Anonymous Single-Sign-On for n designated services with traceability

TL;DR

This paper introduces a privacy-preserving anonymous single-sign-on scheme for multiple services, ensuring user anonymity and traceability with a lightweight design and strong security guarantees.

Contribution

It presents a novel anonymous authentication scheme that restricts verification to designated verifiers and supports a trusted third party for de-anonymization, enhancing privacy and security.

Findings

Scheme prevents information leakage even with verifier collusion

Supports traceability via a trusted third party

Achieves lightweight authentication without attribute-based signatures

Abstract

Anonymous Single-Sign-On authentication schemes have been proposed to allow users to access a service protected by a verifier without revealing their identity which has become more important due to the introduction of strong privacy regulations. In this paper we describe a new approach whereby anonymous authentication to different verifiers is achieved via authorisation tags and pseudonyms. The particular innovation of our scheme is authentication can only occur between a user and its designated verifier for a service, and the verification cannot be performed by any other verifier. The benefit of this authentication approach is that it prevents information leakage of a user's service access information, even if the verifiers for these services collude which each other. Our scheme also supports a trusted third party who is authorised to de-anonymise the user and reveal her whole services access information if required. Furthermore, our scheme is lightweight because it does not rely on attribute or policy-based signature schemes to enable access to multiple services. The scheme's security model is given together with a security proof, an implementation and a performance evaluation.