Yifu Shi,Chunxiang Xu,Zhao Zhang,Xinyu Liu

DOI: https://doi.org/10.1109/iscipt61983.2024.10672864

2024-01-01

Abstract:Most existing digital twin systems utilize Single Sign- On (SSO) authentication protocols. In SSO authentication, an identity authentication server (IS) issues tokens to legitimate users, allowing them to access one or multiple application servers (AS) as required. However, traditional SSO protocols suffer from two main issues: privacy leakage and single point of failure. It is worth noting that traceability is often a requirement in digital twin systems, which was not adequately addressed by recent works. To address these challenges, we propose TTSSO that achieves traceability while protecting user privacy and preventing single points of failure. By utilizing a threshold number of partial tokens which issued by multiple identity servers, users can construct a blind token that prevents the extraction of private information. We have specifically set up a server called the Tracking Server (TS) to fulfill the tracking functionality and hand public key management. TS retains users' public keys and can reconstruct user identities based on the blind tokens. The effectiveness of our work was verified through experiments.

Lin Yao,Xiangwei Kong,Guowei Wu,Qingna Fan,Chi Lin

DOI: https://doi.org/10.1007/s11767-008-0089-5

2010-01-01

Abstract:In pervasive computing environments, users can get services anytime and anywhere, but the ubiquity and mobility of the environments bring new security challenges. The user and the service provider do not know each other in advance, they should mutually authenticate each other. The service provider prefers to authenticate the user based on his identity while the user tends to stay anonymous. Privacy and security are two important but seemingly contradictory objectives. As a result, a user prefers not to expose any sensitive information to the service provider such as his physical location, ID and so on when being authenticated. In this paper, a highly flexible mutual authentication and key establishment protocol scheme based on biometric encryption and Diffie-Hellman key exchange to secure interactions between a user and a service provider is proposed. Not only can a user’s anonymous authentication be achieved, but also the public key cryptography operations can be reduced by adopting this scheme. Different access control policies for different services are enabled by using biometric encryption technique. The correctness of the proposed authentication and key establishment protocol is formally verified based on SVO logic.

Ge Gao,Yuan Zhang,Yaqing Song,Shiyu Li

DOI: https://doi.org/10.1109/tifs.2024.3392533

IF: 7.231

2024-01-01

IEEE Transactions on Information Forensics and Security

Abstract:Single-sign-on (SSO) authentication employs an identity provider (IdP) to provide users with an efficient way to authenticate themselves with different service providers and has been widely applied in digital systems. However, existing SSO authentication schemes suffer from critical issues in terms of security and privacy. Regarding security, most SSO authentication schemes achieve a high convenience at the expense of security and are thereby susceptible to various attacks. Regarding privacy, most existing schemes fail to protect users' subscription pattern and access pattern against adversaries who can easily extract users' sensitive information from their authentications and launch subsequent attacks for profits. In this paper, we develop a practical SSO authentication system, dubbed PrivSSO, with the protection of users' subscription pattern and access pattern. To balance the trade-off between security and convenience, the key technique is a secure "hybrid" key-based authentication mechanism: a long-term key stored in a well-guarded hardware token serves as the "primary" authentication factor (AF) to guarantee strong security; an ephemeral key bound with portable device(s) serves as the "daily-used" AF to achieve high convenience. To protect the subscription pattern and access pattern from leakage, we propose a redactable token generation mechanism, where the users themselves specify what IdP and the service providers can learn from their authentications. We formally define and prove the security of PrivSSO. We also implement a PrivSSO prototype and conduct a comprehensive performance evaluation to demonstrate its practicality.

Zhi-Yu Peng,Shan-Ping Li

DOI: https://doi.org/10.1109/icmlc.2008.4620616

2008-01-01

Abstract:As pervasive computing leading to an increased collection of information in the computational world as well as the real world, privacy leaking becomes a serious issue. Although privacy protection has drawn great attention in recent years, the privacy-preserving trust management has not been brought forward. Credential chain discovery problem is the key issue in trust management, and traditionally credentials are full open in the whole system. This could expose users' access control policies as well as other private information, and leads to a great risk of being cheated by malicious users. This paper advocates a privacy-preserving credential chain discovery mechanism, in which credentials are no longer available to everyone. By merely learning credentials of one's logic neighbors, this mechanism still achieves good results. The simulations show that this mechanism is practical.

