Zhao Zhang,Chunxiang Xu,Changsong Jiang,Kefei Chen

DOI: https://doi.org/10.1109/tdsc.2023.3285393

2023-01-01

IEEE Transactions on Dependable and Secure Computing

Abstract:Single-sign-on (SSO) authentication enables a user to gain a token from the identity server, with which the user accesses multiple services. To address single-point-of-failure of SSO, threshold SSO, where a group of identity servers issue a user with a token in the threshold manner, is introduced. SSO including threshold schemes suffers from privacy disclosure. One can learn a user's identity and access pattern from her/his token. Recent works focus on privacy preservation of SSO. However, these works merely consider scenarios of one single identity server SSO. No works that address privacy preservation of threshold SSO have emerged. In this work, we propose TSAPP, a threshold SSO authentication scheme preserving privacy. Each identity server issues a user with a partial token which is a signature on the user's pseudonym. With a threshold number of partial tokens, the user constructs a token, blinds the token with random numbers and accesses services with blinded tokens. Such mechanism preserves the user's identity, simultaneously protects the user's access pattern since adversaries cannot link the user's accesses, even if identity servers are corrupted. Security analysis demonstrates that TSAPP satisfies properties of anonymity, unlinkability, unforgeability and password-safety. The performance evaluation demonstrates that TSAPP is efficient in practice.

Ge Gao,Yuan Zhang,Yaqing Song,Shiyu Li

DOI: https://doi.org/10.1109/tifs.2024.3392533

IF: 7.231

2024-01-01

IEEE Transactions on Information Forensics and Security

Abstract:Single-sign-on (SSO) authentication employs an identity provider (IdP) to provide users with an efficient way to authenticate themselves with different service providers and has been widely applied in digital systems. However, existing SSO authentication schemes suffer from critical issues in terms of security and privacy. Regarding security, most SSO authentication schemes achieve a high convenience at the expense of security and are thereby susceptible to various attacks. Regarding privacy, most existing schemes fail to protect users' subscription pattern and access pattern against adversaries who can easily extract users' sensitive information from their authentications and launch subsequent attacks for profits. In this paper, we develop a practical SSO authentication system, dubbed PrivSSO, with the protection of users' subscription pattern and access pattern. To balance the trade-off between security and convenience, the key technique is a secure "hybrid" key-based authentication mechanism: a long-term key stored in a well-guarded hardware token serves as the "primary" authentication factor (AF) to guarantee strong security; an ephemeral key bound with portable device(s) serves as the "daily-used" AF to achieve high convenience. To protect the subscription pattern and access pattern from leakage, we propose a redactable token generation mechanism, where the users themselves specify what IdP and the service providers can learn from their authentications. We formally define and prove the security of PrivSSO. We also implement a PrivSSO prototype and conduct a comprehensive performance evaluation to demonstrate its practicality.

Rongwu Xu,Sen Yang,Fan Zhang,Zhixuan Fang

DOI: https://doi.org/10.1109/eurosp57164.2023.00029

2023-01-01

Abstract:Single sign-on (SSO) allows users to authenticate to third-party applications through a central identity provider. Despite their wide adoption, deployed SSO systems suffer from privacy problems such as user tracking by the identity provider. While numerous solutions have been proposed by academic papers, none were adopted because they require modifying identity providers, a significant adoption barrier in practice. Solutions do get deployed, however, fail to eliminate major privacy issues. Leveraging Trusted Execution Environments (TEEs), we propose MISO, the first privacy-preserving SSO system that is completely compatible with existing identity providers (such as Google and Facebook). This means MISO can be easily integrated into existing SSO ecosystem today and benefit end users. MISO also enables new functionality that standard SSO cannot offer: MISO allows users to leverage multiple identity providers in a single SSO workflow, potentially in a threshold fashion, to better protect user accounts. We fully implemented MISO based on Intel SGX. Our evaluation shows that MISO can handle high user concurrency with practical performance.

