aalto1 untyped-item.component.html
Pseudonymous Authenticated Access to an External Service
Loading...
URL
Journal Title
Journal ISSN
Volume Title
School of Science |
Master's thesis
Unless otherwise stated, all rights belong to the author. You may download, display and print this publication for Your own personal use. Commercial use is prohibited.
Authors
Date
Department
Major/Subject
Mcode
Degree programme
Language
en
Pages
55
Series
Abstract
Online services often integrate external services to extend their functionality. However, these external services may not be fully trusted, which raises privacy concerns. Nevertheless, the online service still needs to track its users' activities and collect results from their interactions with the external service. To address these issues, this thesis proposes an authentication protocol that preserves user privacy while enabling pseudonymous interaction with external services. The protocol is designed to integrate online services that utilize stateless intermediaries to bridge user authentication with external services. It utilizes concepts from Function as a Service (FaaS), as well as ephemeral containers. A proof-of-concept implementation demonstrates the feasibility of the protocol. The protocol provides security properties of authentication, user matching, and pseudonymity with linkability of asynchronous responses to requests. The security properties of the protocol were verified using ProVerif, an automated cryptographic protocol verification tool. The verification successfully demonstrated authentication and user matching. While the pseudonymity could not be fully verified due to the complexity of the TLS channel model, formalizing the property provided insights into the strengths and limitations of the developed solution. This thesis contributes to the field of federated authentication by introducing a privacy-preserving protocol designed for integrating an external service into an existing online service.