Cybersecurity – Identity Management
Hasso Plattner Institute
Tel.: +49-(0)331 5509-4898
Links: Research Group Team Page
Supervisor: Prof. Dr. Anja Lehmann
In my research, I'm interested in privacy-preserving solutions that meet the desired functional requirements in a secure and privacy-friendly way. This includes the definition of the security model, the design of the cryptographic protocol, proving its security under precise assumptions, and demonstrating its applicability with a prototype.
Current Work: Privacy-Preserving Single Sign-On
Single Sign-On (SSO) is a method allowing users to log in to an application through a third-party account, such as their Google account. Today, the most widely used SSO protocol is OpenID Connect (OIDC), which poses a significant privacy problem: The SSO provider can track users by learning which applications are being accessed. My work addresses this problem and makes three contributions. First, it provides a critical discussion of proposed approaches for privacy- and security-enhancing SSO protocols. We find that the dominant approaches are incompatible with the common OIDC standard. Such compatibility is essential to enable the application in practice. Our second contribution is to propose two protocol extensions, which are (1) compatible with OIDC and (2) enhance user privacy. Lastly, we evaluate if the proposed protocols cause disruption with other functions in OIDC and assess the necessary adaptations to the protocol flow. The goal is to establish usable protocol extensions which function in practice and improve privacy in SSO protocols.
In continuation of this work, we prove the security of the proposed protocol extensions, consider additional privacy aspects, provide a functional prototype, and assess its implications.