ABSTRACT
Federated identity providers, e.g., Facebook and PayPal, offer a convenient means for authenticating users to third-party applications. Unfortunately such cross-site authentications carry privacy and tracking risks. For example, federated identity providers can learn what applications users are accessing; meanwhile, the applications can know the users' identities in reality.
This paper presents Crypto-Book, an anonymizing layer enabling federated identity authentications while preventing these risks. Crypto-Book uses a set of independently managed servers that employ a (t,n)-threshold cryptosystem to collectively assign credentials to each federated identity (in the form of either a public/private keypair or blinded signed messages). With the credentials in hand, clients can then leverage anonymous authentication techniques such as linkable ring signatures or partially blind signatures to log into third-party applications in an anonymous yet accountable way.
We have implemented a prototype of Crypto-Book and demonstrated its use with three applications: a Wiki system, an anonymous group communication system, and a whistleblower submission system. Crypto-Book is practical and has low overhead: in a deployment within our research group, Crypto-Book group authentication took 1.607s end-to-end, an overhead of 1.2s compared to traditional non-privacy-preserving federated authentication.
- Masayuki Abe and Tatsuaki Okamoto. Provably secure partially blind signatures. Inbibconf{20th}CRYPTOInternational Cryptology Conference, 2000. Google ScholarDigital Library
- Giuseppe Ateniese, Jan Camenisch, Marc Joye, and Gene Tsudik. A practical and provably secure coalition-resistant group signature scheme. Inbibconf{20th}CRYPTOInternational Cryptology Conference, 2000. Google ScholarDigital Library
- Giuseppe Ateniese, Dawn Song, and Gene Tsudik. Quasi-efficient revocation of group signatures. Inbibconf{7th}FCFinancial Cryptography Conference, January 2003. Google ScholarDigital Library
- Man H Au, Apu Kapadia, and Willy Susilo. BLACR: TTP-free blacklistable anonymous credentials with reputation. Inbibconf{19th}NDSSAnnual Network & Distributed System Security Symposium, February 2012.Google Scholar
- Dan Boneh, Xavier Boyen, and Hovav Shacham. Short group signatures. Inbibconf{24th}CRYPTOInternational Cryptology Conference, 2004.Google Scholar
- Jan Camenisch and Anna Lysyanskaya. Dynamic accumulators and application to efficient revocation of anonymous credentials. Inbibconf{22nd}CRYPTOAnnual International Cryptology Conference, August 2001. Google ScholarDigital Library
- Jan Camenisch and Anna Lysyanskaya. An efficient system for non-transferable anonymous credentials with optional anonymity revocation. In EUROCRYPT, May 2001. Google ScholarDigital Library
- Technical Report: Providing Abuse Resistant Pseudonyms for Federated Online Identities with Cobra. https://www.dropbox.com/s/c90jn2om7ahlth4/anon-tech-report.pdf?dl=0.Google Scholar
- David Chaum. Blind signatures for untraceable payments. InbibconfCRYPTOInternational Cryptology Conference, 1982.Google Scholar
- David Chaum and Eugène Van Heyst. Group signatures. InbibconfEUROCRYPTAdvances in Cryptology, April 1991. Google ScholarDigital Library
- Brent Chun, David Culler, Timothy Roscoe, Andy Bavier, Larry Peterson, Mike Wawrzoniak, and Mic Bowman. Planetlab: an overlay testbed for broad-coverage services. ACM SIGCOMM Computer Communication Review, 33(3):3--12, 2003. Google ScholarDigital Library
- Henry Corrigan-Gibbs and Bryan Ford. Dissent: accountable anonymous group messaging. Inbibconf{17th}CCSACM Conference on Computer and Communications Security, October 2010. Google ScholarDigital Library
- Leucio Antonio Cutillo, Refik Molva, and Thorsten Strufe. Safebook: A privacy-preserving online social network leveraging on real-life trust. Communications Magazine, IEEE, 47(12):94--101, 2009. Google ScholarDigital Library
- Arkajit Dey and Stephen Weis. Pseudoid: Enhancing privacy in federated login. Hot topics in privacy enhancing technologies, pages 95--107, 2010.Google Scholar
- Mario Di Raimondo, Rosario Gennaro, and Hugo Krawczyk. Deniable authentication and key exchange. InbibconfCCSACM conference on computer and communications security, 2006.Google ScholarDigital Library
- Roger Dingledine, Nick Mathewson, and Paul Syverson. Tor: the second-generation onion router. In 13th USENIX Security Symposium, August 2004. Google ScholarDigital Library
- John R. Douceur. The Sybil attack. Inbibconf{1st}IPTPSInternational Workshop on Peer-to-Peer Systems, March 2002. Google ScholarDigital Library
- Adrienne Felt and David Evans. Privacy protection for social networking APIs. W2SP, 2008.Google Scholar
- Saikat Guha, Kevin Tang, and Paul Francis. Noyb: Privacy in online social networks. InbibconfWOSNWorkshop on Online social networks, 2008. Google ScholarDigital Library
- E. Hammer-Lahav. The OAuth 1.0 protocol, April 2010. RFC 5849.Google Scholar
- Ed Hardt. The OAuth 2.0 authorization framework, October 2012. RFC 6749.Google Scholar
