UPPRESSO: Untraceable and Unlinkable Privacy-PREserving Single Sign-On Services
Chengqian Guo, Jingqiang Lin, Quanwei Cai, Wei Wang, Wentian Zhu, Jiwu Jing, Qiongxiao Wang, Bin Zhao, Fengjun Li
TL;DR
UPPRESSO addresses privacy in SSO by preventing both IdP-based login tracing and RP-based identity linkage through an identity-transformation framework. It introduces ephemeral RP and user pseudo-identities, $PID_{RP}$ and $PID_U$, and a per-RP permanent account $Acct$, derived via $PID_U = [ID_U]\,PID_{RP}$ and $Acct = [t^{-1}]\,PID_U$, with $PID_{RP}=[t]\,ID_{RP}$ and $ID_{RP}=[r]G$. The protocol is integrated into OpenID Connect through browser-based scripts, preserving usability on commodity browsers while offering provable security against the defined adversaries under standard cryptographic assumptions like the hardness of the ECDLP and ECDDH. A full prototype on MITREid Connect demonstrates practical overheads, with average login times around 174 ms in a cloud setting and 421 ms remotely, indicating feasibility for real-world deployment. Overall, UPPRESSO provides a concrete path to privacy-preserving SSO that maintains compatibility with existing infrastructure and user workflows while delivering stronger privacy guarantees than prior approaches.
Abstract
Single sign-on (SSO) allows a user to maintain only the credential for an identity provider (IdP) to log into multiple relying parties (RPs). However, SSO introduces privacy threats, as (a) a curious IdP could track a user's all visits to RPs, and (b) colluding RPs could learn a user's online profile by linking her identities across these RPs. This paper presents a privacypreserving SSO scheme, called UPPRESSO, to protect an honest user's online profile against (a) an honest-but-curious IdP and (b) malicious RPs colluding with other users. UPPRESSO proposes an identity-transformation approach to generate untraceable ephemeral pseudo-identities for an RP and a user from which the target RP derives a permanent account for the user, while the transformations also provide unlinkability. This approach protects the identities of the user and the target RPs in a login flow, while working compatibly with widely-deployed SSO protocols and providing services accessed from a commercial-off-the-shelf browser without plug-ins or extensions. We built a prototype of UPPRESSO on top of MITREid Connect, an open-source SSO system. The extensive evaluations show that it fulfills the security and privacy requirements of SSO with reasonable overheads.