On the security of Hölder-of-key single sign-on

Web Single Sign-On (SSO) is a valuable point of attack because it provides access to multiple resources once a user has initially authenticated. Therefore, the security of Web SSO is crucial. In this context, the SAML-based Holder-of-Key (HoK) SSO Profile is a cryptographically strong authentication protocol that is used in highly critical scenarios. We show that HoK is susceptible to a previously published attack by Armando et al. [ACC+11] that combines logical flaws with cross-site scripting. To fix this vulnerability, we propose to enhance HoK and call our novel approach HoK+. We have implemented HoK+ in the popular open source framework SimpleSAMLphp.

Mayer, Andreas; Mladenov, Vladislav; Schwenk, Jörg (2014): On the security of Hölder-of-key single sign-on. Sicherheit 2014 – Sicherheit, Schutz und Zuverlässigkeit. Bonn: Gesellschaft für Informatik e.V.. PISSN: 1617-5468. ISBN: 978-3-88579-622-0. pp. 65-78. Regular Research Papers. Wien, Österreich. 19.-21. März 2014

Sammlungen

P228 - Sicherheit 2014 - Sicherheit, Schutz und Zuverlässigkeit

Komplettanzeige

On the security of Hölder-of-key single sign-on

Volltext URI

Dokumententyp

Dateien

Zusatzinformation

Datum

Autor:innen

Zeitschriftentitel

ISSN der Zeitschrift

Bandtitel

Quelle

Verlag

Zusammenfassung

Beschreibung

Schlagwörter

Zitierform

DOI

Tags

Sammlungen