Abstract
Single sign-on (SSO) is becoming more and more popular in the Internet. An SSO ticket issued by the identity provider (IdP) allows an entity to sign onto a relying party (RP) on behalf of the account enclosed in the ticket. To ensure its authenticity, an SSO ticket is digitally signed by the IdP and verified by the RP. However, recent security incidents indicate that a signing system (e.g., certification authority) might be compromised to sign fraudulent messages, even when it is well protected in accredited commercial systems. Compared with certification authorities, the online signing components of IdPs are even more exposed to adversaries and thus more vulnerable to such threats in practice. This paper proposes ticket transparency to provide accountable SSO services with privacy-preserving public logs against potentially fraudulent tickets issued by a compromised IdP. With this scheme, an IdP-signed ticket is accepted by the RP only if it is recorded in the public logs. It enables a user to check all his tickets in the public logs and detect any fraudulent ticket issued without his participation or authorization. We integrate blind signatures, identity-based encryption and Bloom filters in the design, to balance transparency, privacy and efficiency in these security-enhanced SSO services. To the best of our knowledge, this is the first attempt to solve the security problems caused by potentially intruded or compromised IdPs in the SSO services.
This work was partially supported by National Natural Science Foundation of China (Award 61772518), National Key RD Plan of China (Award 2017YFB0802100), NSF DGE-1565570, NSA SoS Initiative and the Ripple University Blockchain Research Initiative.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Acar, A., Aksu, H., Uluagac, S., Conti, M.: A survey on homomorphic encryption schemes: theory and implementation. ACM Comput. Surv. 51(4), 79:1–79:35 (2018)
Amann, J., Gasser, O., Scheitle, Q., Brent, L., Carle, G., Holz, R.: Mission accomplished? HTTPS security after DigiNotar. In: 17th Internet Measurement Conference (IMC), pp. 325–340 (2017)
Ateniese, G., et al.: Provable data possession at untrusted stores. In: 14th ACM Conference on Computer and Communication Security (CCS), pp. 598–610 (2007)
Barker, E., Barker, W., Burr, W., Polk, W., Smid, M.: SP 800-57 - Recommendation for key management - Part 1: General. Technical report, National Institute of Standards and Technology (2006)
Beekman, J., Manferdelli, J., Wagner, D.: Attestation transparency: building secure Internet services for legacy clients. In: 11th ACM on Asia Conference on Computer and Communications Security (AsiaCCS), pp. 687–698 (2016)
Bellare, M., Namprempre, C., Pointcheval, D., Semanko, M.: The one-more-RSA-inversion problems and the security of Chaum’s blind signature scheme. J. Cryptol. 16(3), 185–215 (2003)
Bloom, B.: Space/time trade-offs in hash coding with allowable errors. Commun. ACM 13(7), 422–426 (1970)
Boneh, D., Franklin, M.: Identity-based encryption from the weil pairing. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 213–229. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-44647-8_13
Bowers, K., Juels, A., Oprea, A.: Proofs of retrievability: theory and implementation. In: ACM Workshop on Cloud Computing Security (CCSW), pp. 43–54 (2009)
Chase, M., Meiklejohn, S.: Transparency overlays and applications. In: 13th ACM Conference on Computer and Communications Security (CCS), pp. 168–179 (2016)
Chaum, D.: Blind signatures for untraceable payments. In: Chaum, D., Rivest, R.L., Sherman, A.T. (eds.) Advances in Cryptology, pp. 199–203. Springer, Boston (1983). https://doi.org/10.1007/978-1-4757-0602-4_18
Chow, S.S.M.: Removing escrow from identity-based encryption. In: Jarecki, S., Tsudik, G. (eds.) PKC 2009. LNCS, vol. 5443, pp. 256–276. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-00468-1_15
