November 15, 2012
Audit Based Privacy Preservation for the OpenID Authentication Protocol
As originally published in 2012 IEEE International Conference on Technologies for Homeland Security, co-author Dr. Xiaojiang Du.
This research studies a privacy vulnerability within OpenID, a distributed single sign on protocol. An OpenID system consists of three components: User Agents (UA); Relying Parties – web applications that a UA would like to authenticate with using their unique identifier; and Identity Providers – web servers that provide a globally unique identifier for the UA, and validates the identity of UAs on behalf of Relying Parties.
The privacy vulnerability addressed by this research has been identified in existing literatures. However, no effective solution has been proposed. This research attempts to present an effective scheme to mitigate this documented vulnerability. In order for OpenID to gain wider acceptance, this vulnerability must be addressed with a solution that is convenient to the users of single sign on.
We propose a method for mitigating this vulnerability by creating vertical levels of trust between constituents of an OpenID network through expanding the role of OpenID Identity Providers to include auditing OpenID Relying Parties for privacy vulnerabilities. In addition, Identity Providers may keep records of audits that identify Relying Parties that do not protect the privacy of OpenID users.
The primary issue with this privacy vulnerability is that it is completely transparent – it occurs without the user ever being aware that it is happening. We cannot force Relying Parties to guarantee the privacy of OpenID users, nor would we like to burden individual users with browser-level solutions that are often overly technical and difficult to understand. So therefore, we have designed an audit solution at the level of the Identity Provider, which can accurately inform users when Relying Parties may be sharing information with third parties, therefore giving OpenID users the ability to make a conscious choice of sharing that information. We have performed a level of experiments that indicates that our scheme is valid, and the experimental results obtained indicate that our scheme is effective.