Paper Info
Title
Ticket Transparency: Accountable Single Sign-On With Privacy-Preserving Public Logs
Abstract
Single sign-on (SSO) is becoming more and more popular in the Internet. An SSO ticket issued by the identity provider (IdP) allows an entity to sign onto a relying party (RP) on behalf of the account enclosed in the ticket. To ensure its authenticity, an SSO ticket is digitally signed by the IdP and verified by the RP. However, recent security incidents indicate that a signing system (e.g., certification authority) might be compromised to sign fraudulent messages, even when it is well protected in accredited commercial systems. Compared with certification authorities, the online signing components of IdPs are even more exposed to adversaries and thus more vulnerable to such threats in practice. This paper proposes ticket transparency to provide accountable SSO services with privacy-preserving public logs against potentially fraudulent tickets issued by a compromised IdP. With this scheme, an IdP-signed ticket is accepted by the RP only if it is recorded in the public logs. It enables a user to check all his tickets in the public logs and detect any fraudulent ticket issued without his participation or authorization. We integrate blind signatures, identity-based encryption and Bloom filters in the design, to balance transparency, privacy and efficiency in these security-enhanced SSO services. To the best of our knowledge, this is the first attempt to solve the security problems caused by potentially intruded or compromised IdPs in the SSO services.
Year
DOI
Venue
2019
10.1007/978-3-030-37228-6_25
SECURITY AND PRIVACY IN COMMUNICATION NETWORKS, SECURECOMM, PT I
Keywords
DocType
Volume
Accountability, Privacy, Single sign-on, Transparency, Trust
Conference
304
ISSN
Citations 
PageRank 
1867-8211
0
0.34
References 
Authors
0
6
Name
Order
Citations
PageRank
Dawei Chu100.68
Jingqiang Lin216639.01
Fengjun Li323323.55
Xiaokun Zhang400.34
Qiongxiao Wang563.59
Guangqi Liu600.34