Comodo Group Inc.: Comodo report of incident (2011). https://www.comodo.com/Comodo-Fraud-Incident-2011-03-23.html
Cooper, D., Santesson, S., Farrell, S., Boeyen, S., Housley, R., Polk, W.: IETF RFC 5280: Internet X.509 public key infrastructure certificate and certificate revocation list (CRL) profile (2008)
Desmedt, Y.: Society and group oriented cryptography: a new concept. In: Pomerance, C. (ed.) CRYPTO 1987. LNCS, vol. 293, pp. 120–127. Springer, Heidelberg (1988). https://doi.org/10.1007/3-540-48184-2_8
Dowling, B., Günther, F., Herath, U., Stebila, D.: Secure logging schemes and certificate transparency. In: Askoxylakis, I., Ioannidis, S., Katsikas, S., Meadows, C. (eds.) ESORICS 2016. LNCS, vol. 9879, pp. 140–158. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-45741-3_8
Eckersley, P.: A Syrian man-in-the-middle attack against Facebook (2011). https://www.eff.org/deeplinks/2011/05/syrian-man-middle-against-facebook
Elmufti, K., Weerasinghe, D., Rajarajan, M., Rakocevic, V.: Anonymous authentication for mobile single sign-on to protect user privacy. Int. J. Mob. Commun. 6(6), 760–769 (2008)
Erman, P., Kantarcioglu, M., Lin, Z., Ulusoy, H.: Preventing cryptographic key leakage in cloud virtual machines. In: 23rd USENIX Security Symposium (2014)
Eskandarian, S., Messeri, E., Bonneau, J., Boneh, D.: Certificate transparency with privacy. In: 17th International Symposium on Privacy Enhancing Technologies (PETS), pp. 329–344 (2017)
Gasser, O., Hof, B., Helm, M., Korczynski, M., Holz, R., Carle, G.: In log we trust: revealing poor security practices with certificate transparency logs and internet measurements. In: Beverly, R., Smaragdakis, G., Feldmann, A. (eds.) PAM 2018. LNCS, vol. 10771, pp. 173–185. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-76481-8_13
Gennaro, R., Gentry, C., Parno, B., Raykova, M.: Quadratic span programs and succinct NIZKs without PCPs. In: Johansson, T., Nguyen, P.Q. (eds.) EUROCRYPT 2013. LNCS, vol. 7881, pp. 626–645. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-38348-9_37
Ghasemisharif, M., Ramesh, A., Checkoway, S., Kanich, C., Polakis, J.: O single sign-off, where art thou? An empirical analysis of single sign-on account hijacking and session management on the Web. In: 27th USENIX Security Symposium, pp. 1475–1492 (2018)
GlobalSign: Security incident report (2011). https://www.globalsign.com/resources/globalsign-security-incident-report.pdf
Google Inc.: Known logs (2018). http://www.certificate-transparency.org/known-logs
Goyal, V.: Reducing trust in the PKG in identity based cryptosystems. In: Menezes, A. (ed.) CRYPTO 2007. LNCS, vol. 4622, pp. 430–447. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-74143-5_24
Goyal, V., Lu, S., Sahai, A., Waters, B.: Black-box accountable authority identity-based encryption. In: 15th ACM Conference on Computer and Communications Security (CCS), pp. 427–436 (2008)
Gudgin, M., et al.: W3C Recommendation - SOAP Version 1.2 Part 1: Messaging Framework, 2nd edn. (2007)
Gustafsson, J., Overier, G., Arlitt, M., Carlsson, N.: A first look at the CT landscape: certificate transparency logs in practice. In: Kaafar, M.A., Uhlig, S., Amann, J. (eds.) PAM 2017. LNCS, vol. 10176, pp. 87–99. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-54328-4_7
Han, J., Chen, L., Schneider, S., Treharne, H., Wesemeyer, S.: Anonymous single-sign-on for n designated services with traceability. In: Lopez, J., Zhou, J., Soriano, M. (eds.) ESORICS 2018. LNCS, vol. 11098, pp. 470–490. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-99073-6_23
Han, J., Mu, Y., Susilo, W., Yan, J.: Anonymous single-sign-on for \(n\) designated services with traceability. In: 6th International Conference on Security and Privacy in Communication Networks (SecureComm), pp. 181–198 (2010)
Houlihan, R., Du, X., Tan, C.-C., Wu, J., Guizani, M.: Auditing cloud service level agreement on VM CPU speed. In: IEEE International Conference on Communications (ICC), pp. 799–803 (2014)
