Privacy-Preserving OpenID Connect
| Autor: | David Basin, Sven Hammann, Ralf Sasse |
|---|---|
| Rok vydání: | 2020 |
| Předmět: |
Authentication
Computer science Single sign-on 020206 networking & telecommunications 02 engineering and technology Cryptographic protocol Login Computer security computer.software_genre OpenID Connect Information sensitivity OpenID connect Protocol verification Identity provider Privacy 0202 electrical engineering electronic engineering information engineering Identity (object-oriented programming) 020201 artificial intelligence & image processing computer |
| Zdroj: | AsiaCCS Proceedings of the 15th ACM Asia Conference on Computer and Communications Security |
| DOI: | 10.1145/3320269.3384724 |
| Popis: | OpenID Connect is the most widely used Internet protocol for delegated authentication today. It provides single sign-on functionality for users who use their account with an identity provider to authenticate to different services, called relying parties. Unfortunately OpenID Connect is not privacy-friendly: the identity provider learns with each use which relying party the user logs in to. This necessitates a high degree of trust in the identity provider, and is especially problematic when the relying parties' identity reveals sensitive information. We present two extensions to OpenID Connect that address this privacy concern. We first present a simple extension that prevents the identity provider from learning to which relying parties its users log in, and we further extend this solution to also prevent colluding relying parties from tracking users. We give formal security proofs for both standard OpenID Connect and our extensions using the Tamarin security protocol verification tool. Proceedings of the 15th ACM Asia Conference on Computer and Communications Security ISBN:978-1-4503-6750-9 |
| Databáze: | OpenAIRE |
| Externí odkaz: |
|