Yuan Zhang,Chunxiang Xu,Hongwei Li,Kan Yang,Nan Cheng,Xuemin Shen

DOI: https://doi.org/10.1109/tmc.2020.2975792

IF: 6.075

2021-06-01

IEEE Transactions on Mobile Computing

Abstract:Password-based single-sign-on authentication has been widely applied in mobile environments. It enables an identity server to issue authentication tokens to mobile users holding correct passwords. With an authentication token, one can request mobile services from related service providers without multiple registrations. However, if an adversary compromises the identity server, he can retrieve users' passwords by performing dictionary guessing attacks (DGA) and can overissue authentication tokens to break the security. In this paper, we propose a password-based threshold single-sign-on authentication scheme dubbed PROTECT that thwarts adversaries who can compromise identity server(s), where multiple identity servers are introduced to authenticate mobile users and issue authentication tokens in a threshold way. PROTECT supports key renewal that periodically updates the secret on each identity server to resist perpetual leakage of the secret. Furthermore, PROTECT is secure against off-line DGA: a credential used to authenticate a user is computed from the password and a server-side key. PROTECT is also resistant to online DGA and password testing attacks in an efficient way. We conduct a comprehensive performance evaluation of PROTECT, which demonstrates the high efficiency on the user side in terms of computation and communication and proves that it can be easily deployed on mobile devices.

computer science, information systems,telecommunications

Daniel Slamanig,Sebastian Ramacher,Reyhaneh Rabaninejad,A. Michalas,B. Abdolmaleki

Abstract:. Self-sovereign identity (SSI) systems empower users to (anony-mously) establish and verify their identity when accessing both digital and real-world resources, emerging as a promising privacy-preserving so-lution for user-centric identity management. Recent work by Maram et al. proposes the privacy-preserving Sybil-resistant decentralized SSI sys-tem CanDID (IEEE S&P 2021). While this is an important step, notable shortcomings undermine its efficacy. The two most significant among them being the following: First, unlinkability breaks in the presence of a single malicious issuer. Second, it introduces interactiveness, as the users are required to communicate each time with issuers to collect cre-dentials intended for use in interactions with applications. This contra-dicts the goal of SSI, whose aim is to give users full control over their identities. This paper first introduces the concept of publicly verifiable attribute-based threshold anonymous counting tokens (tACT). Unlike recent approaches confined to centralized settings (Benhamouda et al., ASIACRYPT 2023), tACT operates in a distributed-trust environment. Accompanied by a formal security model and a provably secure instantiation, tACT introduces a novel dimension to token issuance, which, we believe, holds independent interest. Next, the paper leverages the proposed tACT scheme to construct an efficient Sybil-resistant SSI sys-tem. This system supports various functionalities, including threshold issuance, unlinkable multi-show selective disclosure, and non-interactive, non-transferable credentials that offer constant-size credentials. The proposed construction is backed by rigorous security definitions and proofs. Finally, our benchmark results show an efficiency improvement in our construction when compared to CanDID all while accommodating a greater number of issuers and additionally reducing to a one-round protocol that can be run in parallel with all issuers.

