Security analysis of OpenID

OpenID is a user-centric and decentralized Single Sign-On system. It enables users to sign into Relying Partiesby providing an authentication assertion from an OpenID Provider. It is supported by many leading internet companies and there are over a billion accounts capable of using OpenID. We present a security analysis of OpenID and the corresponding extensions and reveal several vulnerabilities. This paper demonstrates how identity information sent within the OpenID protocol can be manipulated, due to an improper verification of OpenID assertions and no integrity protection of the authentication request.

Sovis, Pavol; Kohlar, Florian; Schwenk, Jörg (2010): Security analysis of OpenID. Sicherheit 2010. Sicherheit, Schutz und Zuverlässigkeit. Bonn: Gesellschaft für Informatik e.V.. PISSN: 1617-5468. ISBN: 978-3-88579-264-2. pp. 329-340. Regular Research Papers. Berlin. 5.-7. Oktober 2010

Sammlungen

P170 - Sicherheit 2010 - Sicherheit, Schutz und Zuverlässigkeit

Komplettanzeige

Security analysis of OpenID

Volltext URI

Dokumententyp

Dateien

Zusatzinformation

Datum

Autor:innen

Zeitschriftentitel

ISSN der Zeitschrift

Bandtitel

Quelle

Verlag

Zusammenfassung

Beschreibung

Schlagwörter

Zitierform

DOI

Tags

Sammlungen