2016 IEEE European Symposium on Security and Privacy (EuroS&P) 2016
DOI: 10.1109/eurosp.2016.33
|View full text |Cite
|
Sign up to set email alerts
|

Do Not Trust Me: Using Malicious IdPs for Analyzing and Attacking Single Sign-on

Abstract: Abstract. Single Sign-On (SSO) systems simplify login procedures by using an an Identity Provider (IdP) to issue authentication tokens which can be consumed by Service Providers (SPs). Traditionally, IdPs are modeled as trusted third parties. This is reasonable for SSO systems like Kerberos, MS Passport and SAML, where each SP explicitely specifies which IdP he trusts. However, in open systems like OpenID and OpenID Connect, each user may set up his own IdP, and a discovery phase is added to the protocol flow.… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
1
1
1

Citation Types

0
21
0
1

Year Published

2016
2016
2024
2024

Publication Types

Select...
3
3
1

Relationship

0
7

Authors

Journals

citations
Cited by 28 publications
(22 citation statements)
references
References 17 publications
0
21
0
1
Order By: Relevance
“…Using protocol analyzing tools, Nair et al identified security vulnerabilities in SSO implementations of Facebook ® , Google ® , and JanRain ® [28]. As part of their research, Mainka et al developed a fully-automated OpenId Attacker tool and used it for ID Spoofing (IDS), Key Confusion (KC), and Token Recipient Confusion (TRC) attacks on several OpenID implementations, including Sourceforge ® , Drupal ® , ownCloud ® and JIRA ® [25]. Shi et al analyzed the vulnerabilities of mobile apps implementation of SSO.…”
Section: Related Work and Scope Of The Proposed Work A Related Workmentioning
confidence: 99%
“…Using protocol analyzing tools, Nair et al identified security vulnerabilities in SSO implementations of Facebook ® , Google ® , and JanRain ® [28]. As part of their research, Mainka et al developed a fully-automated OpenId Attacker tool and used it for ID Spoofing (IDS), Key Confusion (KC), and Token Recipient Confusion (TRC) attacks on several OpenID implementations, including Sourceforge ® , Drupal ® , ownCloud ® and JIRA ® [25]. Shi et al analyzed the vulnerabilities of mobile apps implementation of SSO.…”
Section: Related Work and Scope Of The Proposed Work A Related Workmentioning
confidence: 99%
“…The first notable thing about the surveyed OpenID papers [17][18][19][20][21][22][23][24][25][26] is how the message formatting (a parameter or part of the message is not signed properly -common in OpenID) vulnerability is exploited by the message modification (possible because the message is not protected properly) attack class for the purposes of compromising a user account. For instance, an adversary could modify parameters such as Openid.ext1.value.email as shown by Wang et al [37].…”
Section: Openidmentioning
confidence: 99%
“…Mainka et al [26] pointed out two security incidents at the implementation level which compromised user accounts. The first exploited a lack of binding by launching a MITM attack and had a suggested solution.…”
Section: Openidmentioning
confidence: 99%
“…The main feature of SSO is to enhance the user login process. The SSO is a famous distributed protocol and OpenID supports this protocol [1][2][3][4][5][6][7][8][9][10][11][12][13].…”
Section: Introductionmentioning
confidence: 99%