Jinguang Han,Liqun Chen,Steve Schneider,Helen Treharne,Stephan Wesemeyer

DOI: https://doi.org/10.48550/arXiv.1804.07201

2018-04-19

Abstract:Anonymous Single-Sign-On authentication schemes have been proposed to allow users to access a service protected by a verifier without revealing their identity which has become more important due to the introduction of strong privacy regulations. In this paper we describe a new approach whereby anonymous authentication to different verifiers is achieved via authorisation tags and pseudonyms. The particular innovation of our scheme is authentication can only occur between a user and its designated verifier for a service, and the verification cannot be performed by any other verifier. The benefit of this authentication approach is that it prevents information leakage of a user's service access information, even if the verifiers for these services collude which each other. Our scheme also supports a trusted third party who is authorised to de-anonymise the user and reveal her whole services access information if required. Furthermore, our scheme is lightweight because it does not rely on attribute or policy-based signature schemes to enable access to multiple services. The scheme's security model is given together with a security proof, an implementation and a performance evaluation.

Cryptography and Security

Efat Samir,Hongyi Wu,Mohamed Azab,Chunsheng Xin,Qiao Zhang,Chun Sheng Xin

DOI: https://doi.org/10.1109/jiot.2021.3112537

IF: 10.6

2021-01-01

IEEE Internet of Things Journal

Abstract:In a ubiquitous environment enclosing cooperative Internet-of-Things (IoT) devices, individuals, and entities, digital identity management (DIM) becomes critical and challenging. DIM pertains to device identities authentication and verification to enable trustworthy service exchange, data collection, and decision making. DIM is the supporting pillar for all online services and the foundation for security and authentication mechanisms. Due to the extreme heterogeneity, scale, and configuration complexity of such environments, enabling trustworthy DIM is crucial and seriously challenging. In an IoT context, devices use local digital identities stored within a tamper-proof unit and verified by a centralized authority for authentication. The recent attacks on IoT systems showed how vulnerable such a design is. It is also an inherent problem that influences humans. From that, self-sovereign identity (SSI) has emerged as a decentralized DIM approach embracing the concept of portable self-possession identity. SSI was presented to couple the digital identity from the owner to enable large-scale cooperation. However, digital identity storage and verification still occur on the device and in a centralized manner. Utilizing a local single-point-of-failure storage memory for verifiable credentials is one of the considerable drawbacks in contemporary SSI. In this regard, this article introduces decentralized trustworthy-self-sovereign identity management (DT-SSIM), a novel decentralized trustworthy SSI management framework. DT-SSIM integrates the secret share scheme with the blockchain-based smart contracts technologies to provide transparent and trustworthy SSI-based DIM services for IoT. Storing IoT identity credentials outside the devices' local storage preserves the identity credentials from being tampered with or misused. Evaluations and discussions show the resiliency assessment of the system and the cost and estimated running times for verification pro-esses in DT-SSIM.

computer science, information systems,telecommunications,engineering, electrical & electronic

Daniel Slamanig,Sebastian Ramacher,Reyhaneh Rabaninejad,A. Michalas,B. Abdolmaleki

Abstract:. Self-sovereign identity (SSI) systems empower users to (anony-mously) establish and verify their identity when accessing both digital and real-world resources, emerging as a promising privacy-preserving so-lution for user-centric identity management. Recent work by Maram et al. proposes the privacy-preserving Sybil-resistant decentralized SSI sys-tem CanDID (IEEE S&P 2021). While this is an important step, notable shortcomings undermine its efficacy. The two most significant among them being the following: First, unlinkability breaks in the presence of a single malicious issuer. Second, it introduces interactiveness, as the users are required to communicate each time with issuers to collect cre-dentials intended for use in interactions with applications. This contra-dicts the goal of SSI, whose aim is to give users full control over their identities. This paper first introduces the concept of publicly verifiable attribute-based threshold anonymous counting tokens (tACT). Unlike recent approaches confined to centralized settings (Benhamouda et al., ASIACRYPT 2023), tACT operates in a distributed-trust environment. Accompanied by a formal security model and a provably secure instantiation, tACT introduces a novel dimension to token issuance, which, we believe, holds independent interest. Next, the paper leverages the proposed tACT scheme to construct an efficient Sybil-resistant SSI sys-tem. This system supports various functionalities, including threshold issuance, unlinkable multi-show selective disclosure, and non-interactive, non-transferable credentials that offer constant-size credentials. The proposed construction is backed by rigorous security definitions and proofs. Finally, our benchmark results show an efficiency improvement in our construction when compared to CanDID all while accommodating a greater number of issuers and additionally reducing to a one-round protocol that can be run in parallel with all issuers.

