Anonymous Single Sign-on with Proxy Re-Verification
This work addresses privacy concerns in authentication systems for users and organizations, offering an incremental improvement by adding proxy re-verification and deanonymization features to existing anonymous single sign-on schemes.
The paper tackles the problem of enabling anonymous single sign-on for users to access multiple services without revealing identity, proposing a scheme that allows proxy re-verification when designated verifiers are unavailable and includes deanonymization capabilities for tracing. It provides a formal security proof and empirical performance evaluation, with potential application in smart ticketing to comply with privacy regulations like GDPR.
An anonymous Single Sign-On (ASSO) scheme allows users to access multiple services anonymously using one credential. We propose a new ASSO scheme, where users can access services anonymously through the use of anonymous credentials and unlinkably through the provision of designated verifiers. Notably, verifiers cannot link service requests of a user even if they collude. The novelty is that when a designated verifier is unavailable, a central authority can authorise new verifiers to authenticate the user on behalf of the original verifier. Furthermore, if required, a central verifier is authorised to deanonymise users and trace their service requests. We formalise the scheme along with a security proof and provide an empirical evaluation of its performance. This scheme can be applied to smart ticketing where minimising the collection of personal information of users is increasingly important to transport organisations due to privacy regulations such as General Data Protection Regulations (GDPR).