Information Sharing and User Privacy in the Third-party Identity - - PowerPoint PPT Presentation

information sharing and user privacy in the third party
SMART_READER_LITE
LIVE PREVIEW

Information Sharing and User Privacy in the Third-party Identity - - PowerPoint PPT Presentation

Jul 12, 2023 6 likes •250 views

Information Sharing and User Privacy in the Third-party Identity Management Landscape Anna Vapen, Niklas Carlsson, Anirban Mahanti, Nahid Shahmehri Linkping University, Sweden NICTA, Australia 2 Information Sharing and User

slide-1
SLIDE 1

Information Sharing and User Privacy in the Third-party Identity Management Landscape

Anna Vapen¹, Niklas Carlsson¹, Anirban Mahanti², Nahid Shahmehri¹ ¹Linköping University, Sweden ²NICTA, Australia

slide-2
SLIDE 2

2

Information Sharing and User Privacy

In Third-Party Identity Management

Log in with a third-party:

I am and I like

slide-3
SLIDE 3

Background: Third-party Web Authentication

3

Web Authentication

  • Registration with each website
  • Many passwords to remember

Third-party authentication

  • Use an existing IDP (identity provider)

account to access an RP (relying party)

  • Log in less often; Stronger authentication
  • Share information between websites
slide-4
SLIDE 4

Third-party Authentication Scenario

4

Redirect Logged in Relying party (RP) Identity provider (IDP) Relationship between RP and IDP

slide-5
SLIDE 5

Questions

5

  • What type of data is being shared between RPs and IDPs?
  • How does information sharing in third-party identity

management affect privacy?

slide-6
SLIDE 6

Our Studies

6

  • Categorization of data in app-right agreements

– Manual study on the top 200 most popular websites

  • Targeted login tests on websites using popular IDPs
  • Pre-study on multi-IDP usage

– Leveraging our large scale crawled dataset – 3,202 unique RP-IDP relationships

slide-7
SLIDE 7

Protocol and IDP Selection

7

  • The OAuth authorization protocol is increasingly

used for authentication

– Data is transferred in both directions between IDP and RP – Rich user data is shared

  • The use of the more privacy preserving OpenID

protocol is decreasing!

OAuth OpenID Both

April 2012 vs. Sept 2014

  • 11%

+24%

slide-8
SLIDE 8

Protocol and IDP Selection

8

  • IDPs occur in specific combinations
  • Many pairs and triples of popular IDPs
  • Of RPs with 2-3 IDPs, 75% of these RPs are selecting all

their IDPs from the top 5 most popular IDPs

Top IDPs:

+

37%

+

19%

+

12%

slide-9
SLIDE 9

App Rights and Information Flows

9

  • App-rights: the permission

agreements between RP and IDP

– Data from IDP to RP – Actions from RP to IDP

  • Specified by

– Protocol (OAuth) – The API of the IDP – Selected by RP

slide-10
SLIDE 10

App Rights and Information Flows

10

E-mail address used as identifier

slide-11
SLIDE 11

App Rights and Information Flows

11

Full name, profile picture, Google+ ID, age range, language and friend list Full name, profile picture, profile URL, public information

slide-12
SLIDE 12

App Rights and Information Flows

12

Post SoundCloud activity on Google+

slide-13
SLIDE 13

Classification of Information

13

  • Basic information (B): Identifiers, public information
  • Personal information (P): E.g. interests, age, political views
  • Created contents (C): E.g. images, behavior data (likes)
  • Friend’s data (F): Data belonging to other users
  • Authorized actions (A): Update/ write/ delete data on IDP

IDP RP

Data (B, P, C and F) from IDP to RP User U Actions (A): The RP acts as U on the IDP

slide-14
SLIDE 14

Classification of Information

14

  • Basic information (B): Identifiers, public information
  • Personal information (P): E.g. interests, age, political views
  • Created contents (C): E.g. images, behavior data (likes)
  • Friend’s data (F): Data belonging to other users
  • Authorized actions (A): Update/ write/ delete data on IDP

Actions (A) Non-actions (¬A)

