EL PASSO: Efficient and Lightweight Privacy-preserving Single Sign On

Zhang, Zhiyi; Król, Michał; Sonnino, Alberto; Zhang, Lixia; Rivière, Étienne

doi:10.2478/popets-2021-0018

Cited by 11 publications

(7 citation statements)

References 46 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Certified RP-Verified Credential. A user of EL PASSO [13] keeps a secret on his device. After authenticating the user, the trusted IdP issues a certified credential binding the secret, also kept on the user's device.…”

Section: Extended Related Workmentioning

confidence: 99%

“…Then, the user proves to the RP that he owns this secret to login. These RP-verified credentials protect user privacy well and two kinds of privacy threats are prevented [13,15,16], but the user has to by himself locally manage pseudonyms for different RPs. For example, the domain of an RP is used as a factor to generate the user's account (or pseudonym) at this RP.…”

Section: Extended Related Workmentioning

confidence: 99%

“…Although EL PASSO calls itself an SSO scheme [13] and the service signing tokens or credentials in EL PASSO, Un-limitID and PseudoID is also called the IdP [13,15,16], there are some authentication steps between the user and RPs. Therefore, in EL PASSO, UnlimitID or PseudoID, a user needs to notify each RP if a credential was lost or compromised, because the user is authenticated by the RP with his credentials to prove that he owns the long-term secret.…”

Section: Extended Related Workmentioning

confidence: 99%

See 2 more Smart Citations

UPPRESSO: Untraceable and Unlinkable Privacy-PREserving Single Sign-On Services

Guo¹,

Lin²,

Cai³

et al. 2021

Preprint

View full text Add to dashboard Cite

Single sign-on (SSO) allows a user to maintain only the credential at the identity provider (IdP), instead of one credential for each relying party (RP), to login to numerous RPs. However, SSO introduces extra privacy leakage threats, compared with traditional authentication mechanisms, as (a) the IdP could track all the RPs which a user is visiting, and (b) collusive RPs could learn a user's online profile by linking his identities across these RPs. Several privacy-preserving SSO solutions have been proposed to defend against either the curious IdP or collusive RPs, but none of them addresses both of these privacy leakage threats at the same time.In this paper, we propose a privacy-preserving SSO system, called UPPRESSO, to protect a user's login traces against both the curious IdP and collusive RPs simultaneously. We analyze the identity dilemma between the SSO security requirements and these privacy concerns, and convert the SSO privacy problems into an identity-transformation challenge. In each login instance of UPPRESSO, an ephemeral pseudo-identity (denoted as PID RP ) of the RP which the user is attempting to visit, is firstly negotiated between the RP and the user. Then, PID RP is sent to the IdP and designated in the identity token, so that the IdP is not aware of the visited RP. Meanwhile, PID RP is used by the IdP to transform the permanent user identity ID U into an ephemeral user pseudo-identity (denoted as PID U ) in the identity token. On receiving the identity token, the RP transforms PID U into a permanent account (denoted as Acct) of the user, by a trapdoor in the negotiation. Given a user, the account at each RP is unique and different from ID U , so collusive RPs cannot link his identities across multiple RPs. To the best of our knowledge, this is the first practical SSO solution which solves the privacy problems caused by both the curious IdP and collusive RPs.We build the UPPRESSO prototype system for web applications, with standard functions of OpenID Connect (OIDC): the function of RP Dynamic Registration is used to support ephemeral PID RP , while the function of Core Sign-On is slightly modified to calculate PID U and Acct. The prototype system is implemented on top of open-source MITREid Con-nect, and the extensive evaluation shows that UPPRESSO introduces reasonable overheads and fulfills the requirements of both security and privacy.

show abstract

Section: Extended Related Workmentioning

confidence: 99%

Section: Extended Related Workmentioning

confidence: 99%

Section: Extended Related Workmentioning

confidence: 99%

See 1 more Smart Citation

UPPRESSO: Untraceable and Unlinkable Privacy-PREserving Single Sign-On Services

Guo¹,

Lin²,

Cai³

et al. 2021

Preprint

View full text Add to dashboard Cite

show abstract

“…However, neither prevents colluding relying parties from linking a user's accounts across relying parties. EL PASSO [90], UnlimitID [53], UPRESSO [50], PseudoID [29] and Hammann et al [51] show how to build single sign-on services that protect clients from curious identity providers while ensuring that relying parties cannot link users' accounts.…”

Section: Related Workmentioning

confidence: 99%

True2F: Backdoor-Resistant Authentication Tokens

Dauterman

Corrigan-Gibbs

Mazières

et al. 2019

2019 IEEE Symposium on Security and Privacy (SP)

View full text Add to dashboard Cite

We present True2F, a system for second-factor authentication that provides the benefits of conventional authentication tokens in the face of phishing and software compromise, while also providing strong protection against token faults and backdoors. To do so, we develop new lightweight two-party protocols for generating cryptographic keys and ECDSA signatures, and we implement new privacy defenses to prevent cross-origin tokenfingerprinting attacks. To facilitate real-world deployment, our system is backwards-compatible with today's U2F-enabled web services and runs on commodity hardware tokens after a firmware modification. A True2F-protected authentication takes just 57ms to complete on the token, compared with 23ms for unprotected U2F.

show abstract

“…SSI frameworks allow for versatile, user-centric, privacypreserving IMSs. Many SSI implementations have appeared in recent years, from EL PASSO [3] to the more decentralized Sovrin implementation [4,5]. Most of them protect privacy by relying on a cryptographic primitive known as Anonymous Credential (AC).…”

mentioning

confidence: 99%

Hidden Issuer Anonymous Credential

Bosk

Frey

Gestin

et al. 2022

PoPETs

View full text Add to dashboard Cite

Identity Management Systems (IMS) allow users to prove characteristics about themselves to multiple service providers. IMS evolved from impractical, site-by-site authentication, to versatile, privacyenhancing Self Sovereign Identity (SSI) Frameworks. SSI frameworks often use Anonymous Credential schemes to provide user privacy, and more precisely unlinkability between uses of these credentials. However, these schemes imply the disclosure of the identity of the Issuer of a given credential to any service provider. This can lead to information leaks. We deal with this problem by introducing a new Anonymous Credential scheme that allows a user to hide the Issuer of a credential, while being able to convince the service providers that they can trust the credential, in the absence of a trusted setup. We prove this new scheme secure under the Computational Diffie Hellman assumption, and Decisional Diffie Hellman assumption, in the Random Oracle Model. We show that this scheme is efficient enough to be used with laptops, and to be integrated into SSI frameworks or any other IMS.

show abstract

EL PASSO: Efficient and Lightweight Privacy-preserving Single Sign On

Cited by 11 publications

References 46 publications

UPPRESSO: Untraceable and Unlinkable Privacy-PREserving Single Sign-On Services

UPPRESSO: Untraceable and Unlinkable Privacy-PREserving Single Sign-On Services

True2F: Backdoor-Resistant Authentication Tokens

Hidden Issuer Anonymous Credential

Contact Info

Product

Resources

About