Jing, J., Liu, P., Feng, D., Xiang, J., Gao, N., Lin, J.: ARECA: a highly attack resilient certification authority. In: 1st ACM Workshop on Survivable and Self-Regenerative Systems (SSRS), pp. 53–63 (2003)
Kate, A., Goldberg, I.: Distributed private-key generators for identity-based cryptography. In: Garay, J.A., De Prisco, R. (eds.) SCN 2010. LNCS, vol. 6280, pp. 436–453. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-15317-4_27
Kubilay, M.Y., Kiraz, M.S., Mantar, H.A.: CertLedger: a new PKI model with certificate transparency based on blockchain. Comput. Secur. 85, 333–352 (2019)
Langley, A.: Further improving digital certificate security (2013). https://security.googleblog.com/2013/12/further-improving-digital-certificate.html
Laurie, B., Kasper, E.: Revocation transparency (2012). http://sump2.links.org/files/RevocationTransparency.pdf
Laurie, B., Langley, A., Kasper, E.: IETF RFC 6962 - certificate transparency (2014)
Lee, T.-F.: Provably secure anonymous single-sign-on authentication mechanisms using extended Chebyshev Chaotic Maps for distributed computer networks. IEEE Syst. J. 12(2), 1499–1505 (2018)
Li, W., Mitchell, C.J.: Analysing the security of Google’s implementation of OpenID connect. In: Caballero, J., Zurutuza, U., RodrÃguez, R.J. (eds.) DIMVA 2016. LNCS, vol. 9721, pp. 357–376. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-40667-1_18
Liu, Q., Wang, G., Wu, J.: Consistency as a service: auditing cloud consistency. IEEE Trans. Netw. Serv. Manag. 11(1), 25–35 (2014)
Lynn, B.: Stanford IBE library v0.7.2. https://github.com/SEI-TTG/id-based-encryption
Mainka, C., Mladenov, V., Schwenk, J.: Do not trust me: using malicious IdPs for analyzing and attacking single sign-on. In: 1st IEEE European Symposium on Security and Privacy (Euro S&P), pp. 321–336 (2016)
Matsumoto, S., Steffen, S., Perrig, A.: CASTLE: CA signing in a touch-less environment. In: 32nd Annual Computer Security Applications Conference (ACSAC), pp. 546–557 (2016)
Melara, M., Blankstein, A., Bonneau, J., Felten, E., Freedman, M.: CONIKS: bringing key transparency to end users. In: 24th USENIX Security Symposium, pp. 383–398 (2015)
Microsoft: MS01-017: Erroneous VeriSign-issued digital certificates pose spoofing hazard (2001). https://technet.microsoft.com/library/security/ms01-017
Morton, B.: Public announcements concerning the security advisory (2013). https://www.entrust.com/turktrust-unauthorized-ca-certificates
Morton, B.: More Google fraudulent certificates (2014). https://www.entrust.com/google-fraudulent-certificates/
Mozilla: Binary transparency (2017). https://wiki.mozilla.org/Security/Binary_Transparency
Nadalin, A., Kaler, C., Monzillo, R., Hallam-Baker, P.: OASIS standard - Web services security: SOAP message security 1.1 (2006)
Nykvist, C., Sjöström, L., Gustafsson, J., Carlsson, N.: Server-side adoption of certificate transparency. In: Beverly, R., Smaragdakis, G., Feldmann, A. (eds.) PAM 2018. LNCS, vol. 10771, pp. 186–199. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-76481-8_14
Peeters, R., Pulls, T.: Insynd: improved privacy-preserving transparency logging. In: Askoxylakis, I., Ioannidis, S., Katsikas, S., Meadows, C. (eds.) ESORICS 2016. LNCS, vol. 9879, pp. 121–139. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-45741-3_7
Reiner, S.: Golden SAML: Newly discovered attack technique forges authentication to cloud apps
RSA Laboratories: PKCS #1 v2.2: RSA cryptography standard. Technical report, EMC Corporation (2012)
Ryan, M.: Enhanced certificate transparency and end-to-end encrypted mail. In: 21st ISOC Network and Distributed System Security Symposium (NDSS) (2014)
Sakimura, N., Bradley, J., Jones, M., de Medeiros, B., Chuck, M.: OpenID Connect Core 1.0 (2014). http://openid.net/specs/openid-connect-core-1_0.html
Shoup, V.: Practical threshold signatures. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 207–220. Springer, Heidelberg (2000). https://doi.org/10.1007/3-540-45539-6_15