Computer Science

Chengqian Guo,Jingqiang Lin,Quanwei Cai,Wei Wang,Fengjun Li,Qiongxiao Wang,Jiwu Jing,Bin Zhao

DOI: https://doi.org/10.48550/arXiv.2110.10396

2021-10-20

Cryptography and Security

Abstract:Single sign-on (SSO) allows a user to maintain only the credential at the identity provider (IdP), to login to numerous RPs. However, SSO introduces extra privacy threats, compared with traditional authentication mechanisms, as (a) the IdP could track all RPs which a user is visiting, and (b) collusive RPs could learn a user's online profile by linking his identities across these RPs. This paper proposes a privacypreserving SSO system, called UPPRESSO, to protect a user's login activities against both the curious IdP and collusive RPs. We analyze the identity dilemma between the security requirements and these privacy concerns, and convert the SSO privacy problems into an identity transformation challenge. In each login instance, an ephemeral pseudo-identity (denoted as PID_RP ) of the RP, is firstly negotiated between the user and the RP. PID_RP is sent to the IdP and designated in the identity token, so the IdP is not aware of the visited RP. Meanwhile, PID_RP is used by the IdP to transform the permanent user identity ID_U into an ephemeral user pseudo-identity (denoted as PID_U ) in the identity token. On receiving the identity token, the RP transforms PID_U into a permanent account (denoted as Acct) of the user, by an ephemeral trapdoor in the negotiation. Given a user, the account at each RP is unique and different from ID_U, so collusive RPs cannot link his identities across these RPs. We build the UPPRESSO prototype on top of MITREid Connect, an open-source implementation of OIDC. The extensive evaluation shows that UPPRESSO fulfills the requirements of both security and privacy and introduces reasonable overheads.

Chenchen Cao,Chunxiang Xu,Changsong Jiang,Zhao Zhang,Xinfeng Dong,Kefei Chen

DOI: https://doi.org/10.1109/tdsc.2024.3404045

2024-01-01

IEEE Transactions on Dependable and Secure Computing

Abstract:In networks, clients access various servers. Servers need to authenticate clients' identities and provide services to clients who pass the authentication. Password-based threshold single-sign-on authentication (PbT-SSO) delegates multiple identity servers to authenticate a client with the client's password, and issue a token for subsequent access. However, existing PbT-SSO schemes are based on conventional hardness problems, which are vulnerable to adversaries equipped with quantum computers in the near future. Once quantum computers are accessible, adversaries can retrieve passwords by off-line dictionary guessing attacks (DGA) from the credentials of clients' passwords. Moreover, quantum adversaries can derive identity servers' secret from public information and further forge tokens with the secret. Motivated by these issues, we propose a password-based threshold single-sign-on authentication from learning with errors problem (LWE), dubbed LPbT-SSO, which is resistant to quantum attacks. LPbT-SSO evaluates a one-way function of passwords, and takes the function outputs as credentials. Since the function is grounded on LWE problem intractable for quantum computation, quantum adversaries cannot recover passwords by off-line DGA. Additionally, LPbT-SSO leverages a lattice-based threshold signature scheme to issue tokens, and guarantees that no adversary can forge a valid token. The comprehensive performance evaluation demonstrates that LPbT-SSO is efficient in terms of computation, storage, and communication costs.

Feng Xu,Wenhuan Zhou,Xuan Liu

DOI: https://doi.org/10.1080/10798587.2012.10643271

2012-01-01

Intelligent Automation & Soft Computing

Abstract:Aiming at the security and performance problems existed in most threshold proxy signature (TPS) schemes, this paper presents a new TPS scheme based on bilinear pairings. In this work, the security level of the proposed TPS scheme has been significantly enhanced by using improved short signatures and interactive secret-sharing. Our analysis indicates that the proposed scheme achieves the six accepted security properties that are required for a strong-secure TPS scheme. It can also resist a severe attack against TPS, i.e., original signer changing attack.

Jinguang Han,Liqun Chen,Steve Schneider,Helen Treharne,Stephan Wesemeyer

DOI: https://doi.org/10.48550/arXiv.1804.07201

2018-04-19

Abstract:Anonymous Single-Sign-On authentication schemes have been proposed to allow users to access a service protected by a verifier without revealing their identity which has become more important due to the introduction of strong privacy regulations. In this paper we describe a new approach whereby anonymous authentication to different verifiers is achieved via authorisation tags and pseudonyms. The particular innovation of our scheme is authentication can only occur between a user and its designated verifier for a service, and the verification cannot be performed by any other verifier. The benefit of this authentication approach is that it prevents information leakage of a user's service access information, even if the verifiers for these services collude which each other. Our scheme also supports a trusted third party who is authorised to de-anonymise the user and reveal her whole services access information if required. Furthermore, our scheme is lightweight because it does not rely on attribute or policy-based signature schemes to enable access to multiple services. The scheme's security model is given together with a security proof, an implementation and a performance evaluation.

