Sciweavers

CCS
2015
ACM

SPRESSO: A Secure, Privacy-Respecting Single Sign-On System for the Web

8 years 7 months ago
SPRESSO: A Secure, Privacy-Respecting Single Sign-On System for the Web
Single sign-on (SSO) systems, such as OpenID and OAuth, allow web sites, so-called relying parties (RPs), to delegate user authentication to identity providers (IdPs), such as Facebook or Google. These systems are very popular, as they provide a convenient means for users to log in at RPs and move much of the burden of user authentication from RPs to IdPs. There is, however, a downside to current systems, as they do not respect users’ privacy: IdPs learn at which RP a user logs in. With one exception, namely Mozilla’s BrowserID system (a.k.a. Mozilla Persona), current SSO systems were not even designed with user privacy in mind. Unfortunately, recently discovered attacks, which exploit design flaws of BrowserID, show that BrowserID does not provide user privacy either. In this paper, we therefore propose the first privacy-respecting SSO system for the web, called SPRESSO (for Secure PrivacyREspecting Single Sign-On). The system is easy to use, decentralized, and platform indepen...
Daniel Fett, Ralf Küsters, Guido Schmitz
Added 17 Apr 2016
Updated 17 Apr 2016
Type Journal
Year 2015
Where CCS
Authors Daniel Fett, Ralf Küsters, Guido Schmitz
Comments (0)