Security analysis of OpenID

Sovis, Pavol; Kohlar, Florian; Schwenk, Jörg

Author:

Abstract

OpenID is a user-centric and decentralized Single Sign-On system. It enables users to sign into Relying Partiesby providing an authentication assertion from an OpenID Provider. It is supported by many leading internet companies and there are over a billion accounts capable of using OpenID. We present a security analysis of OpenID and the corresponding extensions and reveal several vulnerabilities. This paper demonstrates how identity information sent within the OpenID protocol can be manipulated, due to an improper verification of OpenID assertions and no integrity protection of the authentication request.

Citation
BibTeX

Sovis, P., Kohlar, F. & Schwenk, J., (2010). Security analysis of OpenID. In: Freiling, F. C. (Hrsg.), Sicherheit 2010. Sicherheit, Schutz und Zuverlässigkeit. Bonn: Gesellschaft für Informatik e.V.. (S. 329-340).

@inproceedings{mci/Sovis2010,
author = {Sovis, Pavol AND Kohlar, Florian AND Schwenk, Jörg},
title = {Security analysis of OpenID},
booktitle = {Sicherheit 2010. Sicherheit, Schutz und Zuverlässigkeit},
year = {2010},
editor = {Freiling, Felix C.} ,
pages = { 329-340 },
publisher = {Gesellschaft für Informatik e.V.},
address = {Bonn}
}

	Dateien	Groesse	Format	Anzeige
	329.pdf	193.0Kb	PDF	View/Open

Haben Sie fehlerhafte Angaben entdeckt? Sagen Sie uns Bescheid: Send Feedback

More Info

ISBN: 978-3-88579-264-2

ISSN: 1617-5468

xmlui.MetaDataDisplay.field.date: 2010

Language:

(en)

Content Type: Text/Conference Paper

Collections

P170 - Sicherheit 2010 - Sicherheit, Schutz und Zuverlässigkeit [31]

Show full item record

All of DSpace

This Collection