Computer Science

Chenchen Cao,Chunxiang Xu,Changsong Jiang,Zhao Zhang,Xinfeng Dong,Kefei Chen

DOI: https://doi.org/10.1109/tdsc.2024.3404045

2024-01-01

IEEE Transactions on Dependable and Secure Computing

Abstract:In networks, clients access various servers. Servers need to authenticate clients' identities and provide services to clients who pass the authentication. Password-based threshold single-sign-on authentication (PbT-SSO) delegates multiple identity servers to authenticate a client with the client's password, and issue a token for subsequent access. However, existing PbT-SSO schemes are based on conventional hardness problems, which are vulnerable to adversaries equipped with quantum computers in the near future. Once quantum computers are accessible, adversaries can retrieve passwords by off-line dictionary guessing attacks (DGA) from the credentials of clients' passwords. Moreover, quantum adversaries can derive identity servers' secret from public information and further forge tokens with the secret. Motivated by these issues, we propose a password-based threshold single-sign-on authentication from learning with errors problem (LWE), dubbed LPbT-SSO, which is resistant to quantum attacks. LPbT-SSO evaluates a one-way function of passwords, and takes the function outputs as credentials. Since the function is grounded on LWE problem intractable for quantum computation, quantum adversaries cannot recover passwords by off-line DGA. Additionally, LPbT-SSO leverages a lattice-based threshold signature scheme to issue tokens, and guarantees that no adversary can forge a valid token. The comprehensive performance evaluation demonstrates that LPbT-SSO is efficient in terms of computation, storage, and communication costs.

Maximilian Westers,Tobias Wich,Louis Jannett,Vladislav Mladenov,Christian Mainka,Andreas Mayer

DOI: https://doi.org/10.48550/arXiv.2302.01024

2023-02-02

Abstract:Single Sign-On (SSO) shifts the crucial authentication process on a website to to the underlying SSO protocols and their correct implementation. To strengthen SSO security, organizations, such as IETF and W3C, maintain advisories to address known threats. One could assume that these security best practices are widely deployed on websites. We show that this assumption is a fallacy. We present SSO-MONITOR, an open-source fully-automatic large-scale SSO landscape, security, and privacy analysis tool. In contrast to all previous work, SSO-MONITOR uses a highly extensible, fully automated workflow with novel visual-based SSO detection techniques, enhanced security and privacy analyses, and continuously updated monitoring results. It receives a list of domains as input to discover the login pages, recognize the supported Identity Providers (IdPs), and execute the SSO. It further reveals the current security level of SSO in the wild compared to the security best practices on paper. With SSO-MONITOR, we automatically identified 1,632 websites with 3,020 Apple, Facebook, or Google logins within the Tranco 10k. Our continuous monitoring also revealed how quickly these numbers change over time. SSO-MONITOR can automatically login to each SSO website. It records the logins by tracing HTTP and in-browser communication to detect widespread security and privacy issues automatically. We introduce a novel deep-level inspection of HTTP parameters that we call SMARTPARMS. Using SMARTPARMS for security analyses, we uncovered URL parameters in 5 Client Application (Client) secret leakages and 337 cases with weak CSRF protection. We additionally identified 447 cases with no CSRF protection, 342 insecure SSO flows and 9 cases with nested URL parameters, leading to an open redirect in one case. SSO-MONITOR reveals privacy leakages that deanonymize users in 200 cases.

