On the security of Hölder-of-key single sign-on
dc.contributor.author | Mayer, Andreas | |
dc.contributor.author | Mladenov, Vladislav | |
dc.contributor.author | Schwenk, Jörg | |
dc.contributor.editor | Katzenbeisser, Stefan | |
dc.contributor.editor | Lotz, Volkmar | |
dc.contributor.editor | Weippl, Edgar | |
dc.date.accessioned | 2019-01-25T14:17:31Z | |
dc.date.available | 2019-01-25T14:17:31Z | |
dc.date.issued | 2014 | |
dc.description.abstract | Web Single Sign-On (SSO) is a valuable point of attack because it provides access to multiple resources once a user has initially authenticated. Therefore, the security of Web SSO is crucial. In this context, the SAML-based Holder-of-Key (HoK) SSO Profile is a cryptographically strong authentication protocol that is used in highly critical scenarios. We show that HoK is susceptible to a previously published attack by Armando et al. [ACC+11] that combines logical flaws with cross-site scripting. To fix this vulnerability, we propose to enhance HoK and call our novel approach HoK+. We have implemented HoK+ in the popular open source framework SimpleSAMLphp. | en |
dc.identifier.isbn | 978-3-88579-622-0 | |
dc.identifier.pissn | 1617-5468 | |
dc.identifier.uri | https://dl.gi.de/handle/20.500.12116/20069 | |
dc.language.iso | en | |
dc.publisher | Gesellschaft für Informatik e.V. | |
dc.relation.ispartof | Sicherheit 2014 – Sicherheit, Schutz und Zuverlässigkeit | |
dc.relation.ispartofseries | Lecture Notes in Informatics (LNI) - Proceedings, Volume P-233 | |
dc.title | On the security of Hölder-of-key single sign-on | en |
dc.type | Text/Conference Paper | |
gi.citation.endPage | 78 | |
gi.citation.publisherPlace | Bonn | |
gi.citation.startPage | 65 | |
gi.conference.date | 19.-21. März 2014 | |
gi.conference.location | Wien, Österreich | |
gi.conference.sessiontitle | Regular Research Papers |
Dateien
Originalbündel
1 - 1 von 1