Daniel Fett
Guido Schmitz
ABSTRACT
Single sign-on (SSO) systems, such as OpenID and OAuth, allow web sites, so-called relying parties (RPs), to delegate user authentication to identity providers (IdPs), such as Facebook or Google. These systems are very popular, as they provide a convenient means for users to log in at RPs and move much of the burden of user authentication from RPs to IdPs. There is, however, a downside to current systems, as they do not respect users' privacy: IdPs learn at which RP a user logs in. With one exception, namely Mozilla's BrowserID system (a.k.a. Mozilla Persona), current SSO systems were not even designed with user privacy in mind. Unfortunately, recently discovered attacks, which exploit design flaws of BrowserID, show that BrowserID does not provide user privacy either.
In this paper, we therefore propose the first privacy-respecting SSO system for the web, called SPRESSO (for Secure Privacy-REspecting Single Sign-On). The system is easy to use, decentralized, and platform independent. It is based solely on standard HTML5 and web features and uses no browser extensions, plug-ins, or other executables.
Existing SSO systems and the numerous attacks on such systems illustrate that the design of secure SSO systems is highly non-trivial. We therefore also carry out a formal analysis of SPRESSO based on an expressive model of the web in order to formally prove that SPRESSO enjoys strong authentication and privacy properties.
- M. Abadi and C. Fournet. Mobile Values, New Names, and Secure Communication. In POPL 2001, pages 104--115. ACM Press, 2001. Google Scholar
Digital Library
- D. Akhawe, A. Barth, P. E. Lam, J. Mitchell, and D. Song. Towards a Formal Foundation of Web Security. In CSF 2010, pages 290--304. IEEE Computer Society, 2010. Google ScholarDigital Library
- A. Armando, R. Carbone, L. Compagna, J. Cuéllar, and M. L. Tobarra. Formal Analysis of SAML 2.0 Web Browser Single Sign-on: Breaking the SAML-based Single Sign-on for Google Apps. In FMSE 2008, pages 1--10. ACM, 2008. Google ScholarDigital Library
- G. Bai, J. Lei, G. Meng, S. S. Venkatraman, P. Saxena, J. Sun, Y. Liu, and J. S. Dong. AUTHSCAN: Automatic Extraction of Web Authentication Protocols from Implementations. In NDSS'13. The Internet Society, 2013.Google Scholar
- C. Bansal, K. Bhargavan, A. Delignat-Lavaud, and S. Maffeis. Keys to the Cloud: Formal Analysis and Concrete Attacks on Encrypted Web Storage. In POST 2013, volume 7796 of LNCS, pages 126--146. Springer, 2013. Google ScholarDigital Library
- C. Bansal, K. Bhargavan, and S. Maffeis. Discovering Concrete Attacks on Website Authorization by Formal Analysis. In CSF 2012, pages 247--262. IEEE Computer Society, 2012. Google ScholarDigital Library
- B. Blanchet. An Efficient Cryptographic Protocol Verifier Based on Prolog Rules. In CSFW-14, pages 82--96. IEEE Computer Society, 2001. Google ScholarDigital Library
- S. Chari, C. S. Jutla, and A. Roy. Universally Composable Security Analysis of OAuth v2.0. IACR Cryptology ePrint Archive, 2011:526, 2011.Google Scholar
- V. Cheval, H. Comon-Lundh, and S. Delaune. Trace equivalence decision: negative tests and non-determinism. In CCS 2011, pages 321--330. ACM, 2011. Google ScholarDigital Library
- D. Fett, R. Küsters, and G. Schmitz. An Expressive Model for the Web Infrastructure: Definition and Application to the BrowserID SSO System. In S&P 2014, pages 673--688. IEEE Computer Society, 2014. Google ScholarDigital Library
- D. Fett, R. Küsters, and G. Schmitz. Analyzing the BrowserID SSO System with Primary Identity Providers Using an Expressive Model of the Web. In ESORICS 2015, LNCS. Springer, 2015. To appear. Full version available at http://arxiv.org/abs/1411.7210.Google ScholarDigital Library
