The security limitations of SSO in OpenID

被引:0
|
作者
Oh, Hyun-Kyung [1 ,2 ]
Jin, Seung-Hun [2 ]
机构
[1] KUST, Informat Secur Engn, Seoul, South Korea
[2] ETRI, Digital ID Secur Res Team, Daejeon, South Korea
来源
10TH INTERNATIONAL CONFERENCE ON ADVANCED COMMUNICATION TECHNOLOGY, VOLS I-III: INNOVATIONS TOWARD FUTURE NETWORKS AND SERVICES | 2008年
关键词
OpenID; Single Sign-On(SSO); ID management system; cookie-based authentication system;
D O I
暂无
中图分类号
TP31 [计算机软件];
学科分类号
081202 ; 0835 ;
摘要
As the Internet becomes a way of social life, there arc lots of accounts which a user has to manage. To receive the web service, people have to register each web site. It is the OpenID to resolve these burdensome. The OpenID provides the Single Sign-On service which a user can be authenticated in several web sites by submitting the password of OpenID to authentication server only once. In this paper, we analyze the Single Sign-On in OpenID and show an experiment of vulnerability of OpenID.
引用
收藏
页码:1608 / +
页数:2
相关论文
共 50 条
  • [1] The Web SSO Standard OpenID Connect: In-Depth Formal Security Analysis and Security Guidelines
    Fett, Daniel
    Kuesters, Ralf
    Schmitz, Guido
    2017 IEEE 30TH COMPUTER SECURITY FOUNDATIONS SYMPOSIUM (CSF), 2017, : 189 - 202
  • [2] A Security Analysis of OpenID
    van Delft, Bart
    Oostdijk, Martijn
    POLICIES AND RESEARCH IN IDENTITY MANAGEMENT, 2010, 343 : 73 - +
  • [3] The Requirement Model for Improved OpenID Single Sign-On (SSO) Authentication to Thwart Phishing Attack
    Zakaria, Nur Haryani
    Nayan, Nadia Hasidah Mat
    Tahir, Hatim Mohamad
    Katuk, Norliza
    Mohammed, Abubakar
    ADVANCED SCIENCE LETTERS, 2017, 23 (06) : 5410 - 5414
  • [4] Automatic Verification of Security of OpenID Connect Protocol with ProVerif
    Lu, Jintian
    Zhang, Jinli
    Li, Jing
    Wan, Zhongyu
    Meng, Bo
    ADVANCES ON P2P, PARALLEL, GRID, CLOUD AND INTERNET COMPUTING, 2017, 1 : 209 - 220
  • [5] SoK: Single Sign-On Security - An Evaluation of OpenID Connect
    Mainka, Christian
    Mladenov, Vladislav
    Schwenk, Joerg
    Wich, Tobias
    2017 IEEE EUROPEAN SYMPOSIUM ON SECURITY AND PRIVACY (EUROS&P), 2017, : 251 - 266
  • [6] SSO noise electrical performance limitations for PQFP packages
    Lin, L
    Prince, JL
    IEEE TRANSACTIONS ON COMPONENTS PACKAGING AND MANUFACTURING TECHNOLOGY PART B-ADVANCED PACKAGING, 1997, 20 (03): : 292 - 297
  • [7] Multi-Level Security Framework for OpenID and Its Applications
    Wei Junyin
    Zhang Mingxi
    Ding Xiangwu
    Wang Ying
    Shi Jiangping
    2010 INTERNATIONAL CONFERENCE ON MANAGEMENT SCIENCE AND SAFETY ENGINEERING (MSSE 2010), VOLS I AND II, 2010, : 612 - 616
  • [8] SSO noise electrical performance limitations for PQFP packages
    Lin, L
    Prince, JL
    ELECTRICAL PERFORMANCE OF ELECTRONIC PACKAGING - IEEE 5TH TOPICAL MEETING, 1996, : 117 - 119
  • [9] Security Analysis of OpenID Connect Protocol with Cryptoverif in the Computational Model
    Zhang, Jinli
    Lu, Jintian
    Wan, Zhongyu
    Li, Jing
    Meng, Bo
    ADVANCES ON P2P, PARALLEL, GRID, CLOUD AND INTERNET COMPUTING, 2017, 1 : 925 - 934
  • [10] Formal Security Analysis of the OpenID FAPI 2.0: Accompanying a Standardization Process
    Hosseyni, Pedram
    Kusters, Ralf
    Wuertele, Tim
    2024 IEEE 37TH COMPUTER SECURITY FOUNDATIONS SYMPOSIUM, CSF 2024, 2024, : 589 - 604
12345