Andreas Pashalidis

A taxonomy of single sign-on systems

At present, network users have to manage one set of authentication credentials (usually a username/password pair) for every service with which they are registered. Single Sign-On (SSO) has been proposed as a solution to the usability, security and management implications of this situation. Under SSO, users authenticate themselves only once and are logged into the services they subsequently use without further manual interaction. Several architectures for SSO have been developed, each with different properties and underlying infrastructures. This paper presents a taxonomy of these approaches and puts some of the SSO schemes, services and products into that context. This enables decisions about the design and selection of future approaches to SSO to be made within a more structured context; it also reveals some important differences in the security properties that can be provided by various approaches.

A new RFID privacy model

This paper critically examines some recently proposed RFID privacy models. It shows that some models suffer from weaknesses such as insufficient generality and unrealistic assumptions regarding the adversarys ability to corrupt tags. We propose a new RFID privacy model that is based on the notion of indistinguishability and that does not suffer from the identified drawbacks. We demonstrate the easy applicability of our model by applying it to multiple existing RFID protocols.

Single Sign-On using Trusted Platforms

At present, network users have to remember a username and a corresponding password for every service with which they are registered. One solution to the security and usability implications of this situation is Single Sign-On, whereby the user authenticates only once to an ‘Authentication Service Provider’ (ASP) and subsequently uses disparate Service Providers (SPs) without necessarily re-authenticating. The information about the user’s authentication status is handled between the ASP and the desired SP transparently to the user. This paper describes a method by which the end-user’s computing platform itself plays the role of the ASP. The platform has to be a Trusted Platform conforming to the Trusted Computing Platform Alliance (TCPA) specifications. The relevant TCPA architectural components and security services are described and associated threats are analysed.

Public Key Infrastructures, Services and Applications

Secret handshake (SH) schemes enable two members who belong to the same group to authenticate each other in a way that hides their affiliation to that group from all others. In previous works, the group authority (GA) has the ability to reveal the identity (ID) of a handshake player who belongs to his group. In this paper, we focus first on the classification of traceability of GA. We classify this feature as follows: (i) GA of G is able to reveal IDs of members belonging to G by using a transcript of a handshake protocol; (ii) GA of G is able to confirm whether handshake players belong to G or not by using a transcript of a handshake protocol. In some situations, only the latter capability is needed. So, we consider a SH that GA has only an ability to confirm whether a handshake player belongs to his own group without revealing his ID. Thus, we introduce a SH scheme with request-based-revealing (SHRBR). In SHRBR, GA can check whether handshake players belong to the own group without revealing a member ID. After a handshake player A executes a handshake protocol with B, if A wants to reveal a handshake partner (in this case B), A requests GA to reveal a handshake partner’s ID by bringing forth his own ID and secret information. We define the security requirements for SHRBR and propose a concrete SHRBR in the random oracle model.

Relations among privacy notions

This article presents a hierarchy of privacy notions that covers multiple anonymity and unlinkability variants. The underlying definitions, which are based on the idea of indistinguishability between two worlds, provide new insights into the relation between, and the fundamental structure of, different privacy notions. We furthermore place previous privacy definitions concerning group signature, anonymous communication, and secret voting systems in the context of our hierarchy; this renders these traditionally disconnected notions comparable.

Limits to anonymity when using credentials

This paper identifies certain privacy threats that apply to anonymous credential systems. The focus is on timing attacks that apply even if the system is cryptographically secure. The paper provides some simple heuristics that aim to mitigate the exposure to the threats and identifies directions for further research.

Relations Among Privacy Notions

This paper presents a hierarchy of privacy notions that covers multiple anonymity and unlinkability variants. The underlying definitions, which are based on the idea of indistinguishability between two worlds, provide new insights into the relation between, and the fundamental structure of, different privacy notions. We apply our definitions to group signatures and anonymous communication systems, and show how they relate to existing definitions.

Using EMV Cards for Single Sign-On

At present, network users have to manage a set of authentication credentials (usually a username/password pair) for every service with which they are registered. Single Sign-On (SSO) has been proposed as a solution to the usability, security and management implications of this situation. Under SSO, users authenticate themselves only once to an entity termed the ‘Authentication Service Provider’ (ASP) and are subsequently logged into disparate network Service Providers (SPs) without necessarily having to re-authenticate. The information about the user’s authentication status is handled between the ASP and the desired SP in a manner transparent to the user. In this paper we propose an SSO scheme where user authentication is based on payment cards conforming to the EMV industry standard. The card itself, in conjunction with the EMV architecture, takes the role of the ASP. The associated SSO protocol does not require online card issuer participation, preserves user mobility and does not put user’s financial data at risk.

Security implications in Kerberos by the introduction of smart cards

Public key Kerberos (PKINIT) is a standardized authentication and key establishment protocol which is used by the Windows active directory subsystem. In this paper we show that card-based public key Kerberos is flawed. In particular, access to a users card enables an adversary to impersonate that user even after the adversarys access to the card is revoked. The attack neither exploits physical properties of the card, nor extracts any of its secrets.

On the limits of privacy in reputation systems

This paper describes a formal model for multiple privacy notions that apply to reputation systems and shows that, for certain classes of systems, very strong privacy notions are unachievable. In particular, it is shown that, systems where a users reputation depends exclusively on the ratings he received, necessarily leak information about the relationship between ratings and reputations. In contrast, systems where a users reputation depends both on the received ratings, and on the ratings received by others, potentially hide all information about this relationship. The paper concludes with guidelines for the construction of reputation systems that have the potential to retain high levels of privacy.