Making OpenID mobile and privacy-friendly


Published on

OpenID is a widely used single sign-on standard that allows users to access different services using the same authentication. However, its usage poses a number of issues regarding privacy and security.
This paper evaluates the OpenID standard and introduces three mobile strategies, two of which are validated using a prototype implementation. Significant privacy and trust improvements are attained through the use of an identity management architecture that leverages the properties of a tamperproof module. Furthermore, our approach makes OpenID more suitable for omnipresent mobile use. We remain interoperable with the OpenID standard and no modifications to the mobile platform are required.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Making OpenID mobile and privacy-friendly

  1. 1. Making OpenID mobile and privacy-friendly ECUMICT Ghent, March 27th 2014 Faysal Boukayoua MSEC, KU Leuven
  2. 2. Overview • Introduction • OpenID o What is it? o How does it work? • MSEC’s IdM architecture • OpenID shortcomings • Approach • Implementation • Evaluation
  3. 3. The advent of today’s Web • A myriad of services • Countless logins • Unreliable user information I’m a banana
  4. 4. The emergence of Web single sign-on • OpenID • SAML-based setups o Shibboleth o Belgian eGov Login • Proprietary infrastructures o Google o Facebook o Twitter Identity provider Service providers User
  5. 5. OpenID: what is it? • Single sign-on standard • Origins: blogosphere, 2005 • 2007: version 2.0 • 2009: > 1 billion OpenID-enabled accounts • Many identity providers: Google, Yahoo, Paypal, AOL, Wordpress,…
  6. 6. OpenID: how does it work? User User’s browser Identity provider (IdP) Service provider 1. Request resource 5. Prompt for authentication 6. Authenticate 4. Redirect to IdP 7. Assert attributes and redirect 8. Return resource 2. Prompt for IdP URI 3. Provide IdP URI IdP discovery step
  7. 7. MSEC’s IdM architecture • Tamper-resistant module is mediator between o identity providers o service providers • Access to attributes controlled by o external authorities: certificates o user: personalized policies on the card SPi IdPX
  8. 8. OpenID shortcomings: trust Before OpenID With OpenID Hi, I’m a banana. Trust me, this is a banana Identity provider Okay. Come on in. Service provider Service provider User I’m a banana. Pass it on. User Okay Okay. Come on in.
  9. 9. OpenID vs. IdM architecture OpenID IdM architecture Interoperability Must modify workstation? Typically not Yes Based on a standard? Yes No Security Credentials Passwords: weak ECDH: strong Prone to theft by malware Protected by tamper- resistant card Prone to phishing by SP • Feedback about URI • Certificate checks Communication security Data authentication not required (MITM attacks) Secure, authenticated channels Identity provider Centralised: high-value attack target Decentralised Transaction monitoring, linking, profiling Mediation by card Privacy Can impersonate user Mediation by card Anonimity level towards service provider Global user ID (URI) • Identifiabile • Pseudonymous • (Accountably) anonymous Selective attribute disclosure? Typically not Yes User consent? Typically not Yes
  10. 10. Approach: current trends and opportunities More mobility & more computers Smartphones omnipresent Mobile Internet adoption
  11. 11. Approach: a mobile identity provider IdPX IdPY IdPZ User Mobile identity provider OpenID service provider
  12. 12. 7. Retrieve attributes from secure element Approach: protocol flow User User’s browser Service provider 1. Request resource 4. Redirect to IdP 7. Assert attributes and redirect 8. Return resource 2. Prompt for IdP URI 3. Provide IdP URI Mobile IdP 5. Show feedback and ask for consent 6. Give consent and enter PIN
  13. 13. Implementation Mobile device • Acer Liquid Glow E330 • Android 4.0.4 • I-Jetty webserver • Secure element middleware Secure element • Giesecke & Devrient Mobile Security Card 1.0 • Java Card 2.2.2 • MSEC’s IdM architecture Service provider
  14. 14. Evaluation • Better privacy • Better security • Better interoperability • Mobile IdP is personal server… o Network anonymity important! o Tor • Hidden service (*.onion pseudo top-level domain) • Tor2web proxy to get a non-Tor URI
  15. 15. Q&A