UPPRESSO: Untraceable and Unlinkable Privacy-PREserving Single Sign-On Services
- URL: http://arxiv.org/abs/2110.10396v3
- Date: Wed, 26 Mar 2025 01:31:30 GMT
- Title: UPPRESSO: Untraceable and Unlinkable Privacy-PREserving Single Sign-On Services
- Authors: Chengqian Guo, Jingqiang Lin, Quanwei Cai, Wei Wang, Wentian Zhu, Jiwu Jing, Qiongxiao Wang, Bin Zhao, Fengjun Li,
- Abstract summary: Single sign-on (SSO) allows a user to maintain only the credential for an identity provider (IdP) to log into multiple relying parties (RPs)<n>This paper presents a privacy-preserving SSO scheme, called UPPRESSO, to protect an honest user's online profile against (a) an honest-but-curious IdP and (b) malicious RPs colluding with other users.
- Score: 15.062365685418092
- License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
- Abstract: Single sign-on (SSO) allows a user to maintain only the credential for an identity provider (IdP) to log into multiple relying parties (RPs). However, SSO introduces privacy threats, as (a) a curious IdP could track a user's all visits to RPs, and (b) colluding RPs could learn a user's online profile by linking her identities across these RPs. This paper presents a privacypreserving SSO scheme, called UPPRESSO, to protect an honest user's online profile against (a) an honest-but-curious IdP and (b) malicious RPs colluding with other users. UPPRESSO proposes an identity-transformation approach to generate untraceable ephemeral pseudo-identities for an RP and a user from which the target RP derives a permanent account for the user, while the transformations also provide unlinkability. This approach protects the identities of the user and the target RPs in a login flow, while working compatibly with widely-deployed SSO protocols and providing services accessed from a commercial-off-the-shelf browser without plug-ins or extensions. We built a prototype of UPPRESSO on top of MITREid Connect, an open-source SSO system. The extensive evaluations show that it fulfills the security and privacy requirements of SSO with reasonable overheads.
Related papers
- Anonymous Authentication using Attribute-based Encryption [0.0]
Attribute-Based Encryption (ABE) has emerged as a promising approach to privacy-preserving data protection.<n>This paper proposes an anonymous authentication mechanism based on ABE, which allows users to authenticate without revealing their identity.
arXiv Detail & Related papers (2025-06-17T14:24:28Z) - Understanding the Identity-Transformation Approach in OIDC-Compatible Privacy-Preserving SSO Services [7.080530070342893]
OpenID Connect (OIDC) enables a user with commercial-off-the-shelf browsers to log into multiple websites, called relying parties (RPs) by her username and credential set up in another trusted web system, called the identity provider (IdP)
arXiv Detail & Related papers (2025-06-02T05:11:01Z) - On the Differential Privacy and Interactivity of Privacy Sandbox Reports [78.85958224681858]
The Privacy Sandbox initiative from Google includes APIs for enabling privacy-preserving advertising functionalities.<n>We provide an abstract model for analyzing the privacy of these APIs and show that they satisfy a formal DP guarantee.
arXiv Detail & Related papers (2024-12-22T08:22:57Z) - Enhancing Feature-Specific Data Protection via Bayesian Coordinate Differential Privacy [55.357715095623554]
Local Differential Privacy (LDP) offers strong privacy guarantees without requiring users to trust external parties.
We propose a Bayesian framework, Bayesian Coordinate Differential Privacy (BCDP), that enables feature-specific privacy quantification.
arXiv Detail & Related papers (2024-10-24T03:39:55Z) - Byzantine-Secure Relying Party for Resilient RPKI [17.461853355858022]
We develop BRP, a Byzantine-Secure relying party implementation.
We show through simulations and experiments that BRP, as an intermediate RPKI service, results in less load on RPKI publication points and a robust output despite RPKI repository failures, jitter, and attacks.
arXiv Detail & Related papers (2024-05-01T14:04:48Z) - User Consented Federated Recommender System Against Personalized
Attribute Inference Attack [55.24441467292359]
We propose a user-consented federated recommendation system (UC-FedRec) to flexibly satisfy the different privacy needs of users.
UC-FedRec allows users to self-define their privacy preferences to meet various demands and makes recommendations with user consent.
arXiv Detail & Related papers (2023-12-23T09:44:57Z) - ROSTAM: A Passwordless Web Single Sign-on Solution Mitigating Server Breaches and Integrating Credential Manager and Federated Identity Systems [0.0]
We envision a passwordless future which provides a frictionless and trustworthy online experience for users by integrating credential management and federated identity systems.
In this regard, our implementation ROSTAM offers a dashboard that presents all applications the user can access with a single click after a passwordless SSO.
The security of web passwords on the credential manager is ensured with a Master Key, rather than a Master Password, so that encrypted passwords can remain secure even if stolen from the server.
arXiv Detail & Related papers (2023-10-08T16:41:04Z) - How Do Input Attributes Impact the Privacy Loss in Differential Privacy? [55.492422758737575]
We study the connection between the per-subject norm in DP neural networks and individual privacy loss.
We introduce a novel metric termed the Privacy Loss-Input Susceptibility (PLIS) which allows one to apportion the subject's privacy loss to their input attributes.
arXiv Detail & Related papers (2022-11-18T11:39:03Z) - "Sign in with ... Privacy'': Timely Disclosure of Privacy Differences among Web SSO Login Options [9.907956506019541]
Single sign-on (SSO) services allow users to grant web sites or relying parties (RPs) access to their personal profile information from identity provider (IdP) accounts.<n>Many RP sites fail to provide sufficient privacy-related information to allow users to make informed login decisions.<n>We present an empirical analysis of popular RP implementations supporting three major IdP login options (Facebook, Google, and Apple) and categorize RPs in the top 500 sites into four client-side code patterns.
arXiv Detail & Related papers (2022-09-09T18:41:56Z) - Cross-Network Social User Embedding with Hybrid Differential Privacy
Guarantees [81.6471440778355]
We propose a Cross-network Social User Embedding framework, namely DP-CroSUE, to learn the comprehensive representations of users in a privacy-preserving way.
In particular, for each heterogeneous social network, we first introduce a hybrid differential privacy notion to capture the variation of privacy expectations for heterogeneous data types.
To further enhance user embeddings, a novel cross-network GCN embedding model is designed to transfer knowledge across networks through those aligned users.
arXiv Detail & Related papers (2022-09-04T06:22:37Z) - PASS: Protected Attribute Suppression System for Mitigating Bias in Face
Recognition [55.858374644761525]
Face recognition networks encode information about sensitive attributes while being trained for identity classification.
Existing bias mitigation approaches require end-to-end training and are unable to achieve high verification accuracy.
We present a descriptors-based adversarial de-biasing approach called Protected Attribute Suppression System ( PASS)'
Pass can be trained on top of descriptors obtained from any previously trained high-performing network to classify identities and simultaneously reduce encoding of sensitive attributes.
arXiv Detail & Related papers (2021-08-09T00:39:22Z) - Unsupervised Proxy Selection for Session-based Recommender Systems [15.930016839929047]
Session-based Recommender Systems (SRSs) have been actively developed to recommend the next item of an anonymous short item sequence (i.e., session)
Unlike sequence-aware recommender systems where the whole interaction sequence of each user can be used to model both the short-term interest and the general interest of the user, the absence of user-dependent information in SRSs makes it difficult to directly derive the user's general interest from data.
Existing SRSs have focused on how to effectively model the information about short-term interest within the sessions, but they are insufficient to capture the general interest of
arXiv Detail & Related papers (2021-07-08T02:03:06Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.