Singh, A., Sengupta, B., Ruj, S.: Certificate transparency with enhancements and short proofs. In: Pieprzyk, J., Suriadi, S. (eds.) ACISP 2017. LNCS, vol. 10343, pp. 381–389. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-59870-3_22
Soghoian, C., Stamm, S.: Certified lies: detecting and defeating government interception attacks against SSL (short paper). In: Danezis, G. (ed.) FC 2011. LNCS, vol. 7035, pp. 250–259. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-27576-0_20
Somorovsky, J., Mayer, A., Schwenk, J., Kampmann, M., Jensen, M.: On breaking SAML: be whoever you want to be. In: 21st USENIX Security Symposium, pp. 397–412 (2012)
SSL Shopper: SSL certificate for mozilla.com issued without validation (2008). https://www.sslshopper.com/article-ssl-certificate-for-mozilla.com-issued-without-validation.html
Start Commercial (StartCom) Limited: Critical event report (2008). https://blog.startcom.org/wp-content/uploads/2009/01/ciritical-event-report-12-20-2008.pdf
Sun, S.-T., Beznosov, K.: The devil is in the (implementation) details: an empirical analysis of OAuth SSO systems. In: 19th ACM Conference on Computer and Communications Security (CCS), pp. 378–390 (2012)
VASCO Data Security International Inc.: DigiNotar reports security incident (2011). https://www.vasco.com/about-vasco/press/2011/news_diginotar_reports_security_incident.html
Walton, J.: Crypto++ library 7.0. https://cryptopp.com/
Wang, C., Chow, S., Wang, Q., Ren, K., Lou, W.: Privacy-preserving public auditing for secure cloud storage. IEEE Trans. Comput. 62(2), 362–375 (2013)
Wang, C., Wang, Q., Ren, K., Lou, W.: Privacy-preserving public auditing for data storage security in cloud computing. In: INFOCOM, pp. 525–533 (2010)
Wang, H., Zhang, Y., Li, J., Gu, D.: The achilles heel of OAuth: a multi-platform study of OAuth-based authentication. In: 32nd Annual Computer Security Applications Conference (ACSAC), pp. 167–176 (2016)
Wang, H., et al.: Vulnerability assessment of OAuth implementations in Android applications. In: 31st Annual Computer Security Applications Conference (ACSAC), pp. 61–70 (2015)
Wang, J., Wang, G., Susilo, W.: Anonymous single sign-on schemes transformed from group signatures. In: 5th International Conference on Intelligent Networking and Collaborative Systems (INCoS), pp. 560–567 (2013)
Wang, R., Chen, S., Wang, X.: Signing me onto your accounts through Facebook and Google: a traffic-guided security study of commercially deployed single-sign-on web services. In: 33rd IEEE Symposium on Security and Privacy (S&P), pp. 365–379 (2012)
Wang, R., Zhou, Y., Chen, S., Qadeer, S., Evans, D., Gurevich, Y.: Explicating SDKs: uncovering assumptions underlying secure authentication and authorization. In: 22nd USENIX Security Symposium, pp. 399–414 (2013)
Wilson, K.: Distrusting new CNNIC certificates (2015). https://blog.mozilla.org/security/2015/04/02/distrusting-new-cnnic-certificates/
Zhou, Y., Evans, D.: SSOScan: automated testing of web applications for single sign-on vulnerabilities. In: 23rd USENIX Security Symposium, pp. 495–510 (2014)
Zusman, M.: Criminal charges are not pursued: Hacking PKI (2009). https://www.defcon.org/images/defcon-17/dc-17-presentations/defcon-17-zusman-hacking_pki.pdf
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Chu, D., Lin, J., Li, F., Zhang, X., Wang, Q., Liu, G. (2019). Ticket Transparency: Accountable Single Sign-On with Privacy-Preserving Public Logs. In: Chen, S., Choo, KK., Fu, X., Lou, W., Mohaisen, A. (eds) Security and Privacy in Communication Networks. SecureComm 2019. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 304. Springer, Cham. https://doi.org/10.1007/978-3-030-37228-6_25
Download citation
DOI: https://doi.org/10.1007/978-3-030-37228-6_25
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-37227-9
Online ISBN: 978-3-030-37228-6
eBook Packages: Computer ScienceComputer Science (R0)