short-paper

Open access

UnlimitID: Privacy-Preserving Federated Identity Management using Algebraic MACs

Authors:

Marios Isaakidis,

Harry Halpin,

George DanezisAuthors Info & Claims

WPES '16: Proceedings of the 2016 ACM on Workshop on Privacy in the Electronic Society

Pages 139 - 142

https://doi.org/10.1145/2994620.2994637

Published: 24 October 2016 Publication History

PDF eReader

Abstract

UnlimitID is a method for enhancing the privacy of commodity OAuth and applications such as OpenID Connect, using anonymous attribute-based credentials based on algebraic Message Authentication Codes (aMACs). OAuth is one of the most widely used protocols on the Web, but it exposes each of the requests of a user for data by each relying party (RP) to the identity provider (IdP). Our approach allows for the creation of multiple persistent and unlinkable pseudo-identities and requires no change in the deployed code of relying parties, only in identity providers and the client.

References

[1]

M. Chase, S. Meiklejohn, and G. Zaverucha. Algebraic MACs and keyed-verification anonymous credentials. In Proceedings of the ACM SIGSAC Conference on Computer and Communications Security, pages 1205--1216, 2014.

Digital Library

Google Scholar

[2]

A. Dey and S. Weis. Pseudoid: Enhancing privacy in federated login. HotPETS Workshop, 2010.

Google Scholar

[3]

D. Fett, R. Küsters, and G. Schmitz. SPRESSO: A secure, privacy-respecting single sign-on system for the Web. In Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, pages 1358--1369. ACM, 2015.

Digital Library

Google Scholar

[4]

D. Fett, R. Küsters, and G. Schmitz. A comprehensive formal security analysis of OAuth 2.0. 2016. arXiv preprint arXiv:1601.01229.

Digital Library

Google Scholar

[5]

H. Halpin and B. Cook. Federated identity as capabilities. In Annual Privacy Forum, pages 125--139, 2012.

Digital Library

Google Scholar

[6]

D. Hardt. The OAuth 2.0 authorization framework, 2012. https://tools.ietf.org/html/rfc6749.

Google Scholar

[7]

E. Kasper. Fast elliptic curve cryptography in openssl. In Financial Cryptography and Data Security - FC 2011 Workshops, pages 27--39, 2011.

Digital Library

Google Scholar

[8]

J. Maheswaran, D. Jackowitz, E. Zhai, D. I. Wolinsky, and B. Ford. Building privacy-preserving cryptographic credentials from federated online identities. In Proceedings of the ACM Conference on Data and Application Security and Privacy, pages 3--13. ACM, 2016.

Digital Library

Google Scholar

[9]

N. Sakimura, J. Bradley, M. Jones, B. de Medeiros, and C. Mortimore. OpenID Connect Core 1.0, 2014. http://openid.net/specs/openid-connect-core-1_0.html.

Google Scholar

Cited By

View all

Gao GZhang YSong YLi S(2024)PrivSSO: Practical Single-Sign-On Authentication Against Subscription/Access Pattern LeakageIEEE Transactions on Information Forensics and Security10.1109/TIFS.2024.339253319(5075-5089)Online publication date: 2024
https://doi.org/10.1109/TIFS.2024.3392533
Fugkeaw SRattagool SJiangthiranan PPholwiset P(2024)FPRESSO: Fast and Privacy-Preserving SSO Authentication With Dynamic Load Balancing for Multi-Cloud-Based Web ApplicationsIEEE Access10.1109/ACCESS.2024.348599612(157888-157900)Online publication date: 2024
https://doi.org/10.1109/ACCESS.2024.3485996
He JLei LWang YWang PJing J(2024)ARPSSO: An OIDC-Compatible Privacy-Preserving SSO Scheme Based on RP AnonymizationComputer Security – ESORICS 202410.1007/978-3-031-70890-9_14(268-288)Online publication date: 6-Sep-2024
https://doi.org/10.1007/978-3-031-70890-9_14
Show More Cited By

Index Terms

UnlimitID: Privacy-Preserving Federated Identity Management using Algebraic MACs
1. Security and privacy
  1. Network security
    1. Web protocol security
  2. Security services

Recommendations

Privacy-Preserving OpenID Connect
ASIA CCS '20: Proceedings of the 15th ACM Asia Conference on Computer and Communications Security

OpenID Connect is the most widely used Internet protocol for delegated authentication today. It provides single sign-on functionality for users who use their account with an identity provider to authenticate to different services, called relying ...
Notarized federated ID management and authentication
20th Annual IFIP WG 11.3 Working Conference on Data and Applications Security (DBSec'06)

We propose a notarized federated identity management model that supports efficient user authentication when providers are unknown to each other. Our model introduces a notary service, owned by a trusted third-party, to dynamically notarize assertions ...
Achieving Privacy in a Federated Identity Management System
Financial Cryptography and Data Security

Federated identity management allows a user to efficiently authenticate and use identity information from data distributed across multiple domains. The sharing of data across domains blurs security boundaries and potentially creates privacy risks. We ...