Cryptography and Security

Chintan Patel,M.P. Aryan,Prosanta Gope,John Clark

DOI: https://doi.org/10.1016/j.cose.2024.103793

IF: 5.105

2024-03-06

Computers & Security

Abstract:Digital Twin (DT) is a revolutionary technology changing how a smart manufacturing industry carries out its day-to-day activities. DT can provide numerous advantages such as real-time synchronised functioning, monitoring and data analysis. However, security and privacy issues in DT have not been thoroughly investigated. This article proposes a user-empowerment-based privacy-preserving authentication protocol for a cloud-based Digital Twin using a Decentralised Identifier (DID) and Verifiable Credential (VC). Here, user empowerment provides full control to users over their identities, and with the help of VC, users can prove their authenticity and preserve their privacy. Although DID has emerged as a promising technology for introducing user empowerment, it suffers from some fundamental problems such as usability and auditability . Here we address all these issues and propose a user-revocation-enabled security solution for the DT. A security analysis of the proposed scheme shows that it is secured against significant security threats. With the help of performance analysis, we prove that the proposed work effectively ensures security and privacy in DT.

computer science, information systems

Jinguang Han,Liqun Chen,Steve Schneider,Helen Treharne,Stephan Wesemeyer,Nick Wils

DOI: https://doi.org/10.48550/arXiv.1811.07642

2019-04-11

Abstract:An anonymous Single Sign-On (ASSO) scheme allows users to access multiple services anonymously using one credential. We propose a new ASSO scheme, where users can access services anonymously through the use of anonymous credentials and unlinkably through the provision of designated verifiers. Notably, verifiers cannot link service requests of a user even if they collude. The novelty is that when a designated verifier is unavailable, a central authority can authorise new verifiers to authenticate the user on behalf of the original verifier. Furthermore, if required, a central verifier is authorised to deanonymise users and trace their service requests. We formalise the scheme along with a security proof and provide an empirical evaluation of its performance. This scheme can be applied to smart ticketing where minimising the collection of personal information of users is increasingly important to transport organisations due to privacy regulations such as General Data Protection Regulations (GDPR).

Cryptography and Security

Yanfei Lu,Xu Wang,Chunqiang Hu,Hui Li,Yan Huo

DOI: https://doi.org/10.1504/ijsnet.2018.088384

2017-01-01

International Journal of Sensor Networks

Abstract:With the rapid development of wireless sensor technologies, mobile healthcare social network (MHSN) built upon wireless body sensor network (WBSN), has evolved into an innovative next-generation healthcare system in our aging society. Nevertheless, it is vital to focus on the security issues and the tradeoff between privacy preserving and traceability. A novel security mechanism named as the traceable threshold attribute-based signcryption (TTABSC) can permits patients to be friends and make a proper tradeoff between privacy and traceability. The proposed scheme leverages a four-party model to prevent the leak of a patient's sensitive information, including symptom information, identity and patient's health information (PHI). Combining the digital signatures and encryption, we provide a series of performance analysis, including correctness, unforgeability, traceability and privacy. Compared with previous works, our most efficient scheme generates a constant signcryption size.

Evan Krul,Hye-young Paik,Sushmita Ruj,Salil S. Kanhere

DOI: https://doi.org/10.56553/popets-2024-0079

2024-06-27

Abstract:Digital identity is evolving from centralized systems to a decentralized approach known as Self-Sovereign Identity (SSI). SSI empowers individuals to control their digital identities, eliminating reliance on third-party data custodians and reducing the risk of data breaches. However, the concept of trust in SSI remains complex and fragmented. This paper systematically analyzes trust in SSI in light of its components and threats posed by various actors in the system. As a result, we derive three distinct trust models that capture the threats and mitigations identified across SSI literature and implementations. Our work provides a foundational framework for future SSI research and development, including a comprehensive catalogue of SSI components and design requirements for trust, shortcomings in existing SSI systems and areas for further exploration.