- D. Fett, R. Küsters, and G. Schmitz. SPRESSO: A Secure, Privacy-Respecting Single Sign-On System for the Web. Technical Report arXiv:1508.01719, arXiv, 2015. Available at http://arxiv.org/abs/1508.01719.Google Scholar
- B. Fitzpatrick, D. Recordon, et al. OpenID Authentication 2.0. Dec. 5, 2007. http://openid.net/specs/openid-authentication-2_0.html.Google Scholar
- D. Hardt. RFC6749 - The OAuth 2.0 Authorization Framework. Oct. 2012. http://tools.ietf.org/html/rfc6749.Google Scholar
- D. Jackson. Alloy: A New Technology for Software Modelling. In TACAS 2002, volume 2280 of LNCS, page 20. Springer, 2002. Google ScholarDigital Library
- F. Kerschbaum. Simple Cross-Site Attack Prevention. In SecureComm 2007, pages 464--472. IEEE Computer Society, 2007.Google ScholarCross Ref
- A. Kumar. A Lightweight Formal Approach for Analyzing Security of Web Protocols. In RAID 2014, volume 8688 of LNCS, pages 192--211. Springer, 2014.Google Scholar
- Mozilla Identity Team. Persona. https://login.persona.org.Google Scholar
- T. Nitot. Persona: more privacy, better security while making developers and users happy! Beyond the Code Blog. Apr. 9, 2013. https://blog.mozilla.org/beyond-the-code/2013/04/09/persona-beta2/.Google Scholar
- J. Somorovsky, A. Mayer, J. Schwenk, M. Kampmann, and M. Jensen. On Breaking SAML: Be Whoever You Want to Be. In USENIX 2012, pages 397--412. USENIX Association, 2012. Google ScholarDigital Library
- P. Sovis, F. Kohlar, and J. Schwenk. Security Analysis of OpenID. In Sicherheit, volume 170 of LNI, pages 329--340. GI, 2010.Google Scholar
- SPRESSO Demo Site and Source Code, 2015. https://spresso.me.Google Scholar
- S.-T. Sun and K. Beznosov. The Devil is in the (Implementation) Details: An Empirical Analysis of OAuth SSO Systems. In CCS'12, pages 378--390. ACM, 2012. Google ScholarDigital Library
- S.-T. Sun, K. Hawkey, and K. Beznosov. Systematically Breaking and Fixing OpenID Security: Formal Analysis, Semi-Automated Empirical Evaluation, and Practical Countermeasures. Computers & Security, 31(4):465--483, 2012. Google ScholarDigital Library
- R. Wang, S. Chen, and X. Wang. Signing Me onto Your Accounts through Facebook and Google: A Traffic-Guided Security Study of Commercially Deployed Single-Sign-On Web Services. In S&P 2012, pages 365--379. IEEE Computer Society, 2012. Google ScholarDigital Library
- R. Wang, Y. Zhou, S. Chen, S. Qadeer, D. Evans, and Y. Gurevich. Explicating SDKs: Uncovering Assumptions Underlying Secure Authentication and Authorization. In USENIX 2013, pages 399--314. USENIX Association, 2013. Google ScholarDigital Library
- Y. Zhou and D. Evans. SSOScan: Automated Testing of Web Applications for Single Sign-On Vulnerabilities. In USENIX 2014, pages 495--510. USENIX Association, 2014. Google ScholarDigital Library
Index Terms
- SPRESSO: A Secure, Privacy-Respecting Single Sign-On System for the Web
Recommendations
Privacy-Preserving OpenID Connect
ASIA CCS '20: Proceedings of the 15th ACM Asia Conference on Computer and Communications SecurityOpenID Connect is the most widely used Internet protocol for delegated authentication today. It provides single sign-on functionality for users who use their account with an identity provider to authenticate to different services, called relying ...
A user-centric federated single sign-on system
Current identity management systems are not concerned with user privacy. Users must assume that identity providers and service providers will ensure their privacy, which is not always the case. This paper proposes an extension of the existing federated ...
Exploring the protection of private browsing in desktop browsers
Desktop browsers have introduced private browsing mode, a security control which aims to protect users' data that are generated during a private browsing session by not storing them in the filesystem. As the Internet becomes ubiquitous, the existence of ...
Comments