Hasso-Plattner-Institut
 

Privacy-Preserving Identity Management

First Project: Privacy-Preserving Single Sign-On

The first project I worked on continued my master's thesis titled Privacy Enhancement In the OpenID Connect Protocol Flow. In the following, I will briefly outline my thesis's goals and content and then provide an overview of the follow-up I have worked on. 

Privacy Enhancement In the OpenID Connect Protocol Flow

Most online applications use a username (uid) and password (pwd) for user authentication. However, this method has significant security limitations. Users may reuse passwords or use weak passwords in order to manage multiple access credentials, and the application must securely store and verify large password databases during authentication.

Single Sign-On (SSO) is a method that enhances security and usability for both users and online applications. It involves the use of an Identity Provider (IdP) as a third party for authentication between the user and the application. Instead of authenticating directly with the application (Figure A), the user authenticates with the IdP (Figure B). The IdP then sends proof of the user's identity to the application, known as a Relying Party (RP), in the form of a token (t). This token typically consists of a standard signature under the IdP's public key, which is based on the user's identity and contextual information, and is tied to a specific session.

At present, the most commonly used SSO protocol is OpenID Connect (OIDC), which has a significant privacy issue: the SSO provider is able to track users by identifying which applications they are accessing, since it receives a unique Relying Party identifier (rid) with each user authentication (step 2 in Figure B). This work aims to address this issue and makes three contributions. Firstly, it critically evaluates proposed approaches for improving privacy and security in SSO protocols and finds that the most dominant approaches are incompatible with the standard OIDC protocol. Secondly, it proposes two protocol extensions that are both compatible with OIDC and enhance user privacy. Finally, it investigates the impact of the proposed protocols on other functions in OIDC and evaluates the required adaptations to the protocol flow. The goal is to develop usable protocol extensions that can be effectively implemented and improve privacy in SSO protocols.

A. A user authenticates to an application, also called Relying Party (RP), by providing its username (uid) and password (pwd).
B. User authentication is delegated to an external service: the Identity Provider (IdP).

The Follow-Up Contributions

In the course of continuing this research, I addressed the following issues:

  • Formal definition of the security properties
  • Adjustment of the protocol constructions
  • Proving the security of these constructions
  • Implementation of the protocol and its evaluation

The publication as well as the code repository will be linked as soon as the paper gets accepted.