Cryptography and Security

Rahma Mukta,Rue C. Teh,Hye-young Paik,Qinghua Lu,Salil S. Kanhere

2023-08-03

Abstract:Self Sovereign Identity (SSI) is an emerging identity system that facilitates secure credential issuance and verification without placing trust in any centralised authority. To bypass central trust, most SSI implementations place blockchain as a trusted mediator by placing credential transactions on-chain. Yet, existing SSI platforms face trust issues as all credential issuers in SSI are not supported with adequate trust. Current SSI solutions provide trust support to the officiated issuers (e.g., government agencies), who must follow a precise process to assess their credentials. However, there is no structured trust support for individuals of SSI who may attempt to issue a credential (e.g., letter of consent) in the context of business processes. Therefore, some risk-averse verifiers in the system may not accept the credentials from individual issuers to avoid carrying the cost of mishaps from potentially inadmissible credentials without reliance on a trusted agency. This paper proposes a trust propagation protocol that supports individual users to be trusted as verifiable issuers in the SSI platform by establishing a trust propagation credential template in the blockchain. Our approach utilises (i) the sanitizable signature scheme to propagate the required trust to an individual issuer, (ii) a voting mechanism to minimises the possibility of collusion. Our implementation demonstrates that the solution is both practical and performs well under varying system loads.

Cryptography and Security

Feng Xu,Wenhuan Zhou,Xuan Liu

DOI: https://doi.org/10.1080/10798587.2012.10643271

2012-01-01

Intelligent Automation & Soft Computing

Abstract:Aiming at the security and performance problems existed in most threshold proxy signature (TPS) schemes, this paper presents a new TPS scheme based on bilinear pairings. In this work, the security level of the proposed TPS scheme has been significantly enhanced by using improved short signatures and interactive secret-sharing. Our analysis indicates that the proposed scheme achieves the six accepted security properties that are required for a strong-secure TPS scheme. It can also resist a severe attack against TPS, i.e., original signer changing attack.

Le Gao,Jiaxin Yu,Junzhe Zhang,Yin Tang,Quansi Wen

DOI: https://doi.org/10.1109/access.2024.3391423

IF: 3.9

2024-04-30

IEEE Access

Abstract:The concern and opposition to centralized management of user identities by third-party authorities have led to the emergence of Self-Sovereign Identity (SSI). With the help of blockchain, SSI effectively restore users' control over their own identities, but privacy concerns due to blockchain transparency, coupled with the absence of accountability like Know Your Customer (KYC) and Anti-Money Laundering (AML), have cast uncertainties upon the viability of SSI. In this paper, we bridge this gap by introducing AASSI, a pioneering SSI protocol meticulously designed to balance the twin imperatives of privacy and accountability. Specifically, AASSI extends support for anonymity, self-derivation, fine-grained tracing and selective revocation. In the realm of anonymity and self-derivation, AASSI introduces redactable signatures, which empowers users to autonomously derive distinctive credentials for each user-service-provider interaction, effectively improving privacy protection and self-management capabilities. Pertaining to fine-grained tracing, the protocol employs a dual-tag system that facilitates tracing users' real identities as well as a granular historical records of derived credentials. For selective revocation, AASSI leverages dynamic accumulators as a building block to enable the revocation of offending users. Ultimately, we provide functional comparison, which shows that AASSI has robust features, in particular, it supports novel self-derived features that further increase user control over their identity, and fine-grained tracking, which provides more flexibility for tracers. We demonstrate protocol efficiency through off-chain time-consuming comparison, which show that AASSI dramatically reduces the time overhead of credential verification. Moreover, We test the on-chain communication overhead and experimentally prove the feasibility of AASSI.

computer science, information systems,telecommunications,engineering, electrical & electronic

Yinzhi Cao,Yan Shoshitaishvili,Kevin Borgolte,Christopher Kruegel,Giovanni Vigna,Yan Chen

