UPPRESSO: Untraceable and Unlinkable Privacy-PREserving Single Sign-On Services

Single sign-on (SSO) allows a user to maintain only the credential at the identity provider (IdP), to login to numerous RPs. However, SSO introduces extra privacy threats, compared with traditional authentication mechanisms, as (a) the IdP could track all RPs which a user is visiting, and (b) collusive RPs could learn a user's online profile by linking his identities across these RPs. This paper proposes a privacypreserving SSO system, called UPPRESSO, to protect a user's login activities against both the curious IdP and collusive RPs. We analyze the identity dilemma between the security requirements and these privacy concerns, and convert the SSO privacy problems into an identity transformation challenge. In each login instance, an ephemeral pseudo-identity (denoted as PID_RP ) of the RP, is firstly negotiated between the user and the RP. PID_RP is sent to the IdP and designated in the identity token, so the IdP is not aware of the visited RP. Meanwhile, PID_RP is used by the IdP to transform the permanent user identity ID_U into an ephemeral user pseudo-identity (denoted as PID_U ) in the identity token. On receiving the identity token, the RP transforms PID_U into a permanent account (denoted as Acct) of the user, by an ephemeral trapdoor in the negotiation. Given a user, the account at each RP is unique and different from ID_U, so collusive RPs cannot link his identities across these RPs. We build the UPPRESSO prototype on top of MITREid Connect, an open-source implementation of OIDC. The extensive evaluation shows that UPPRESSO fulfills the requirements of both security and privacy and introduces reasonable overheads

A Secure and Fast Dispersal Storage Scheme Based on the Learning with Errors Problem

Data confidentiality and availability are of primary concern in data storage. Dispersal storage schemes achieve these two security properties by transforming the data into multiple codewords and dispersing them across multiple storage servers. Existing schemes achieve confidentiality and availability by various cryptographic and coding algorithms, but only under the assumption that an adversary cannot obtain more than a certain number of codewords. Meanwhile existing schemes are designed for storing archives. In this paper, we propose a novel dispersal storage scheme based on the learning with errors problem, known as storage with errors (SWE). SWE can resist even more powerful adversaries. Besides, SWE favorably supports dynamic data operations that are both efficient and secure, which is more practical for cloud storage. Furthermore, SWE achieves security at relatively low computational overhead, but the same storage cost compared with the state of the art. We also develop a prototype to validate and evaluate SWE. Analysis and experiments show that with proper configurations, SWE outperforms existing schemes in encoding/decoding speed

Making a good thing better: enhancing password/PIN-based user authentication with smartwatch

Abstract Wearing smartwatches becomes increasingly popular in people’s lives. This paper shows that a smartwatch can help its bearer authenticate to a login system effectively and securely even if the bearer’s password has already been revealed. This idea is motivated by our observation that a sensor-rich smartwatch is capable of tracking the wrist motions of its bearer typing a password or PIN, which can be used as an authentication factor. The major challenge in this research is that a sophisticated attacker may imitate a user’s typing behavior as shown in previous research on keystroke dynamics based user authentication. We address this challenge by applying a set of machine learning and deep learning classifiers on the user’s wrist motion data that are collected from a smartwatch worn by the user when inputting his/her password or PIN. Our solution is user-friendly since it does not require users to perform any additional actions when typing passwords or PINs other than wearing smartwatches. We conduct a user study involving 51 participants so as to evaluate the feasibility and performance of our solution. User study results show that the best classifier is the Bagged Decision Trees, which yields 4.58% FRR and 0.12% FAR on a QWERTY keyboard, and 6.13% FRR and 0.16% FAR on a numeric keypad

METTL3-mediated m6A methylation orchestrates mRNA stability and dsRNA contents to equilibrate γδ T1 and γδ T17 cells

Summary: γδ T cells make key contributions to tissue physiology and immunosurveillance through two main functionally distinct subsets, γδ T1 and γδ T17. m6A methylation plays critical roles in controlling numerous aspects of mRNA metabolism that govern mRNA turnover, gene expression, and cellular functional specialization; however, its role in γδ T cells remains less well understood. Here, we find that m6A methylation controls the functional specification of γδ T17 vs. γδ T1 cells. Mechanistically, m6A methylation prevents the formation of endogenous double-stranded RNAs and promotes the degradation of Stat1 transcripts, which converge to prevent over-activation of STAT1 signaling and ensuing inhibition of γδ T17. Deleting Mettl3, the key enzyme in the m6A methyltransferases complex, in γδ T cells reduces interleukin-17 (IL-17) production and ameliorates γδ T17-mediated psoriasis. In summary, our work shows that METTL3-mediated m6A methylation orchestrates mRNA stability and double-stranded RNA (dsRNA) contents to equilibrate γδ T1 and γδ T17 cells