Pseudonymous Authenticated Access to an External Service

Loading...
Thumbnail Image

URL

Journal Title

Journal ISSN

Volume Title

School of Science | Master's thesis

Date

2024-09-30

Department

Major/Subject

Security and Cloud Computing

Mcode

Degree programme

Master's Programme in Security and Cloud Computing

Language

en

Pages

55

Series

Abstract

Online services often integrate external services to extend their functionality. However, these external services may not be fully trusted, which raises privacy concerns. Nevertheless, the online service still needs to track its users' activities and collect results from their interactions with the external service. To address these issues, this thesis proposes an authentication protocol that preserves user privacy while enabling pseudonymous interaction with external services. The protocol is designed to integrate online services that utilize stateless intermediaries to bridge user authentication with external services. It utilizes concepts from Function as a Service (FaaS), as well as ephemeral containers. A proof-of-concept implementation demonstrates the feasibility of the protocol. The protocol provides security properties of authentication, user matching, and pseudonymity with linkability of asynchronous responses to requests. The security properties of the protocol were verified using ProVerif, an automated cryptographic protocol verification tool. The verification successfully demonstrated authentication and user matching. While the pseudonymity could not be fully verified due to the complexity of the TLS channel model, formalizing the property provided insights into the strengths and limitations of the developed solution. This thesis contributes to the field of federated authentication by introducing a privacy-preserving protocol designed for integrating an external service into an existing online service.

Description

Supervisor

Aura, Tuomas

Thesis advisor

Li, Jingyue

Keywords

pseudonymity, authentication, function as a service, container, security analysis, proverif

Other note

Citation