2014-01-01

Abstract:Author(s): Cao, Yinzhi; Shoshitaishvili, Yan; Borgolte, Kevin; Kruegel, Christopher; Vigna, Giovanni; Chen, Yan | Abstract: Web-based single sign-on describes a class of protocols where a user signs into a web site with the authentication provided as a service by a third party. In exchange for the increased complexity of the authentication procedure, SSO makes it convenient for users to authenticate themselves to many different web sites (relying parties), using just a single account at an identity provider such as Facebook or Google.Single sign-on (SSO) protocols, however, are not immune to vulnerabilities. Recent research introduced several attacks against existing SSO protocols, and further work showed that these problems are prevalent: 6.5% of the investigated relying parties were vulnerable to impersonation attacks, which can lead to account compromises and privacy breaches. Prior work used formal verification methods to identify vulnerabilities in SSO protocols or leveraged invariances of SSO interaction traces to identify logic flaws. No prior work, however, systematically studied the actual root cause of impersonation attacks against the relying party.In this paper, we systematically examine existing SSO protocols and determine the root cause of the aforementioned vulnerabilities: the design of the communication channel between the relying party and the identity provider, which, depending on the protocol and implementation, suffers from being a one-way communication protocol, or from a lack of authentication. We (a) systematically study the weakness responsible for the vulnerabilities in existing protocols that allow impersonation attacks against the relying party, (b) introduce a dedicated, authenticated, bi-directional, secure channel that does not suffer from those shortcomings, (c) formally verify the authentication property of this channel using a well-known cryptographic protocol verifier (ProVerif), and (d) evaluate the practicality of a prototype implementation of our protocol.Ultimately, to support a smooth and painless transition from existing SSO protocols, we introduce a proxy setup in which our channel can be used to secure existing SSO protocols from impersonation attacks. Furthermore, to demonstrate the flexibility of our approach, we design two different SSO protocols: an OAuth-like and an OpenID-like protocol.

Rakshitha S M,Shravana,Riya Biswas,Sushmita Shetty

DOI: https://doi.org/10.48175/ijarsct-2866

2022-03-21

Abstract:The Internet of Things (IoT) connects many of the world's home appliances, from intelligent thermostats to intelligent cars. We had 9 billion connected things by the end of 2015. According to Gartner, the total number of networked devices will approach 50 billion by 2020. The majority of linked devices in the existing network use outdated security technology and encryption, and many do not allow for remote device updates. Given the vast number of IoT devices available, ranging from off-the-shelf motion monitoring to machine tools, it is impossible to determine which functions are associated with any given service or product. In a nutshell, this is the issue: you can't trust the device's security and integrity. K-times anonymous authentication (k-TAA) is an important access control approach used in ecoupon and e-bill. It allows a user to authenticate himself anonymously to a distant server a set number of times. However, most known k-TAA techniques need a lot of processing, which makes them difficult to use on devices with low resources. In 2018, Tian and colleagues published Tian et al presented a remote user authentication system that protects users' privacy. Considering untraceability of k-times In contrast to the typical k-TAA,Tian et almethod .'s is better suited to mobile devices.as a result of avoiding costly pairing operations They're also claim that their system ensures user trust and authenticity. Untraceability k times Unfortunately, we are unable to do so in this paper Analyzing their scheme reveals that it is insecure. Their Neither scheme can stop a rogue user from sending information neither the authentication.

Qiuyun Lyu,Shaopeng Cheng,Hao Li,Junliang Liu,Yanzhao Shen,Zhen Wang

DOI: https://doi.org/10.1155/2022/1607996

IF: 1.968

2022-09-07

Security and Communication Networks

Abstract:Self-sovereign identity (SSI) is a new distributed method for identity management, commonly used to address the problem that users are lack of control over their identities. However, the excessive pursuit of self-sovereignty in the most existing SSI schemes hinders sanctions against attackers. To deal with the malicious behavior, a few SSI schemes introduce accountability mechanisms, but they sacrifice users' privacy. In addition, the digital identities (static strings or updatable chains) in the existing SSI schemes are as inputs to a third-party executable program (mobile app, smart contract, etc.) to achieve identity reading, storing and proving, and users' self-sovereignty are weakened. To solve the above problems, we present a new self-sovereign identity scheme to strike a balance between privacy and accountability and get rid of the dependence on the third-party program. In our scheme, one and only individual-specific executable code is generated as a digital avatar-i for each human to interact with others in cyberspace without a third-party program, in which the embedding of biometrics enhances uniqueness and user control over their identity. In addition, a joint accountability mechanism, which is based on the shamir (t, n) threshold algorithm and a consortium blockchain, is designed to restrict the power of each regulatory authority and protect users' privacy. Finally, we analyze the security, SSI properties and conduct detailed experiments in terms of the cost of computation, storage, and blockchain gas. The analysis results indicate that our scheme resists the known attacks and fulfills all the six SSI properties. Compared with the state-of-the-art schemes, the extensive experiment results show that the cost is larger in server storage, blockchain storage, and blockchain gas, but is still low enough for practical situations.

