,

Lin²,

Cai³

et al. 2021

Preprint

View full text Add to dashboard Cite

show abstract

“…Pseudonym has been applied in some schemes [20,24] to protect users' privacy. To reduce the communication cost of traditional pseudonym systems in Internet of Vehicles, Kang et al [24] proposed a privacy-preserved pseudonym scheme.…”

Section: Related Workmentioning

confidence: 99%

“…In [20], Han et al proposed an anonymous single sign-on (ASSO) scheme. In this scheme, pseudonym was applied to protect users' identities.…”

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

A Privacy-Preserving Logistics Information System with Traceability

Chen¹,

Han²,

Li³

et al. 2021

Preprint

Self Cite

View full text Add to dashboard Cite

Logistics Information System (LIS) is an interactive system that provides information for logistics managers to monitor and track logistics business. In recent years, with the rise of online shopping, LIS is becoming increasingly important. However, since the lack of effective protection of personal information, privacy protection issue has become the most problem concerned by users. Some data breach events in LIS released users' personal information, including address, phone number, transaction details, etc. In this paper, to protect users' privacy in LIS, a privacy-preserving LIS with traceability (PPLIST) is proposed by combining multi-signature with pseudonym. In our PPLIST scheme, to protect privacy, each user can generate and use different pseudonyms in different logistics services. The processing of one logistics is recorded and unforgeable. Additionally, if the logistics information is abnormal, a trace party can de-anonymize users, and find their real identities. Therefore, our PPLIST efficiently balances the relationship between privacy and traceability.

show abstract

“…The report was developed as part of an EPSRC project 1 that focused on Data to Improve the Customer Experience (DICE). The project's main application domain was intelligent transport systems (ITS) but the scope included ensuring security and data privacy when using web services, for example in the case of smart ticketing [4] and emerging technologies [5] that could be applicable in the ITS domain. In this report and that associated GitHub we make reference to the authenticator that we developed as a DICEkey.…”

Section: Introductionmentioning

confidence: 99%

Technical Report on a Virtual CTAP2 WebAuthn Authenticator

Culnane¹,

Newton²,

Treharne³

2021

Preprint

Self Cite

View full text Add to dashboard Cite

Even though passwordless authentication to online accounts offers greater security and protection from attack, passwords remain prevalent. Passwordless authentication adoption is impacted by the slow adoption of external hardware keys required to generate the security keys within the authentication protocol. We have developed a virtual WebAuthn authenticator in order to provide an extensible open source platform for understanding the associated standards of WebAuthn and CTAP2. Our authenticator provides secure software authentication for devices that do not have access to a physical hardware interface. Our authenticator also provides an alternative to an external physical hardware key and supports the use of a trusted platform module (TPM) on a device to generate the security keys within a WebAuthn protocol.

show abstract

Anonymous Single Sign-On With Proxy Re-Verification

Cited by 12 publications

References 39 publications

UPPRESSO: Untraceable and Unlinkable Privacy-PREserving Single Sign-On Services

UPPRESSO: Untraceable and Unlinkable Privacy-PREserving Single Sign-On Services

A Privacy-Preserving Logistics Information System with Traceability

Technical Report on a Virtual CTAP2 WebAuthn Authenticator

Contact Info

Product

Resources

About