Affiliation:
1. UCLA, CA , USA .
2. City, University of London , United Kingdom .
3. Facebook Calibra and University College London , United Kingdom .
4. ICTEAM, UCLouvain , Belgium .
Abstract
Abstract
Anonymous credentials are a solid foundation for privacy-preserving Single Sign-On (SSO). They enable unlinkable authentication across domains and allow users to prove their identity without revealing more than necessary. Unfortunately, anonymous credentials schemes remain difficult to use and complex to deploy. They require installation and use of complex software at the user side, suffer from poor performance, and do not support security features that are now common, such as two-factor authentication, secret recovery, or support for multiple devices. In contrast, Open ID Connect (OIDC), the de facto standard for SSO is widely deployed and used despite its lack of concern for users’ privacy. We present EL PASSO, a privacy-preserving SSO system based on anonymous credentials that does not trade security for usability, and can be incrementally deployed at scale alongside Open ID Connect with no significant changes to end-user operations. EL PASSO client-side operations leverage a WebAssembly module that can be downloaded on the fly and cached by users’ browsers, requiring no prior software installation or specific hardware. We develop automated procedures for managing cryptographic material, supporting multi-device support, secret recovery, and privacy-preserving two-factor authentication using only the built-in features of common Web browsers. Our implementation using PS Signatures achieves 39x to 180x lower computational cost than previous anonymous credentials schemes, similar or lower sign-on latency than Open ID Connect and is amenable for use on mobile devices.
Reference78 articles.
1. [1] Blake Ives, Kenneth R Walsh, and Helmut Schneider. The domino effect of password reuse. Communications of the ACM, 47(4), 2004.10.1145/975817.975820
2. [2] Jason Goode. The importance of identity security. Computer Fraud & Security, 2012(1), 2012.10.1016/S1361-3723(12)70006-4
3. [3] Aleksandr Ometov, Sergey Bezzateev, Niko Mäkitalo, Sergey Andreev, Tommi Mikkonen, and Yevgeni Koucheryavy. Multi-factor authentication: A survey. Cryptography, 2(1):1, 2018.
4. [4] SimilarTech.com. Market share & web usage statistics: OpenID, 2020. Accessed: 2020-05-23.
5. [5] Stefan Brands. The problem(s) with OpenID, 2007. Accessed: 2020-05-23.
Cited by
8 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献