computer science, information systems,telecommunications

Wenbo Zhang,Jing Zhang,Yifei Shi,Jingyu Feng

DOI: https://doi.org/10.48550/arXiv.2103.08908

2022-05-10

Abstract:With the large-scale deployment of industrial internet of things (IIoT) devices, the number of vulnerabilities that threaten IIoT security is also growing dramatically, including a mass of undisclosed IIoT vulnerabilities that lack mitigation measures. Coordination Vulnerabilities Disclosure (CVD) is one of the most popular vulnerabilities sharing solutions, in which some security workers (SWs) can develop undisclosed vulnerabilities patches together. However, CVD assumes that sharing participants (SWs) are all honest, and thus offering chances for dishonest SWs to leak undisclosed IIoT vulnerabilities. To combat such threats, we propose an Undisclosed IIoT Vulnerabilities Trusted Sharing Protection (UIV-TSP) scheme with dynamic token. In this article, a dynamic token is an implicit access credential for an SW to acquire an undisclosed vulnerability information, which is only held by the system and constantly updated as the SW access. Meanwhile, the latest updated token can be stealthily sneaked into the acquired information as the traceability token. Once the undisclosed vulnerability information leaves the SW host, the embedded self-destruct program will be automatically triggered to prevent leaks since the destination MAC address in the traceability token has changed. To quickly distinguish dishonest SWs, trust mechanism is adopted to evaluate the trust value of SWs. Moreover, we design a blockchain-assisted continuous logs storage method to achieve the tamper-proofing of dynamic token and the transparency of undisclosed IIoT vulnerabilities sharing. The simulation results indicate that our proposed scheme is resilient to suppress dishonest SWs and protect the IoT undisclosed vulnerabilities effectively.

Cryptography and Security

Chengqian Guo,Jingqiang Lin,Quanwei Cai,Wei Wang,Fengjun Li,Qiongxiao Wang,Jiwu Jing,Bin Zhao

DOI: https://doi.org/10.48550/arXiv.2110.10396

2021-10-20

Cryptography and Security

Abstract:Single sign-on (SSO) allows a user to maintain only the credential at the identity provider (IdP), to login to numerous RPs. However, SSO introduces extra privacy threats, compared with traditional authentication mechanisms, as (a) the IdP could track all RPs which a user is visiting, and (b) collusive RPs could learn a user's online profile by linking his identities across these RPs. This paper proposes a privacypreserving SSO system, called UPPRESSO, to protect a user's login activities against both the curious IdP and collusive RPs. We analyze the identity dilemma between the security requirements and these privacy concerns, and convert the SSO privacy problems into an identity transformation challenge. In each login instance, an ephemeral pseudo-identity (denoted as PID_RP ) of the RP, is firstly negotiated between the user and the RP. PID_RP is sent to the IdP and designated in the identity token, so the IdP is not aware of the visited RP. Meanwhile, PID_RP is used by the IdP to transform the permanent user identity ID_U into an ephemeral user pseudo-identity (denoted as PID_U ) in the identity token. On receiving the identity token, the RP transforms PID_U into a permanent account (denoted as Acct) of the user, by an ephemeral trapdoor in the negotiation. Given a user, the account at each RP is unique and different from ID_U, so collusive RPs cannot link his identities across these RPs. We build the UPPRESSO prototype on top of MITREid Connect, an open-source implementation of OIDC. The extensive evaluation shows that UPPRESSO fulfills the requirements of both security and privacy and introduces reasonable overheads.