Cryptography and Security

ZHU Chang-sheng,LIU Peng-hui,WANG Qing-rong,CAO Lai-cheng

DOI: https://doi.org/10.3724/sp.j.1087.2011.01862

2011-01-01

Journal of Computer Applications

Abstract:How to keep mutual anonymity between two entities is one of the critical issues for Trusted Computation(TC).According to the characteristics of TC,an efficient password-based authenticated key exchange scheme was proposed.Adopting threshold cryptography and fuzzy ID set,the scheme achieved mutual anonymity between user and server sharing ID set.On the premise of secure hashing,the analysis and the proving procedure based on the Random Oracle Model(ROM) show this scheme is secure against dictionary attack and resource-depletion DoS(Denial-of-Service) attack under the computational Diffie-Hellman intractability assumption.This scheme effectively preserves the user's privacy and server's privacy,and compared with other schemes such as VIET et al.'s scheme,it is more efficient.

Jing Tian,Yanqi Zhao,Xiaoyi Yang,Xuan Zhao,Ruonan Chen,Yong Yu

DOI: https://doi.org/10.1016/j.hcc.2024.100271

2024-01-01

High-Confidence Computing

Abstract:Identity-based threshold signature (IDTHS) allows a threshold number of signers to generate signatures to improve the deterministic wallet in the blockchain. However, the IDTHS scheme cannot determine the identity of malicious signers in case of misinformation. To solve this challenge, we propose an identity-based threshold (multi) signature with private accountability (for short AIDTHS) for privacy-preserving blockchain. From the public perspective, AIDTHS is completely private and no user knows who participated in generating the signature. At the same time, when there is a problem with the transaction, a trace entity can trace and be accountable to the signers. We formally define the syntax and security model of AIDTHS. To address the issue of identifying malicious signers, we improve upon traditional identity-based threshold signatures by incorporating zero-knowledge proofs as part of the signature and leveraging a tracer holding tracing keys to identify all signers. Additionally, to protect the privacy of signers, the signature is no longer achievable by anyone, which requires a combiner holding the keys to produce a valid signature. We give a concrete construction of AIDTHS and prove its security.Finally, we implement the AIDTHS scheme and compare it with existing schemes. The key distribution algorithm of AIDTHS takes 34.60 μs and the signature algorithm takes 13.04 ms. The verification algorithm takes 1 s, which is one-third of the time the TAPS scheme uses.

Zhiyi Zhang,Michał Król,Alberto Sonnino,Lixia Zhang,Etienne Rivière

DOI: https://doi.org/10.48550/arXiv.2002.10289

2020-02-24

Cryptography and Security

Abstract:We introduce EL PASSO, a privacy-preserving, asynchronous Single Sign-On (SSO) system. It enables personal authentication while protecting users' privacy against both identity providers and relying parties, and allows selective attribute disclosure. EL PASSO is based on anonymous credentials, yet it supports users' accountability. Selected authorities may recover the identity of allegedly misbehaving users, and users can prove properties about their identity without revealing it in the clear. EL PASSO does not require specific secure hardware or a third party (other than existing participants in SSO). The generation and use of authentication credentials are asynchronous, allowing users to sign on when identity providers are temporarily unavailable. We evaluate EL PASSO in a distributed environment and prove its low computational cost, yielding faster sign-on operations than OIDC from a regular laptop, one-second user-perceived latency from a low-power device, and scaling to more than 50 sign-on operations per second at a relying party using a single 4-core server in the cloud.

