Back to Search Start Over

MISO: Legacy-compatible Privacy-preserving Single Sign-on using Trusted Execution Environments

Authors :
Xu, Rongwu
Yang, Sen
Zhang, Fan
Fang, Zhixuan
Source :
IEEE 8th European Symposium on Security and Privacy (EuroS&P), Delft, Netherlands, 2023 pp. 352-372
Publication Year :
2023

Abstract

Single sign-on (SSO) allows users to authenticate to third-party applications through a central identity provider. Despite their wide adoption, deployed SSO systems suffer from privacy problems such as user tracking by the identity provider. While numerous solutions have been proposed by academic papers, none were adopted because they require modifying identity providers, a significant adoption barrier in practice. Solutions do get deployed, however, fail to eliminate major privacy issues. Leveraging Trusted Execution Environments (TEEs), we propose MISO, the first privacy-preserving SSO system that is completely compatible with existing identity providers (such as Google and Facebook). This means MISO can be easily integrated into existing SSO ecosystem today and benefit end users. MISO also enables new functionality that standard SSO cannot offer: MISO allows users to leverage multiple identity providers in a single SSO workflow, potentially in a threshold fashion, to better protect user accounts. We fully implemented MISO based on Intel SGX. Our evaluation shows that MISO can handle high user concurrency with practical performance.<br />Comment: Accepted to IEEE European Symposium on Security and Privacy (Euro S&P 2023)

Details

Database :
arXiv
Journal :
IEEE 8th European Symposium on Security and Privacy (EuroS&P), Delft, Netherlands, 2023 pp. 352-372
Publication Type :
Report
Accession number :
edsarx.2305.06833
Document Type :
Working Paper
Full Text :
https://doi.org/10.1109/EuroSP57164.2023.00029