research-article

Privacy-Preserving OpenID Connect

Authors:

David BasinAuthors Info & Claims

ASIA CCS '20: Proceedings of the 15th ACM Asia Conference on Computer and Communications Security

Pages 277 - 289

https://doi.org/10.1145/3320269.3384724

Published: 05 October 2020 Publication History

Abstract

OpenID Connect is the most widely used Internet protocol for delegated authentication today. It provides single sign-on functionality for users who use their account with an identity provider to authenticate to different services, called relying parties. Unfortunately OpenID Connect is not privacy-friendly: the identity provider learns with each use which relying party the user logs in to. This necessitates a high degree of trust in the identity provider, and is especially problematic when the relying parties' identity reveals sensitive information. We present two extensions to OpenID Connect that address this privacy concern. We first present a simple extension that prevents the identity provider from learning to which relying parties its users log in, and we further extend this solution to also prevent colluding relying parties from tracking users. We give formal security proofs for both standard OpenID Connect and our extensions using the Tamarin security protocol verification tool.

Supplementary Material

MP4 File (3320269.3384724.mp4)

Presentation video

Download
29.91 MB

References

[1]

GDPR, Art. 5, 1.c. https://gdpr-info.eu/art-5-gdpr/. Accessed: 2020-03-02.

[2]

Mozilla Persona Website. https://developer.mozilla.org/en-US/docs/Archive/Mozilla/Persona. Accessed: 2020-03-02.

[3]

U-Prove. https://www.microsoft.com/en-us/research/project/u-prove/. Accessed: 2020-03-02.

[4]

verimi.de. https://verimi.de/. Accessed: 2020-03-02.

[5]

Chetan Bansal, Karthikeyan Bhargavan, Antoine Delignat-Lavaud, and Sergio Maffeis. Discovering concrete attacks on website authorization by formal analysis. Journal of Computer Security, 22(4):601--657, 2014.

[6]

Tim Berners-Lee, Roy T. Fielding, and Larry Masinter. Uniform resource identifier (uri): Generic syntax, section 3.5. STD 66, RFC Editor, January 2005. http://www.rfc-editor.org/rfc/rfc3986.txt.

[7]

Bruno Blanchet. An efficient cryptographic protocol verifier based on prolog rules. In Proceedings of the 14th IEEE workshop on Computer Security Foundations, page 82, 2001.

[8]

Jan Camenisch, Thomas Gross, and Dieter Sommer. Enhancing privacy of federated identity management protocols: anonymous credentials in ws-security. In Proceedings of the 5th ACM workshop on Privacy in Electronic Society, pages 67--72. ACM, 2006.

Digital Library

[9]

Jan Camenisch and Anna Lysyanskaya. An efficient system for non-transferable anonymous credentials with optional anonymity revocation. Advances in Cryptology - EUROCRYPT 2001, pages 93--118, 2001.

[10]

Jan Camenisch and Birgit Pfitzmann. Federated Identity Management. In Security, Privacy, and Trust in Modern Data Management, pages 213--238. Springer, 2007.

[11]

Jan Camenisch and Els Van Herreweghen. Design and implementation of the idemix anonymous credential system. In Proceedings of the 9th ACM conference on Computer and communications security, pages 21--30. ACM, 2002.

Digital Library

[12]

David L Chaum. Untraceable electronic mail, return addresses, and digital pseudonyms. Communications of the ACM, 24(2):84--90, 1981.

Digital Library

[13]

Cas Cremers, Marko Horvat, Jonathan Hoyland, Sam Scott, and Thyla van der Merwe. A comprehensive symbolic analysis of TLS 1.3. In Bhavani M. Thuraisingham, David Evans, Tal Malkin, and Dongyan Xu, editors, Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, CCS 2017, pages 1773--1788. ACM, 2017.

Digital Library

[14]

Arkajit Dey and Stephen Weis. Pseudoid: Enhancing privacy in federated login. In Hot Topics in Privacy Enhancing Technologies, pages 95--107, 2010.

[15]

Roger Dingledine, Nick Mathewson, and Paul Syverson. Tor: The second-generation onion router. Technical report, Naval Research Lab Washington DC, 2004.

[16]

Daniel Fett, Pedram Hosseyni, and Ralf Küsters. An extensive formal security analysis of the openid financial-grade api. In 2019 IEEE Symposium on Security and Privacy (SP), pages 453--471. IEEE, 2019.

[17]

Daniel Fett, Ralf Küsters, and Guido Schmitz. An expressive model for the web infrastructure: Definition and application to the browser id sso system. In 2014 IEEE Symposium on Security and Privacy (SP), pages 673--688, 2014.

Digital Library

[18]

Daniel Fett, Ralf Kü sters, and Guido Schmitz. SPRESSO: A secure, privacy-respecting single sign-on system for the web. In ACM Conference on Computer and Communications Security (CCS), pages 1358--1369, 2015.

