PESTO: Proactively Secure Distributed Single Sign-On, or How to Trust a Hacked Server

Carsten Baum, Tore Frederiksen, Julia Hesse, Anja Lehmann, Avishay Yanai

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

24 Scopus citations

Abstract

Single Sign-On (SSO) is becoming an increasingly popular authentication method for users that leverages a trusted Identity Provider (IdP) to bootstrap secure authentication tokens from a single user password. It alleviates some of the worst security issues of passwords, as users no longer need to memorize individual passwords for all service providers, and it removes the burden of these service to properly protect huge password databases. However, SSO also introduces a single point of failure. If compromised, the IdP can impersonate all users and learn their master passwords. To remedy this risk while preserving the advantages of SSO, Agrawal et al. (CCS'18) recently proposed a distributed realization termed PASTA (password-Authenticated threshold authentication) which splits the role of the IdP across n servers. While PASTA is a great step forward and guarantees security as long as not all servers are corrupted, it uses a rather inflexible corruption model: servers cannot be corrupted adaptively and-even worse-cannot recover from corruption. The latter is known as proactive security and allows servers to re-share their keys, thereby rendering all previously compromised information useless. In this work, we improve upon the work of PASTA and propose a distributed SSO protocol with proactive and adaptive security (PESTO), guaranteeing security as long as not all servers are compromised at the same time. We prove our scheme secure in the UC framework which is known to provide the best security guarantees for password-based primitives. The core of our protocol are two new primitives we introduce: partially-oblivious distributed PRFs and a class of distributed signature schemes. Both allow for non-interactive refreshing of the secret key material and tolerate adaptive corruptions. We give secure instantiations based on the gap one-more BDH and RSA assumption respectively, leading to a highly efficient 2-round PESTO protocol. We also present an implementation and benchmark of our scheme in Java, realizing OAuth-compatible bearer tokens for SSO, demonstrating the viability of our approach.

Original languageEnglish
Title of host publicationProceedings - 5th IEEE European Symposium on Security and Privacy, Euro S and P 2020
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages587-606
Number of pages20
ISBN (Electronic)9781728150871
DOIs
StatePublished - Sep 2020
Externally publishedYes
Event5th IEEE European Symposium on Security and Privacy, Euro S and P 2020 - Virtual, Genoa, Italy
Duration: 7 Sep 202011 Sep 2020

Publication series

NameProceedings - 5th IEEE European Symposium on Security and Privacy, Euro S and P 2020

Conference

Conference5th IEEE European Symposium on Security and Privacy, Euro S and P 2020
Country/TerritoryItaly
CityVirtual, Genoa
Period7/09/2011/09/20

Bibliographical note

Publisher Copyright:
© 2020 IEEE.

Funding

Acknowledgment. This work received funding from the EU Horizon 2020 research and innovation programme under grant agreement No 786725 OLYMPUS and the BIU Center for Research in Applied Cryptography and Cyber Security in conjunction with the Israel National Cyber Bureau in the Prime Minister’s Office. We thank Michael Bladt Stausholm for his prototype implementation and performance testing. Most of Anja’s work was done while she was at IBM Research – Zurich. Part of the work of Carsten, Avishay and Tore was done while the authors were at Bar-Ilan University.

FundersFunder number
Horizon 2020 Framework Programme786725

    Keywords

    • n/a

    Fingerprint

    Dive into the research topics of 'PESTO: Proactively Secure Distributed Single Sign-On, or How to Trust a Hacked Server'. Together they form a unique fingerprint.

    Cite this