论文信息 - UnlimitID: Privacy-Preserving Federated Identity Management using Algebraic MACs

UnlimitID: Privacy-Preserving Federated Identity Management using Algebraic MACs

UnlimitID is a method for enhancing the privacy of commodity OAuth and applications such as OpenID Connect, using anonymous attribute-based credentials based on algebraic Message Authentication Codes (aMACs). OAuth is one of the most widely used protocols on the Web, but it exposes each of the requests of a user for data by each relying party (RP) to the identity provider (IdP). Our approach allows for the creation of multiple persistent and unlinkable pseudo-identities and requires no change in the deployed code of relying parties, only in identity providers and the client.

[1] Ralf Küsters,et al. A Comprehensive Formal Security Analysis of OAuth 2.0 , 2016, CCS.

[2] Harry Halpin,et al. Federated Identity as Capabilities , 2012, APF.

[3] Dick Hardt,et al. The OAuth 2.0 Authorization Framework , 2012, RFC.

[4] Emilia Käsper. Fast Elliptic Curve Cryptography in OpenSSL , 2011, Financial Cryptography Workshops.

[5] Ralf Küsters,et al. SPRESSO: A Secure, Privacy-Respecting Single Sign-On System for the Web , 2015, CCS.

[6] Arkajit Dey,et al. PseudoID: Enhancing Privacy in Federated Login , 2010 .

[7] David Wolinsky,et al. Building Privacy-Preserving Cryptographic Credentials from Federated Online Identities , 2016, CODASPY.

[8] Melissa Chase,et al. Algebraic MACs and Keyed-Verification Anonymous Credentials , 2014, CCS.