Jinguang Han,Liqun Chen,Steve Schneider,Helen Treharne,Stephan Wesemeyer,Nick Wils

DOI: https://doi.org/10.48550/arXiv.1811.07642

2019-04-11

Abstract:An anonymous Single Sign-On (ASSO) scheme allows users to access multiple services anonymously using one credential. We propose a new ASSO scheme, where users can access services anonymously through the use of anonymous credentials and unlinkably through the provision of designated verifiers. Notably, verifiers cannot link service requests of a user even if they collude. The novelty is that when a designated verifier is unavailable, a central authority can authorise new verifiers to authenticate the user on behalf of the original verifier. Furthermore, if required, a central verifier is authorised to deanonymise users and trace their service requests. We formalise the scheme along with a security proof and provide an empirical evaluation of its performance. This scheme can be applied to smart ticketing where minimising the collection of personal information of users is increasingly important to transport organisations due to privacy regulations such as General Data Protection Regulations (GDPR).

Cryptography and Security

Rongwu Xu,Sen Yang,Fan Zhang,Zhixuan Fang

DOI: https://doi.org/10.1109/eurosp57164.2023.00029

2023-01-01

Abstract:Single sign-on (SSO) allows users to authenticate to third-party applications through a central identity provider. Despite their wide adoption, deployed SSO systems suffer from privacy problems such as user tracking by the identity provider. While numerous solutions have been proposed by academic papers, none were adopted because they require modifying identity providers, a significant adoption barrier in practice. Solutions do get deployed, however, fail to eliminate major privacy issues. Leveraging Trusted Execution Environments (TEEs), we propose MISO, the first privacy-preserving SSO system that is completely compatible with existing identity providers (such as Google and Facebook). This means MISO can be easily integrated into existing SSO ecosystem today and benefit end users. MISO also enables new functionality that standard SSO cannot offer: MISO allows users to leverage multiple identity providers in a single SSO workflow, potentially in a threshold fashion, to better protect user accounts. We fully implemented MISO based on Intel SGX. Our evaluation shows that MISO can handle high user concurrency with practical performance.

Yumeng Xie,Qing Fan,Chuan Zhang,Tong Wu,Yuao Zhou,Debiao He,Liehuang Zhu

DOI: https://doi.org/10.1109/tifs.2024.3428848

IF: 7.231

2024-07-26

IEEE Transactions on Information Forensics and Security

Abstract:Threshold signatures as a method to realize multi-party cooperation and trust distribution in blockchain have been widely studied in recent years. However, among these researches, few threshold signature schemes achieve all the properties of accountability, privacy, and key protection for the EdDSA-based blockchain systems. To fill this gap, we propose an EdDSA-based accountable threshold signature protocol with privacy and proactive refresh, named TAPS-PR. Meanwhile, we define new security models and give a detailed analysis to prove protocol security. In TAPS-PR, the threshold is variable and hidden with the signing quorum from the public view. However, the signing quorum can be traced when threshold signatures related to fraudulent events are generated. We also enhance the key security of each signer by proactive refresh, which realizes updating the private key while the public key remains unchanged. Apart from that, we present ATS-PR with increased efficiency and reduced communication cost at the cost of weaker security. The theoretical analysis and experimental results indicate that our protocols perform efficiently in terms of communication and computation overhead. Furthermore, we use Tezos, a blockchain project employing EdDSA, as a case study to demonstrate the compatibility of our protocol with real-world blockchain applications.

computer science, theory & methods,engineering, electrical & electronic

Zoe Lin Jiang,Siu-Ming Yiu,Y. Dong,Lucas Chi Kwong Hui,Starsky H. Y. Wong

DOI: https://doi.org/10.1109/csse.2008.1353

2009-01-01

Journal of Software Engineering and Applications

Abstract:Threshold proxy signature (TPS) scheme facilitates a manager to delegate his signing capability to a group of n subordinates without revealing his own private key, such that a subgroup of at least t les n subordinates is required to generate a proxy signature. In reality, the situation can be more complicated. First of all, the subgroup may further delegate proxy signing capabilities to another subgroup of subordinates (in the form of a chain). This is a group-to-group delegation problem. In addition, a supervising agent (SA) may be introduced to supervise the subordinates, such that proxy signing can only be successfully executed with SApsilas agreement. This is a delegation with supervision problem. These two extensions of delegation problems are not solved yet. This paper designs two provably secure cryptographic schemes chained threshold proxy signature (CTPS) scheme and chained threshold proxy signature with supervision (CTPSwS) scheme to solve these two delegation problems.

