Privacy-preserving Web single sign-on: Formal security analysis and design
نویسندگان
چکیده
Abstract Single sign-on (SSO) systems, such as OpenID and OAuth, allow Web sites to delegate user authentication third parties, Facebook or Google. These systems provide a convenient mechanism for users log in ease the burden of sites. Conversely, by integrating SSO they become crucial part security modern Web. So far, it has been hard prove if standards protocols actually meet their goals. particular, need satisfy strong privacy properties. In this thesis, we develop new systematic approach rigorously formally analyze verify properties with Infrastructure Model (WIM), most comprehensive model infrastructure date. Our analyses reveal severe vulnerabilities that lead critical attacks against privacy. We propose fixes our proposals are sufficient establish security. analyses, however, also show even Mozilla’s proposal privacy-preserving system does not its unique goal. To fill gap, use novel system, SPRESSO, indeed enjoys
منابع مشابه
Design and Analysis of Privacy-Preserving Protocols
More and more of our daily activities are using the Internet to provide an easy way to get access to instant information. The equipment enabling these interactions is also storing information such as: access time, where you are, and what you plan to do. The ability to store this information is very convenient but is also the source of a major concern: once data are stored, it must be protected....
متن کاملPrivacy-preserving Average Consensus: Privacy Analysis and Optimal Algorithm Design
The goal of the privacy-preserving average consensus (PPAC) is to guarantee the privacy of initial states and asymptotic consensus on the exact average of the initial value. This goal is achieved by an existing PPAC algorithm by adding and subtracting variance decaying and zero-sum random noises to the consensus process. However, there is lack of theoretical analysis to quantify the degree of t...
متن کاملPrivacy-Preserving Targeted Mobile Advertising: Formal Models and Analysis
Targeted Mobile Advertising (TMA) has emerged as a significant driver of the Internet economy. TMA gives rise to interesting challenges: there is a need to balance privacy and utility; there is a need to guarantee that applications’ access to resources is appropriate; and there is a need to ensure that the targeting of ads is effective. As many authors have argued, formal models are ideal vehic...
متن کاملFormal analysis of Facebook Connect Single Sign-On authentication protocol
We present a formal analysis of the authentication protocol of Facebook Connect, the Single Sign-On service offered by the Facebook Platform which allows Facebook users to login to affiliated sites. Formal specification and verification have been carried out using the specification language HLPSL and AVISPA, a state-of-the-art verification tool for security protocols. AVISPA has revealed two se...
متن کاملPrivacy-preserving Transactions on the Web
There is a rapid growth in the number of applications using sensitive and personal information on the World Wide Web. This growth creates an urgent need to maintain the anonymity of the participants in many web transactions and to preserve the privacy of their sensitive data during data dissemination over the web. First, maintaining the anonymity of users on the World Wide Web is essential for ...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
ژورنال
عنوان ژورنال: IT
سال: 2022
ISSN: ['2196-7032', '1611-2776']
DOI: https://doi.org/10.1515/itit-2022-0003