Driven by social networks, single sign-on (SSO) has become extremely popular on the web. Using SSO schemes, users can conveniently sign in at many web sites by just signing in at their email provider or favorite social network, for example, via "Login with Facebook" or "Login with Google". They can also grant third parties access to their accounts, allowing these parties, for example, to post content to their Facebook timeline. These SSO schemes are typically based on federated authentication and authorization protocols, such as OAuth 2.0 and OpenID Connect.In our previous research, we have developed a rich model of the web infrastructure and successfully applied it to analyze web-based SSO schemes. Our analysis has revealed several new attacks on widely used standards, such as OAuth 2.0 and OpenID Connect. We also suggested fixes, which we proved secure in our model and which have led to improvements of the standards.Currently, the landscape of applications of SSO systems is, however, changing and expanding rapidly. SSO systems now find more and more applications outside of the pure web context as well as in high-risk and high-stake environments. For example, banks have started to employ SSO technologies to make their services available online and to interconnect them over the Internet. Since September 2019, banks in the EU are legally obliged to open their systems to third-party services, such as payment processors, that may view or invoke transactions on the users' behalf. SSO systems and standards are now also employed for IoT devices, such as door locks and cars, where, for example, users can authorize other users, such as friends or delivery services, to open their front doors or cars. Moreover, SSO-based systems are being built for physicians to issue digital prescriptions to patients or for establishing legally binding contracts, for example, with insurance companies, with users authenticating to their banks in order to generate digital signatures.Such new use cases have sparked the development of new standards, protocols, and systems. The high-risk nature of some of the new applications, the sensible information processed, and the new contexts in which these protocols and SSO systems are supposed to function, render previous approaches for the formal security and privacy analysis insufficient. Among others, stronger and new security and privacy properties as well as new and more suitable and realistic attacker models are required.Providing appropriate models and methods for the formal analysis of the new and advanced SSO systems and standards, carrying out such an analysis on relevant emerging standards and applications, and designing secure SSO systems for the new high-risk and sensitive ecosystems are therefore the main goals of this project.

DFG Programme Research Grants