Paper 2019/1470
PESTO: Proactively Secure Distributed Single Sign-On, or How to Trust a Hacked Server
Carsten Baum, Tore K. Frederiksen, Julia Hesse, Anja Lehmann, and Avishay Yanai
Abstract
Single Sign-On (SSO) is becoming an increasingly popular authentication method for users that leverages a trusted Identity Provider (IdP) to bootstrap secure authentication tokens from a single user password. It alleviates some of the worst security issues of passwords, as users no longer need to memorize individual passwords for all service providers, and it removes the burden of these service to properly protect huge password databases. However, SSO also introduces a single point of failure. If compromised, the IdP can impersonate all users and learn their master passwords. To remedy this risk while preserving the advantages of SSO, Agrawal et al. (CCS'18) recently proposed a distributed realization termed PASTA (password-authenticated threshold authentication) which splits the role of the IdP across
Metadata
- Available format(s)
-
PDF
- Category
- Cryptographic protocols
- Publication info
- Published elsewhere. Minor revision. EuroS&P 2020
- Keywords
- Single Sign-OnAuthenticationIdentity ProviderDistributed Protocols
- Contact author(s)
-
cbaum @ cs au dk
tore frederiksen @ alexandra dk
juliahesse2 @ gmail com
anja lehmann @ hpi de
yanaia @ vmware com - History
- 2020-11-16: last of 5 revisions
- 2019-12-23: received
- See all versions
- Short URL
- https://ia.cr/2019/1470
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2019/1470, author = {Carsten Baum and Tore K. Frederiksen and Julia Hesse and Anja Lehmann and Avishay Yanai}, title = {{PESTO}: Proactively Secure Distributed Single Sign-On, or How to Trust a Hacked Server}, howpublished = {Cryptology {ePrint} Archive, Paper 2019/1470}, year = {2019}, url = {https://eprint.iacr.org/2019/1470} }