[19]

Daniel Fett, Ralf Küsters, and Guido Schmitz. A comprehensive formal security analysis of oauth 2.0. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, pages 1204--1215. ACM, 2016.

Digital Library

[20]

Daniel Fett, Ralf Küsters, and Guido Schmitz. The web SSO standard OpenID Connect: In-depth formal security analysis and security guidelines. 2017 IEEE 30th Computer Security Foundations Symposium (CSF), pages 189--202, 2017.

[21]

Dinei Florencio and Cormac Herley. A large-scale study of web password habits. In Proceedings of the 16th international conference on World Wide Web, pages 657--666. ACM, 2007.

Digital Library

[22]

Irene Giacomelli, Jesper Madsen, and Claudio Orlandi. ZkBoo: Faster zero-knowledge for boolean circuits. In 25th USENIX Security Symposium (USENIX Security 16), pages 1069--1083, 2016.

[23]

Sven Hammann, Ralf Sasse, and David Basin. Tamarin models for OpenID Connect and POIDC. https://github.com/tamarin-prover/tamarin-prover/tree/develop/examples/asiaccs20-POIDC, 2020.

[24]

D. Hardt. The oauth 2.0 authorization framework. RFC 6749, RFC Editor, October 2012. http://www.rfc-editor.org/rfc/rfc6749.txt.

[25]

Marios Isaakidis, Harry Halpin, and George Danezis. Unlimitid: Privacy-preserving federated identity management using algebraic macs. In Proceedings of the 2016 ACM Workshop on Privacy in the Electronic Society, pages 139--142. ACM, 2016.

Digital Library

[26]

Dennis Jackson, Cas Cremers, Katriel Cohn-Gordon, and Ralf Sasse. Seems legit: Automated analysis of subtle attacks on protocols that use signatures. In Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, CCS '19, pages 2165--2180, New York, NY, USA, 2019. ACM.

[27]

M. Jones, J. Bradley, and N. Sakimura. Json web token (jwt). RFC 7519, RFC Editor, May 2015. http://www.rfc-editor.org/rfc/rfc7519.txt.

[28]

John Maheswaran, Daniel Jackowitz, Ennan Zhai, David Isaac Wolinsky, and Bryan Ford. Building privacy-preserving cryptographic credentials from federated online identities. In Proceedings of the Sixth ACM Conference on Data and Application Security and Privacy, pages 3--13. ACM, 2016.

Digital Library

[29]

Simon Meier, Benedikt Schmidt, Cas J. F. Cremers, and David Basin. The TAMARIN Prover for the Symbolic Analysis of Security Protocols. In International Conference on Computer Aided Verification (CAV), volume 8044 of LNCS, pages 696--701. Springer, 2013.

[30]

Nat Sakimura, John Bradley, Mike Jones, Breno de Medeiros, and Chuck Mortimore. OpenID Connect Core 1.0 incorporating errata set 1. 2014.

[31]

Benedikt Schmidt, Simon Meier, Cas J. F. Cremers, and David Basin. Automated analysis of Diffie-Hellman protocols and advanced security properties. In Computer Security Foundations Symposium (CSF), pages 78--94. IEEE, 2012.

Digital Library

Cited By

Morkonda SChiasson Svan Oorschot P(2025)“Sign in with ... Privacy”: Timely Disclosure of Privacy Differences among Web SSO Login OptionsACM Transactions on Privacy and Security10.1145/371189828:2(1-28)Online publication date: 9-Jan-2025
https://dl.acm.org/doi/10.1145/3711898
Linker FBasin DBalzarotti DXu W(2024)SOAPProceedings of the 33rd USENIX Conference on Security Symposium10.5555/3698900.3699081(3223-3240)Online publication date: 14-Aug-2024
https://dl.acm.org/doi/10.5555/3698900.3699081
Al Rahat TFeng YTian YLuo BLiao XXu JKirda ELie D(2024)AuthSaber: Automated Safety Verification of OpenID Connect ProgramsProceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security10.1145/3658644.3670318(2949-2962)Online publication date: 2-Dec-2024
https://dl.acm.org/doi/10.1145/3658644.3670318
Show More Cited By

Index Terms

Privacy-Preserving OpenID Connect
1. Networks
  1. Network properties
    1. Network security
      1. Security protocols
      2. Web protocol security
2. Security and privacy
  1. Network security
    1. Web protocol security
  2. Security services
    1. Privacy-preserving protocols

Recommendations

ARPSSO: An OIDC-Compatible Privacy-Preserving SSO Scheme Based on RP Anonymization
Computer Security – ESORICS 2024
Abstract
OpenID Connect (OIDC) is one of the most widely used single sign-on (SSO) protocols today. However, like all other popular SSO protocols, it does not take user privacy into account, which means that Identity Providers (IdPs) and colluding Relying ...
Assurance, Consent and Access Control for Privacy-Aware OIDC Deployments
Data and Applications Security and Privacy XXXVII
Abstract
The large amount of personal data that is shared in the digital age has proportionally increased the risks of user privacy violations. The same privacy risks are reflected in OpenID Connect, which is one of the most widespread protocols used for ...
UnlimitID: Privacy-Preserving Federated Identity Management using Algebraic MACs
WPES '16: Proceedings of the 2016 ACM on Workshop on Privacy in the Electronic Society

