Logo des Repositoriums
 

On the security of Hölder-of-key single sign-on

dc.contributor.authorMayer, Andreas
dc.contributor.authorMladenov, Vladislav
dc.contributor.authorSchwenk, Jörg
dc.contributor.editorKatzenbeisser, Stefan
dc.contributor.editorLotz, Volkmar
dc.contributor.editorWeippl, Edgar
dc.date.accessioned2019-01-25T14:17:31Z
dc.date.available2019-01-25T14:17:31Z
dc.date.issued2014
dc.description.abstractWeb Single Sign-On (SSO) is a valuable point of attack because it provides access to multiple resources once a user has initially authenticated. Therefore, the security of Web SSO is crucial. In this context, the SAML-based Holder-of-Key (HoK) SSO Profile is a cryptographically strong authentication protocol that is used in highly critical scenarios. We show that HoK is susceptible to a previously published attack by Armando et al. [ACC+11] that combines logical flaws with cross-site scripting. To fix this vulnerability, we propose to enhance HoK and call our novel approach HoK+. We have implemented HoK+ in the popular open source framework SimpleSAMLphp.en
dc.identifier.isbn978-3-88579-622-0
dc.identifier.pissn1617-5468
dc.identifier.urihttps://dl.gi.de/handle/20.500.12116/20069
dc.language.isoen
dc.publisherGesellschaft für Informatik e.V.
dc.relation.ispartofSicherheit 2014 – Sicherheit, Schutz und Zuverlässigkeit
dc.relation.ispartofseriesLecture Notes in Informatics (LNI) - Proceedings, Volume P-233
dc.titleOn the security of Hölder-of-key single sign-onen
dc.typeText/Conference Paper
gi.citation.endPage78
gi.citation.publisherPlaceBonn
gi.citation.startPage65
gi.conference.date19.-21. März 2014
gi.conference.locationWien, Österreich
gi.conference.sessiontitleRegular Research Papers

Dateien

Originalbündel
1 - 1 von 1
Lade...
Vorschaubild
Name:
65.pdf
Größe:
5.31 MB
Format:
Adobe Portable Document Format