Comments

Information & Contributors

Information

Published In

WPES '16: Proceedings of the 2016 ACM on Workshop on Privacy in the Electronic Society

October 2016

198 pages

ISBN:9781450345699

DOI:10.1145/2994620

General Chairs:
Edgar Weippl
SBA Research, Austria
,
Stefan Katzenbeisser
TU Darmstadt, CYSEC, Germany
,
Program Chair:
Sabrina De Capitani di Vimercati
Università degli Studi di Milano, Italy

This work is licensed under a Creative Commons Attribution International 4.0 License.

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 24 October 2016

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Short-paper

Funding Sources

Conference

CCS'16

Sponsor:

SIGSAC

CCS'16: 2016 ACM SIGSAC Conference on Computer and Communications Security

October 24, 2016

Vienna, Austria

Acceptance Rates

WPES '16 Paper Acceptance Rate 14 of 72 submissions, 19%;

Overall Acceptance Rate 106 of 355 submissions, 30%

Upcoming Conference

CCS '25

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 13 - 17, 2025

Taipei , Taiwan

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

17
Total Citations
View Citations
1,096
Total Downloads

Downloads (Last 12 months)152
Downloads (Last 6 weeks)19

Reflects downloads up to 25 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

View all

Gao GZhang YSong YLi S(2024)PrivSSO: Practical Single-Sign-On Authentication Against Subscription/Access Pattern LeakageIEEE Transactions on Information Forensics and Security10.1109/TIFS.2024.339253319(5075-5089)Online publication date: 2024
https://doi.org/10.1109/TIFS.2024.3392533
Fugkeaw SRattagool SJiangthiranan PPholwiset P(2024)FPRESSO: Fast and Privacy-Preserving SSO Authentication With Dynamic Load Balancing for Multi-Cloud-Based Web ApplicationsIEEE Access10.1109/ACCESS.2024.348599612(157888-157900)Online publication date: 2024
https://doi.org/10.1109/ACCESS.2024.3485996
He JLei LWang YWang PJing J(2024)ARPSSO: An OIDC-Compatible Privacy-Preserving SSO Scheme Based on RP AnonymizationComputer Security – ESORICS 202410.1007/978-3-031-70890-9_14(268-288)Online publication date: 6-Sep-2024
https://doi.org/10.1007/978-3-031-70890-9_14
Kim KRyu JLee HLee YWon D(2023)Distributed and Federated Authentication Schemes Based on Updatable Smart ContractsElectronics10.3390/electronics1205121712:5(1217)Online publication date: 3-Mar-2023
https://doi.org/10.3390/electronics12051217
Yin JXiao YPei QJu YLiu LXiao MWu C(2023)SmartDID: A Novel Privacy-Preserving Identity Based on Blockchain for IoTIEEE Internet of Things Journal10.1109/JIOT.2022.314508910:8(6718-6732)Online publication date: 15-Apr-2023
https://doi.org/10.1109/JIOT.2022.3145089
Xu RYang SZhang FFang Z(2023)MISO: Legacy-compatible Privacy-preserving Single Sign-on using Trusted Execution Environments2023 IEEE 8th European Symposium on Security and Privacy (EuroS&P)10.1109/EuroSP57164.2023.00029(352-372)Online publication date: Jul-2023
https://doi.org/10.1109/EuroSP57164.2023.00029
Halpin HBrekke JIsaakidis M(2023)Socio-Technical Principles of Decentralized Protocol Design2023 Fifth International Conference on Blockchain Computing and Applications (BCCA)10.1109/BCCA58897.2023.10338920(448-457)Online publication date: 24-Oct-2023
https://doi.org/10.1109/BCCA58897.2023.10338920
Villarán CBeltrán M(2022)User-Centric Privacy for Identity Federations Based on a Recommendation SystemElectronics10.3390/electronics1108123811:8(1238)Online publication date: 14-Apr-2022
https://doi.org/10.3390/electronics11081238
Guo CLang FWang QLin J(2022)UP-SSO: Enhancing the User Privacy of SSO by Integrating PPID and SGX2021 International Conference on Advanced Computing and Endogenous Security10.1109/IEEECONF52377.2022.10013340(01-05)Online publication date: 21-Apr-2022
https://doi.org/10.1109/IEEECONF52377.2022.10013340
Zhang ZKról MSonnino AZhang LRivière E(2021)EL PASSO: Efficient and Lightweight Privacy-preserving Single Sign OnProceedings on Privacy Enhancing Technologies10.2478/popets-2021-00182021:2(70-87)Online publication date: 29-Jan-2021
https://doi.org/10.2478/popets-2021-0018
Show More Cited By

View Options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Cited By

Index Terms

Recommendations

Privacy-Preserving OpenID Connect

Notarized federated ID management and authentication

Achieving Privacy in a Federated Identity Management System