Single sign-on (SSO) allows users to authenticate to third-party applications through a central identity provider. Despite their wide adoption, deployed SSO systems suffer from privacy problems such as user tracking by the identity provider. While numerous solutions have been proposed by academic papers, none were adopted because they require modifying identity providers, a significant adoption barrier in practice. Solutions do get deployed, however, fail to eliminate major privacy issues. Leveraging Trusted Execution Environments (TEEs), we propose MISO, the first privacy-preserving SSO system that is completely compatible with existing identity providers (such as Google and Facebook). This means MISO can be easily integrated into existing SSO ecosystem today and benefit end users. MISO also enables new functionality that standard SSO cannot offer: MISO allows users to leverage multiple identity providers in a single SSO workflow, potentially in a threshold fashion, to better protect user accounts. We fully implemented MISO based on Intel SGX. Our evaluation shows that MISO can handle high user concurrency with practical performance.

翻译：单点登录允许用户通过中央身份提供者对第三方应用进行认证。尽管被广泛采用，现有单点登录系统存在隐私问题，例如身份提供者对用户的追踪。虽然学术论文提出了众多解决方案，但无一被实际采纳，因为它们要求修改身份提供者——这在实践中构成了显著的采用障碍。一些已部署的方案虽然解决了部分问题，但仍未能消除主要的隐私隐患。利用可信执行环境，我们提出了MISO——首个与现有身份提供者（如Google和Facebook）完全兼容的隐私保护单点登录系统。这意味着MISO可以轻松集成到现有单点登录生态中，并惠及终端用户。此外，MISO还实现了标准单点登录无法提供的新功能：用户可在单一单点登录流程中利用多个身份提供者（可能以门限方式）来更好地保护账户安全。我们基于Intel SGX完整实现了MISO系统。评估表明，MISO能够在实际性能表现下处理高并发用户请求。