Single sign-on (SSO) allows a user to maintain only the credential at the identity provider (IdP), instead of one credential for each relying party (RP), to login to numerous RPs. However, SSO introduces extra privacy leakage threats, compared with traditional authentication mechanisms, as (a) the IdP could track all the RPs which a user is visiting, and (b) collusive RPs could learn a user's online profile by linking his identities across these RPs. Several privacy-preserving SSO solutions have been proposed to defend against either the curious IdP or collusive RPs, but none of them addresses both of these privacy leakage threats at the same time.In this paper, we propose a privacy-preserving SSO system, called UPPRESSO, to protect a user's login traces against both the curious IdP and collusive RPs simultaneously. We analyze the identity dilemma between the SSO security requirements and these privacy concerns, and convert the SSO privacy problems into an identity-transformation challenge. In each login instance of UPPRESSO, an ephemeral pseudo-identity (denoted as PID RP ) of the RP which the user is attempting to visit, is firstly negotiated between the RP and the user. Then, PID RP is sent to the IdP and designated in the identity token, so that the IdP is not aware of the visited RP. Meanwhile, PID RP is used by the IdP to transform the permanent user identity ID U into an ephemeral user pseudo-identity (denoted as PID U ) in the identity token. On receiving the identity token, the RP transforms PID U into a permanent account (denoted as Acct) of the user, by a trapdoor in the negotiation. Given a user, the account at each RP is unique and different from ID U , so collusive RPs cannot link his identities across multiple RPs. To the best of our knowledge, this is the first practical SSO solution which solves the privacy problems caused by both the curious IdP and collusive RPs.We build the UPPRESSO prototype system for web applications, with standard functions of OpenID Connect (OIDC): the function of RP Dynamic Registration is used to support ephemeral PID RP , while the function of Core Sign-On is slightly modified to calculate PID U and Acct. The prototype system is implemented on top of open-source MITREid Con-nect, and the extensive evaluation shows that UPPRESSO introduces reasonable overheads and fulfills the requirements of both security and privacy.
Landslides that occur in the littoral zone of a reservoir can directly damage the hydraulic structures and threaten the lives and property around the reservoir. Due to the spatial variability and heterogeneities of rock mass, a limited amount of data obtained from laboratory and in situ tests cannot comprehensively characterize the mechanical properties of rock and soil masses. Therefore, displacement back analysis is often performed to determine the mechanical parameters of rock and soil masses. The spaceborne Interferometric synthetic aperture radar (InSAR) has proved to be a powerful tool for geodesy in the measurement of landslide movement. However, InSAR can only measure the surface motion of the landslide without the subsurface information. This study uses multi-source monitoring data in the landslide displacement back analysis, including surface InSAR and an internal borehole inclinometer. The identified material parameters and finite element simulation are used to predict the landslide deformation. The case study of the Cheyiping landslide located in the Lancang River basin demonstrates the necessity and feasibility of using multi-source monitoring data in landslide displacement back analysis. The Cheyiping landslide is currently in the creep deformation stage. The decrease in shear strength of rock masses due to the rheological deformation and the change in reservoir water level are the internal and external factors leading to excessive landslide deformation. The numerical modeling can accurately simulate the landslide movement using the identified material parameters. By combing multi-source monitoring data and numerical modeling, the reservoir landslide deformation analysis can help evaluate the landslide deformation state and stability, which is vital for reservoir risk mitigation and the sustainable development of hydropower resources.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
customersupport@researchsolutions.com
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.