The security limitations of SSO in OpenID

被引:0
|
作者
Oh, Hyun-Kyung [1 ,2 ]
Jin, Seung-Hun [2 ]
机构
[1] KUST, Informat Secur Engn, Seoul, South Korea
[2] ETRI, Digital ID Secur Res Team, Daejeon, South Korea
来源
10TH INTERNATIONAL CONFERENCE ON ADVANCED COMMUNICATION TECHNOLOGY, VOLS I-III: INNOVATIONS TOWARD FUTURE NETWORKS AND SERVICES | 2008年
关键词
OpenID; Single Sign-On(SSO); ID management system; cookie-based authentication system;
D O I
暂无
中图分类号
TP31 [计算机软件];
学科分类号
081202 ; 0835 ;
摘要
As the Internet becomes a way of social life, there arc lots of accounts which a user has to manage. To receive the web service, people have to register each web site. It is the OpenID to resolve these burdensome. The OpenID provides the Single Sign-On service which a user can be authenticated in several web sites by submitting the password of OpenID to authentication server only once. In this paper, we analyze the Single Sign-On in OpenID and show an experiment of vulnerability of OpenID.
引用
收藏
页码:1608 / +
页数:2
相关论文
共 50 条
  • [21] Formal Security Analysis of the OpenID FAPI 2.0 Family of Protocols: Accompanying a Standardization Process
    Hosseyni, Pedram
    Kuesters, Ralf
    Wuertele, Tim
    ACM TRANSACTIONS ON PRIVACY AND SECURITY, 2025, 28 (01)
  • [22] Security analysis of the OpenID Connect protocol integration with an OpenStack cloud using an external IdP
    Batista, Glauber Cassiano
    Miers, Charles Christian
    PROCEEDINGS OF THE 2016 XLII LATIN AMERICAN COMPUTING CONFERENCE (CLEI), 2016,
  • [23] An empirical study of security issues in SSO server-side implementations
    Hui WANG
    Dawu GU
    Yuanyuan ZHANG
    Yikun HU
    Science China(Information Sciences), 2022, 65 (07) : 253 - 255
  • [24] An empirical study of security issues in SSO server-side implementations
    Wang, Hui
    Gu, Dawu
    Zhang, Yuanyuan
    Hu, Yikun
    SCIENCE CHINA-INFORMATION SCIENCES, 2022, 65 (07)
  • [25] Security Analysis of Message Transfer underlying Web SSO Based on SAML
    Wu, Kaixing
    Yu, Xiaolin
    PROCEEDINGS OF 2008 INTERNATIONAL PRE-OLYMPIC CONGRESS ON COMPUTER SCIENCE, VOL I: COMPUTER SCIENCE AND ENGINEERING, 2008, : 387 - 390
  • [26] An empirical study of security issues in SSO server-side implementations
    Hui Wang
    Dawu Gu
    Yuanyuan Zhang
    Yikun Hu
    Science China Information Sciences, 2022, 65
  • [27] Using externals IdPs on OpenStack: A security analysis of OpenID Connect, Facebook Connect, and OpenStack authentication
    Batista, Glauber C.
    Pillon, Mauricio A.
    Koslovski, Guilherme P.
    Miers, Charles C.
    Gonzalez, Nelson Mimura
    Simplicio, Marcos A., Jr.
    PROCEEDINGS 2018 IEEE 32ND INTERNATIONAL CONFERENCE ON ADVANCED INFORMATION NETWORKING AND APPLICATIONS (AINA), 2018, : 920 - 927
  • [28] JSON']JSON Based Decentralized SSO Security Architecture in E-Commerce
    Ye Jun
    Li Zhishu
    Ma Yanyan
    PROCEEDINGS OF THE INTERNATIONAL SYMPOSIUM ON ELECTRONIC COMMERCE AND SECURITY, 2008, : 471 - +
  • [29] Length of service and commitment of nurses in hospitals of Social Security Organization (SSO) in Tehran
    Kelarijani, Seyed Ebrahim Jafari
    Heidarian, Ali Reza
    Jamshidi, Reza
    Khorshidi, Mohamad
    CASPIAN JOURNAL OF INTERNAL MEDICINE, 2014, 5 (02) : 94 - 98
  • [30] Security Challenges and Limitations in IoT Environments
    Al-Sharekh, Suha Ibrahim
    Al-Shqeerat, Khalil H. A.
    INTERNATIONAL JOURNAL OF COMPUTER SCIENCE AND NETWORK SECURITY, 2019, 19 (02): : 193 - 199
12345