Pseudonymous Authenticated Access to an External Service

dc.contributorAalto-yliopistofi
dc.contributorAalto Universityen
dc.contributor.advisorLi, Jingyue
dc.contributor.authorMalik, Fajar
dc.contributor.schoolPerustieteiden korkeakoulufi
dc.contributor.schoolSchool of Scienceen
dc.contributor.supervisorAura, Tuomas
dc.date.accessioned2024-11-20T22:07:18Z
dc.date.available2024-11-20T22:07:18Z
dc.date.issued2024-09-30
dc.description.abstractOnline services often integrate external services to extend their functionality. However, these external services may not be fully trusted, which raises privacy concerns. Nevertheless, the online service still needs to track its users' activities and collect results from their interactions with the external service. To address these issues, this thesis proposes an authentication protocol that preserves user privacy while enabling pseudonymous interaction with external services. The protocol is designed to integrate online services that utilize stateless intermediaries to bridge user authentication with external services. It utilizes concepts from Function as a Service (FaaS), as well as ephemeral containers. A proof-of-concept implementation demonstrates the feasibility of the protocol. The protocol provides security properties of authentication, user matching, and pseudonymity with linkability of asynchronous responses to requests. The security properties of the protocol were verified using ProVerif, an automated cryptographic protocol verification tool. The verification successfully demonstrated authentication and user matching. While the pseudonymity could not be fully verified due to the complexity of the TLS channel model, formalizing the property provided insights into the strengths and limitations of the developed solution. This thesis contributes to the field of federated authentication by introducing a privacy-preserving protocol designed for integrating an external service into an existing online service.en
dc.format.extent55
dc.format.mimetypeapplication/pdfen
dc.identifier.urihttps://aaltodoc.aalto.fi/handle/123456789/131722
dc.identifier.urnURN:NBN:fi:aalto-202411217234
dc.language.isoenen
dc.programmeMaster's Programme in Security and Cloud Computingen
dc.programme.majorSecurity and Cloud Computingen
dc.subject.keywordpseudonymityen
dc.subject.keywordauthenticationen
dc.subject.keywordfunction as a serviceen
dc.subject.keywordcontaineren
dc.subject.keywordsecurity analysisen
dc.subject.keywordproverifen
dc.titlePseudonymous Authenticated Access to an External Serviceen
dc.typeG2 Pro gradu, diplomityöfi
dc.type.ontasotMaster's thesisen
dc.type.ontasotDiplomityöfi
local.aalto.electroniconlyyes
local.aalto.openaccessyes

Files

Original bundle

Now showing 1 - 1 of 1
No Thumbnail Available
Name:
master_Malik_Fajar_2024.pdf
Size:
2.66 MB
Format:
Adobe Portable Document Format