P C F B P C F B 25 14 1 31 9 3 4

slide-15
SLIDE 15

Classification of Information

15

  • Basic information (B): Identifiers, public information
  • Personal information (P): E.g. interests, age, political views
  • Created contents (C): E.g. images, behavior data (likes)
  • Friend’s data (F): Data belonging to other users
  • Authorized actions (A): Update/ write/ delete data on IDP

Actions (A) Non-actions (¬A)

P C F B P C F B 25 14 1 31 9 3 4

slide-16
SLIDE 16

Risk Types

16

Data only Data + actions

Risk type Class combination R- A ∩ B R A ∩ P R+ A ∩ P ∩ C R++ A ∩ P ∩ C ∩ F

Actions (A)

P C F B 25 14 1

Non-actions (¬A)

P C F B 31 9 3 4 Risk type Class combination R- ¬A ∩ B R ¬A ∩ P R+ ¬A ∩ P ∩ C R++ ¬A ∩ P ∩ C ∩ F

slide-17
SLIDE 17

Risk Types

17

Data only Data + actions

Risk type Class combination R- A ∩ B R A ∩ P R+ A ∩ P ∩ C R++ A ∩ P ∩ C ∩ F

Actions (A)

P C F B 25 14 1

Non-actions (¬A)

P C F B 31 9 3 4 Risk type Class combination R- ¬A ∩ B R ¬A ∩ P R+ ¬A ∩ P ∩ C R++ ¬A ∩ P ∩ C ∩ F

slide-18
SLIDE 18

Risk Types

18

Data only Data + actions

Risk type Class combination R- A ∩ B R A ∩ P R+ A ∩ P ∩ C R++ A ∩ P ∩ C ∩ F

Actions (A)

P C F B 25 14 1

Non-actions (¬A)

P C F B 31 9 3 4 Risk type Class combination R- ¬A ∩ B R ¬A ∩ P R+ ¬A ∩ P ∩ C R++ ¬A ∩ P ∩ C ∩ F

slide-19
SLIDE 19

Risk Types: Results

19

  • Only a few relationships in the most privacy

preserving category R-, OpenID only

  • 2+ IDPs: More than half are using actions

– Actions are dangerous when having several IDPs – Potential multi-IDP leakage! 67%

non-actions

1 IDP

51%

actions

2+ IDPs

News and file sharing RPs: most frequent users of actions

slide-20
SLIDE 20

Head-to-head IDP Comparison

20

  • Facebook: Rich data, actions, default settings not

privacy preserving

  • Google: Fine grained personalization, several

information “bundles”

  • Twitter: Much more actions than the other IDPs
  • Sept. 2014

Relationship type IDP (total) R- R R+ R++ R R+ R++ Unknown Facebook (55) 24 5 3 13 3 1 6 Twitter (15) 4 11 Google (29) 4 7 12 6

Dangerous combination: rich data + actions Most popular pair!

slide-21
SLIDE 21

Multi-account Information Risks

21

  • Targeted login tests: all pairs of Google, Twitter and Facebook
  • Changing the order of IDPs

– Connect IDP1 first, then IDP2, and the other way around

  • Local account at RP

– Added before IDP usage – Added during first IDP login

slide-22
SLIDE 22

Multi-account Information Risks: Results

22

  • Unwanted combinations of conflicting information
  • RPs handle multi-IDP usage badly
  • Data import + actions  cross account leakage

IDP1 IDP2 RP

  • A. Smith

Age: 21+ Alice S. Age: 25

Conflicting information

IDP1 IDP2 RP

Relationship Fail

IDP1 IDP2 RP

Import private photos

This is me!

Information collision Account merging and collisions Cross-IDP information leakage

slide-23
SLIDE 23

Contributions and Findings

23

  • Captured protocol usage and IDP combinations

– IDPs occur in specific combinations – A non-privacy preserving protocol used

  • Profiled information sharing between sites

– Categorization of transferred data – Defined risk types

  • Identified privacy issues when using multiple IDPs

– RPs do not handle multiple IDPs well – Imported information may leak to other third-parties

slide-24
SLIDE 24

Log in with a third-party:

Information Sharing and User Privacy in the Third-party Identity Management Landscape

Anna Vapen, Niklas Carlsson, Anirban Mahanti, Nahid Shahmehri anna.vapen@liu.se