Wei Feng,Zheng Yan,Haomeng Xie

DOI: https://doi.org/10.1109/access.2017.2679980

IF: 3.9

2017-01-01

IEEE Access

Abstract:Pervasive social networking (PSN) supports instant social activities anywhere and at any time with the support of heterogeneous networks, where privacy preservation is a crucial issue. One of the effective methods to achieve privacy preservation is anonymous authentication on trust. However, few literatures pay attention to it. In this paper, we propose an anonymous authentication scheme based on group signature for authenticating trust levels rather than identities of nodes in order to avoid privacy leakage and guarantee secure communications in PSN. The scheme achieves secure anonymous authentication with anonymity and conditional traceability with the support of a trusted authority (TA). We also provide a mechanism to guarantee communications among nodes when TA is not available for some nodes. In addition, the utilization of batch signature verification further improves the efficiency of authenticity verification on a large number of messages. Performance analysis and evaluation further prove that the proposed scheme is effective with regard to privacy preservation, computation complexity, communication cost, flexibility, reliability, and scalability.

Le Gao,Jiaxin Yu,Junzhe Zhang,Yin Tang,Quansi Wen

DOI: https://doi.org/10.1109/access.2024.3391423

IF: 3.9

2024-04-30

IEEE Access

Abstract:The concern and opposition to centralized management of user identities by third-party authorities have led to the emergence of Self-Sovereign Identity (SSI). With the help of blockchain, SSI effectively restore users' control over their own identities, but privacy concerns due to blockchain transparency, coupled with the absence of accountability like Know Your Customer (KYC) and Anti-Money Laundering (AML), have cast uncertainties upon the viability of SSI. In this paper, we bridge this gap by introducing AASSI, a pioneering SSI protocol meticulously designed to balance the twin imperatives of privacy and accountability. Specifically, AASSI extends support for anonymity, self-derivation, fine-grained tracing and selective revocation. In the realm of anonymity and self-derivation, AASSI introduces redactable signatures, which empowers users to autonomously derive distinctive credentials for each user-service-provider interaction, effectively improving privacy protection and self-management capabilities. Pertaining to fine-grained tracing, the protocol employs a dual-tag system that facilitates tracing users' real identities as well as a granular historical records of derived credentials. For selective revocation, AASSI leverages dynamic accumulators as a building block to enable the revocation of offending users. Ultimately, we provide functional comparison, which shows that AASSI has robust features, in particular, it supports novel self-derived features that further increase user control over their identity, and fine-grained tracking, which provides more flexibility for tracers. We demonstrate protocol efficiency through off-chain time-consuming comparison, which show that AASSI dramatically reduces the time overhead of credential verification. Moreover, We test the on-chain communication overhead and experimentally prove the feasibility of AASSI.

computer science, information systems,telecommunications,engineering, electrical & electronic

Chao Wang,Yunpeng Han,Fagen Li

DOI: https://doi.org/10.1109/EBISS.2009.5138069

2009-01-01

Abstract:In a (t, n) threshold proxy signature scheme, which is a variant of the proxy signature scheme, the proxy signature key is shared among a group of n proxy signers delegated by the original signer. Any t or more proxy signers can cooperatively sign messages on behalf of the original signer. Recently, Qian et. al. proposed a pairing-based threshold proxy signature scheme. However, we show that their scheme suffers from the forgery attack. That is, an adversary can forge a valid threshold proxy signature on any messages. In addition, their scheme also suffers from the weakness that the proxy signers might change the threshold value. That is, the proxy signers can arbitrarily modify the threshold strategy without being detected by the original signer or message verifiers, which might violate the original signer's intent. In this paper, we propose an improved scheme that overcomes the above weaknesses.