UnlimitID is a method for enhancing the privacy of commodity OAuth and applications such as OpenID Connect, using anonymous attribute-based credentials based on algebraic Message Authentication Codes (aMACs). OAuth is one of the most widely used ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

ASIA CCS '20: Proceedings of the 15th ACM Asia Conference on Computer and Communications Security

October 2020

957 pages

ISBN:9781450367509

DOI:10.1145/3320269

General Chairs:
Hung-Min Sun
National Tsing Hua University, Taiwan
,
Shiuhpyng Shieh
National Chiao Tung University, Taiwan
,
Program Chairs:
Guofei Gu
Texas A&M University, USA
,
Giuseppe Ateniese
Stevens Institute of Technology, USA

Copyright © 2020 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 05 October 2020

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

ASIA CCS '20

Sponsor:

SIGSAC

ASIA CCS '20: The 15th ACM Asia Conference on Computer and Communications Security

October 5 - 9, 2020

Taipei, Taiwan

Acceptance Rates

Overall Acceptance Rate 418 of 2,322 submissions, 18%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

14
Total Citations
View Citations
520
Total Downloads

Downloads (Last 12 months)98
Downloads (Last 6 weeks)13

Reflects downloads up to 03 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Morkonda SChiasson Svan Oorschot P(2025)“Sign in with ... Privacy”: Timely Disclosure of Privacy Differences among Web SSO Login OptionsACM Transactions on Privacy and Security10.1145/371189828:2(1-28)Online publication date: 9-Jan-2025
https://dl.acm.org/doi/10.1145/3711898
Linker FBasin DBalzarotti DXu W(2024)SOAPProceedings of the 33rd USENIX Conference on Security Symposium10.5555/3698900.3699081(3223-3240)Online publication date: 14-Aug-2024
https://dl.acm.org/doi/10.5555/3698900.3699081
Al Rahat TFeng YTian YLuo BLiao XXu JKirda ELie D(2024)AuthSaber: Automated Safety Verification of OpenID Connect ProgramsProceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security10.1145/3658644.3670318(2949-2962)Online publication date: 2-Dec-2024
https://dl.acm.org/doi/10.1145/3658644.3670318
He JLei LWang YWang PJing J(2024)ARPSSO: An OIDC-Compatible Privacy-Preserving SSO Scheme Based on RP AnonymizationComputer Security – ESORICS 202410.1007/978-3-031-70890-9_14(268-288)Online publication date: 6-Sep-2024
https://doi.org/10.1007/978-3-031-70890-9_14
Xu RYang SZhang FFang Z(2023)MISO: Legacy-compatible Privacy-preserving Single Sign-on using Trusted Execution Environments2023 IEEE 8th European Symposium on Security and Privacy (EuroS&P)10.1109/EuroSP57164.2023.00029(352-372)Online publication date: Jul-2023
https://doi.org/10.1109/EuroSP57164.2023.00029
Yousra BYassine SYassine MSaid SLo’ai TSalah K(2023)A Novel Secure and Privacy-Preserving Model for OpenID Connect Based on BlockchainIEEE Access10.1109/ACCESS.2023.329214311(67660-67678)Online publication date: 2023
https://doi.org/10.1109/ACCESS.2023.3292143
Fuhr DRöcher D(2023)0 Trust, 100 % Trust AnchorDatenschutz und Datensicherheit - DuD10.1007/s11623-023-1834-547:10(633-637)Online publication date: 20-Sep-2023
https://doi.org/10.1007/s11623-023-1834-5
Sadi MYu E(2023)WEBAPIK: a body of structured knowledge on designing web APIsRequirements Engineering10.1007/s00766-023-00401-228:3(441-479)Online publication date: 14-Mar-2023
https://doi.org/10.1007/s00766-023-00401-2
Kalantari SPhilippaerts PDimova YHughes DJoosen WDe Decker B(2023)A User-Centric Approach to API DelegationsComputer Security – ESORICS 202310.1007/978-3-031-51476-0_16(318-337)Online publication date: 25-Sep-2023
https://dl.acm.org/doi/10.1007/978-3-031-51476-0_16
Sassetti GSharif ASciarretta GCarbone RRanise S(2023)Assurance, Consent and Access Control for Privacy-Aware OIDC DeploymentsData and Applications Security and Privacy XXXVII10.1007/978-3-031-37586-6_13(203-222)Online publication date: 12-Jul-2023
https://doi.org/10.1007/978-3-031-37586-6_13
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten