BISON: Blind Identification through Stateless scOpe-specific derivatioN
Authors:
Jakob Heher,
Lena Heimberger,
Stefan More
Abstract:
Delegating authentication to identity providers like Google or Facebook, while convenient, compromises user privacy. Global identifiers enable internet-wide tracking; furthermore, identity providers can also record users' associations.
We show that neither is a necessary evil by presenting the BISON pseudonym derivation protocol, inspired by Oblivious Pseudorandom Functions. It hides the service…
▽ More
Delegating authentication to identity providers like Google or Facebook, while convenient, compromises user privacy. Global identifiers enable internet-wide tracking; furthermore, identity providers can also record users' associations.
We show that neither is a necessary evil by presenting the BISON pseudonym derivation protocol, inspired by Oblivious Pseudorandom Functions. It hides the service provider's identity from the identity provider, yet produces a trusted, scoped, immutable pseudonym. Colluding service providers cannot link BISON pseudonyms. This prevents user tracking. BISON does not require long-lived state on the user device, and does not add additional actors to the authentication process.
BISON uses lightweight cryptography. Pseudonym derivation requires a total of four elliptic curve scalar-point multiplications and four hash function evaluations, totaling to ~3 ms in our proof of concept implementation. BISON is designed to integrate into existing authentication protocols. We provide an OpenID Connect extension that allows OIDC's PPID pseudonyms to be derived using BISON. This demonstrates that BISON's privacy guarantees can be realized in practice.
For these reasons, BISON is a crucial step** stone towards realizing the privacy-preserving internet of tomorrow.
△ Less
Submitted 3 June, 2024;
originally announced June 2024.