Single sign-on (SSO) allows users to authenticate to third-party applications through a central identity provider. Despite their wide adoption, deployed SSO systems suffer from privacy problems such as user tracking by the identity provider. While numerous solutions have been proposed by academic papers, none were adopted because they require modifying identity providers, a significant adoption barrier in practice. Solutions do get deployed, however, fail to eliminate major privacy issues. Leveraging Trusted Execution Environments (TEEs), we propose MISO, the first privacy-preserving SSO system that is completely compatible with existing identity providers (such as Google and Facebook). This means MISO can be easily integrated into existing SSO ecosystem today and benefit end users. MISO also enables new functionality that standard SSO cannot offer: MISO allows users to leverage multiple identity providers in a single SSO workflow, potentially in a threshold fashion, to better protect user accounts. We fully implemented MISO based on Intel SGX. Our evaluation shows that MISO can handle high user concurrency with practical performance.

翻译：单点登录（SSO）允许用户通过中央身份提供者向第三方应用进行身份验证。尽管被广泛采用，已部署的SSO系统存在隐私问题，例如身份提供者对用户的追踪。虽然学术界提出了众多解决方案，但由于这些方案要求修改身份提供者——这在实践中构成了显著的采纳障碍——均未被实际应用。一些确实得到部署的解决方案却未能消除主要的隐私问题。通过利用可信执行环境（TEE），我们提出了MISO，这是首个与现有身份提供者（如Google和Facebook）完全兼容的隐私保护SSO系统。这意味着MISO可以轻松集成到现有的SSO生态系统中，并惠及最终用户。MISO还实现了标准SSO无法提供的新功能：MISO允许用户在单个SSO工作流中利用多个身份提供者（可能以阈值方式），从而更好地保护用户账户。我们基于Intel SGX完整实现了MISO。评估表明，MISO能够以实用性能处理高用户并发。