Attribute-based Single Sign-On. Secure, Private, and Efficient.
Abstract
A Single Sign-On (SSO) system allow users to access different remote services while authenticating only once. SSO can greatly improve the usability and the security of our online activities by dispensing with the need to securely remember or store tens or even hundreds of authentication secrets. On the downside, today's SSO providers can track users' online behavior, and collect personal data that service providers want to see asserted before letting a user access their resources. In this work, we propose a new policy-based Single Sign-On service, i.e., a system that produces access tokens that are conditioned on the user's attributes fulfilling a specified policy. Our solution is based on multi-party computation and threshold cryptography and produces access tokens of standardized format. The central idea is to distribute the role of the SSO provider among several companies, in order to shield user attributes and access patterns from each individual company. We provide a formal security model and analysis in the Universal Composability framework, against proactive adversaries. Our implementation and benchmarking show the practicality of our system for many real-world use cases.