2021
DOI: 10.48550/arxiv.2110.10396
|View full text |Cite
Preprint
|
Sign up to set email alerts
|

UPPRESSO: Untraceable and Unlinkable Privacy-PREserving Single Sign-On Services

Abstract: Single sign-on (SSO) allows a user to maintain only the credential at the identity provider (IdP), instead of one credential for each relying party (RP), to login to numerous RPs. However, SSO introduces extra privacy leakage threats, compared with traditional authentication mechanisms, as (a) the IdP could track all the RPs which a user is visiting, and (b) collusive RPs could learn a user's online profile by linking his identities across these RPs. Several privacy-preserving SSO solutions have been proposed … Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
1
1

Citation Types

0
4
0

Year Published

2024
2024
2024
2024

Publication Types

Select...
1
1

Relationship

0
2

Authors

Journals

citations
Cited by 2 publications
(4 citation statements)
references
References 34 publications
0
4
0
Order By: Relevance
“…The IdP, in traditional SSO systems, has the ability to track all the Service Providers (SPs) a user visits, potentially compromising user privacy [11]. Additionally, collusive SPs could exploit the centralized nature of SSO to create a comprehensive profile of a user's online activities by linking their identities across different platforms [12]. Furthermore, the lack of user control in traditional SSO systems can lead to privacy vulnerabilities.…”
Section: Privacy Concerns In Traditional Sso Systemsmentioning
confidence: 99%
See 2 more Smart Citations
“…The IdP, in traditional SSO systems, has the ability to track all the Service Providers (SPs) a user visits, potentially compromising user privacy [11]. Additionally, collusive SPs could exploit the centralized nature of SSO to create a comprehensive profile of a user's online activities by linking their identities across different platforms [12]. Furthermore, the lack of user control in traditional SSO systems can lead to privacy vulnerabilities.…”
Section: Privacy Concerns In Traditional Sso Systemsmentioning
confidence: 99%
“…One common strategy in privacy-preserving SSO systems is the utilization of anonymous credentials to authenticate users without disclosing unnecessary personal information to the Identity Provider (IdP) [15]. This approach allows users to access services across various platforms without jeopardizing their privacy.…”
Section: Existing Privacy-preserving Sso Systemsmentioning
confidence: 99%
See 1 more Smart Citation
“…However, neither prevents colluding relying parties from linking a user's accounts across relying parties. EL PASSO [90], UnlimitID [53], UPRESSO [50], PseudoID [29] and Hammann et al [51] show how to build single sign-on services that protect clients from curious identity providers while ensuring that relying parties cannot link users' accounts.…”
Section: Related Workmentioning
confidence: 99%