- Ryan Henry, Kevin Henry, and Ian Goldberg. Making a nymbler nymble using verbs. In PETS, 2010. Google ScholarDigital Library
- Peter C Johnson, Apu Kapadia, Patrick P Tsang, and Sean W Smith. Nymble: Anonymous IP-address blocking. In PETS, 2007. Google ScholarDigital Library
- Zubair Ahmad Khattak, Jamalul-lail Ab Manan, Suziah Sulaiman, et al. Analysis of open environment sign-in schemes-privacy enhanced & trustworthy approach. Journal of Advances in Information Technology, 2(2):109--121, 2011.Google ScholarCross Ref
- Georgios Kontaxis, Michalis Polychronakis, and Evangelos P Markatos. SudoWeb: Minimizing information disclosure to third parties in single sign-on platforms. In Information Security, pages 197--212. Springer, 2011. Google ScholarDigital Library
- Joseph K Liu and Duncan S Wong. Linkable ring signatures: Security models and new schemes. InbibconfICCSAComputational Science and Its Applications, May 2005. Google ScholarDigital Library
- Matthew M Lucas and Nikita Borisov. Flybynight: mitigating the privacy risks of social networking. In Proceedings of the 7th ACM workshop on Privacy in the electronic society, pages 1--8. ACM, 2008. Google ScholarDigital Library
- Wanying Luo, Qi Xie, and Urs Hengartner. Facecloak: An architecture for user privacy on social networking sites. In Computational Science and Engineering, 2009. CSE'09. International Conference on, volume 3, pages 26--33. IEEE, 2009. Google ScholarDigital Library
- Gabriel Maganis, Elaine Shi, Hao Chen, and Dawn Song. Opaak: using mobile phones to limit anonymous identities online. In Proceedings of the 10th international conference on Mobile systems, applications, and services, pages 295--308. ACM, 2012. Google ScholarDigital Library
- MediaWiki. http://www.mediawiki.org.Google Scholar
- Moni Naor. Deniable ring authentication. Inbibconf{22nd}CRYPTOAdvances in Cryptology, August 2002. Google ScholarDigital Library
- Arvind Narayanan, Narendran Thiagarajan, Mugdha Lakhani, Michael Hamburg, and Dan Boneh. Location privacy via private proximity testing. In Proc. of NDSS, volume 2011, 2011.Google Scholar
- The FIPS 186--4 Digital Signature Algorithm Validation System. http://csrc.nist.gov/groups/STM/cavp/documents/dss2/dsa2vs.pdf .Google Scholar
- David Recordon and Drummond Reed. OpenID 2.0: A platform for user-centric identity management. In Proceedings of the second ACM workshop on Digital identity management. ACM, 2006. Google ScholarDigital Library
- Ronald L. Rivest, Adi Shamir, and Yael Tauman. How to leak a secret. Inbibconf{7th}ASIACRYPTInternational Conference on the Theory and Application of Cryptology and Information Security, December 2001. Google ScholarDigital Library
- SecureDrop. https://pressfreedomfoundation.org/securedrop/.Google Scholar
- Victor R. L. Shen, Yu fang Chung, Tzer Shyong Chen, and Yu An Lin. A blind signature based on discrete logarithm problem. ICIC, 7(9), September 2011.Google Scholar
- Patrick P Tsang, Man Ho Au, Apu Kapadia, and Sean W Smith. Blacklistable anonymous credentials: Blocking misbehaving users without TTPs. Inbibconf{14th}CCSProceedings of the 14th ACM conference on Computer and communications security, October 2007. Google ScholarDigital Library
- Ryu Watanabe and Yutaka Miyake. Account management method with blind signature scheme. Engineering and Technology, World of Science, (59):2069--2073, 2011.Google Scholar
- Alma Whitten and J. Doug Tygar. Why johnny can't encrypt: A usability evaluation of PGP 5.0. In Proceedings of the 8th USENIX Security Symposium, August 1999. Google ScholarDigital Library
- David Isaac Wolinsky, Henry Corrigan-Gibbs, Aaron Johnson, and Bryan Ford. Dissent in numbers: Making strong anonymity scale. Inbibconf{10th}OSDIUSENIX Symposium on Operating Systems Design and Implementation, October 2012. Google ScholarDigital Library
Index Terms
- Building Privacy-Preserving Cryptographic Credentials from Federated Online Identities
Recommendations
Crypto-Book: an architecture for privacy preserving online identities
HotNets-XII: Proceedings of the Twelfth ACM Workshop on Hot Topics in NetworksThrough cross-site authentication schemes such as OAuth and OpenID, users increasingly rely on popular social networking sites for their digital identities--but use of these identities brings privacy and tracking risks. We propose Crypto-Book, an ...
Research on Privacy Preserving of Searchable Encryption
HPCCT '18: Proceedings of the 2018 2nd High Performance Computing and Cluster Technologies ConferenceIn the cloud computing applications, the researchers proposed a new cryptographic primitive searchable encryption (SE) in order to ensure data security. Searchable encryption can make full use of cloud server computing capacity to search the ciphertext. ...
Secure Privacy-Preserving Biometric Authentication Scheme for Telecare Medicine Information Systems
Healthcare delivery services via telecare medicine information systems (TMIS) can help patients to obtain their desired telemedicine services conveniently. However, information security and privacy protection are important issues and crucial challenges ...
Comments