ABSTRACT
UnlimitID is a method for enhancing the privacy of commodity OAuth and applications such as OpenID Connect, using anonymous attribute-based credentials based on algebraic Message Authentication Codes (aMACs). OAuth is one of the most widely used protocols on the Web, but it exposes each of the requests of a user for data by each relying party (RP) to the identity provider (IdP). Our approach allows for the creation of multiple persistent and unlinkable pseudo-identities and requires no change in the deployed code of relying parties, only in identity providers and the client.
- M. Chase, S. Meiklejohn, and G. Zaverucha. Algebraic MACs and keyed-verification anonymous credentials. In Proceedings of the ACM SIGSAC Conference on Computer and Communications Security, pages 1205--1216, 2014. Google ScholarDigital Library
- A. Dey and S. Weis. Pseudoid: Enhancing privacy in federated login. HotPETS Workshop, 2010.Google Scholar
- D. Fett, R. Küsters, and G. Schmitz. SPRESSO: A secure, privacy-respecting single sign-on system for the Web. In Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, pages 1358--1369. ACM, 2015. Google ScholarDigital Library
- D. Fett, R. Küsters, and G. Schmitz. A comprehensive formal security analysis of OAuth 2.0. 2016. arXiv preprint arXiv:1601.01229. Google ScholarDigital Library
- H. Halpin and B. Cook. Federated identity as capabilities. In Annual Privacy Forum, pages 125--139, 2012. Google ScholarDigital Library
- D. Hardt. The OAuth 2.0 authorization framework, 2012. https://tools.ietf.org/html/rfc6749.Google Scholar
- E. Kasper. Fast elliptic curve cryptography in openssl. In Financial Cryptography and Data Security - FC 2011 Workshops, pages 27--39, 2011. Google ScholarDigital Library
- J. Maheswaran, D. Jackowitz, E. Zhai, D. I. Wolinsky, and B. Ford. Building privacy-preserving cryptographic credentials from federated online identities. In Proceedings of the ACM Conference on Data and Application Security and Privacy, pages 3--13. ACM, 2016. Google ScholarDigital Library
- N. Sakimura, J. Bradley, M. Jones, B. de Medeiros, and C. Mortimore. OpenID Connect Core 1.0, 2014. http://openid.net/specs/openid-connect-core-1_0.html.Google Scholar
Index Terms
- UnlimitID: Privacy-Preserving Federated Identity Management using Algebraic MACs
Recommendations
Privacy-Preserving OpenID Connect
ASIA CCS '20: Proceedings of the 15th ACM Asia Conference on Computer and Communications SecurityOpenID Connect is the most widely used Internet protocol for delegated authentication today. It provides single sign-on functionality for users who use their account with an identity provider to authenticate to different services, called relying ...
OAuthGuard: Protecting User Security and Privacy with OAuth 2.0 and OpenID Connect
SSR'19: Proceedings of the 5th ACM Workshop on Security Standardisation Research WorkshopMillions of users routinely use Google to log in to websites supporting the standardised protocols OAuth 2.0 or OpenID Connect; the security of OAuth 2.0 and OpenID Connect is therefore of critical importance. As revealed in previous studies, in ...
Notarized federated ID management and authentication
20th Annual IFIP WG 11.3 Working Conference on Data and Applications Security (DBSec'06)We propose a notarized federated identity management model that supports efficient user authentication when providers are unknown to each other. Our model introduces a notary service, owned by a trusted third-party, to dynamically notarize assertions ...
Comments