Abstract
Modern Identify-as-a-Service solutions solve the problems of burdensome user credential management and non-uniform security strength, by introducing an Identity Provider (IdP) that holds the users’ identities and grants a user one-time access tokens when he/she tries to login to different online applications (known as the Relying Parties, RPs). However, the non-negligible problem of privacy leakage during authentication largely remains unattended. In this paper, we propose a Privacy Preserving Anonymous Authentication Scheme (P2A) with Blockchain and Intel Software Guard Extensions (SGX). The IdP in P2A manages the users’ identities by issuing different kinds of transactions in the Blockchain, covering the registration, update, freeze/thaw, and deletion of identities. When the user wants to login to an RP, instead of asking for an one-time token from the IdP, he can generate an identity proof locally with SGX and login to the RP with an RP-specific pseudonym (PN). By resorting to the Blockchain, the RP will be convinced that the PN is associated with some registered identity on IdP and specific attributes of the user are satisfactory, without obtaining the real identity and raw attributes of the user. In this way, privacy leakages to the IdP and RPs are eliminated. P2A has a few exciting new features and security analysis shows it can resist various attacks even under strict assumptions.
This work was supported by National Cryptography Development Fund (Award No. MMJJ20180221).
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Scott, C., Jahan, M., Rob, P., Eve, M.: Metadata for the oasis security assertion markup language (saml) v2. 0 (2005)
Dick, H.: The oauth 2.0 authorization framework (2012)
Nat, S., John, B., Mike, J., de Medeiros, B., Mortimore, C.: Openid connect core 1.0 incorporating errata set 1. The OpenID Foundation, specification (2014)
Costan, V., Devadas, S.: Intel sgx explained. IACR Cryptology ePrint Archive 2016(086), 1–118 (2016)
Ittai, A., Shay, G., Simon, J., Vincent, S.: Innovative technology for cpu based attestation and sealing. In: Proceedings of the 2nd International Workshop on Hardware and Architectural Support for Security and Privacy, vol. 13. ACM New York, NY, USA (2013)
Matthew, H., Reshma, L., Pradeep, P., Vinay, P., Juan Del, C.: Using innovative instructions to create trustworthy software solutions. HASP@ ISCA, 11 (2013)
Frank, M., et al.: Innovative instructions and software model for isolated execution. Hasp@ isca, 10(1), 56–63 (2013)
Satoshi, N.: Bitcoin: a peer-to-peer electronic cash system. http://bitcoin.org/bitcoin. pdf (2008)
Wood, G., et al.: Ethereum: a secure decentralised generalised transaction ledger. Ethereum Project Yellow Paper 151(2014), 1–32 (2014)
Sasson, E.B., et al.: Zerocash: decentralized anonymous payments from bitcoin. In: 2014 IEEE Symposium on Security and Privacy, pp. 459–474. IEEE (2014)
Van Saberhagen, N.: Cryptonote v 2 (2013)
Evan, D., Daniel, D.: Dash: a privacycentric cryptocurrency. GitHub. https://www.github.com/dashpay/dash/wiki/Whitepaper (2015)
Ahmed, K., Andrew, M., Elaine, S., Zikai, W., Charalamposm, P.: Hawk: the blockchain model of cryptography and privacy-preserving smart contracts. In: 2016 IEEE Symposium on Security and Privacy (SP), pp. 839–858. IEEE (2016)
Fan, Z., Ittay, E., Robert, E., Ari, J., Robbert, V.R.: \(\{\)REM\(\}\): resource-efficient mining for blockchains. In: 26th \(\{\)USENIX\(\}\) Security Symposium (\(\{\)USENIX\(\}\) Security 17), pp. 1427–1444 (2017)
Mitar, M., Warren, H., Howard, W., Maxinder, K.: Proof of luck: an efficient blockchain consensus protocol. In: Proceedings of the 1st Workshop on System Software for Trusted Execution, p. 2. ACM (2016)
Yuan, R., Xia, Y.-B., Chen, H.-B., Zang, B.-Y., Xie, J.: Shadoweth: private smart contract on public blockchain. J. Comput. Sci. Technol. 33(3), 542–556 (2018)
Gbadebo, A., Vishal, K., Latifur, K., Kevin, H.: Decentralized iot data management using blockchain and trusted execution environment. In: 2018 IEEE International Conference on Information Reuse and Integration (IRI), pp. 15–22. IEEE (2018)
Alexander, N., Pegah, N.B., Joakim, B.: A survey of published attacks on intel SGX. Technical report (2020)
Guoxing, C., et al.: Racing in hyperspace: closing hyper-threading side channels on SGX with contrived data races. In: 2018 IEEE Symposium on Security and Privacy (SP), pp. 178–194. IEEE (2018)
Oleksii, O., Bohdan, T., Robert, K., Mark, S., Christof, F.: Varys: protecting \(\{\)SGX\(\}\) enclaves from practical side-channel attacks. In: 2018 \(\{\)USENIX\(\}\) Annual Technical Conference (\(\{\)USENIX\(\}\)\(\{\)ATC\(\}\) 18), pp. 227–240 (2018)
Sinisa, M., et al.: Rote: rollback protection for trusted execution. In: Proceedings of the 26th USENIX Conference on Security Symposium (2017)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 Springer Nature Switzerland AG
About this paper
Cite this paper
Song, T., Wang, W., Lang, F., Ouyang, W., Wang, Q., Lin, J. (2021). P2A: Privacy Preserving Anonymous Authentication Based on Blockchain and SGX. In: Wu, Y., Yung, M. (eds) Information Security and Cryptology. Inscrypt 2020. Lecture Notes in Computer Science(), vol 12612. Springer, Cham. https://doi.org/10.1007/978-3-030-71852-7_17
Download citation
DOI: https://doi.org/10.1007/978-3-030-71852-7_17
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-71851-0
Online ISBN: 978-3-030-71852-7
eBook Packages: Computer ScienceComputer Science (R0)