The security limitations of SSO in OpenID

被引：0

作者：

Oh, Hyun-Kyung ^{[1
,2
]}

Jin, Seung-Hun ^{[2
]}

机构：

[1] KUST, Informat Secur Engn, Seoul, South Korea

[2] ETRI, Digital ID Secur Res Team, Daejeon, South Korea

来源：

10TH INTERNATIONAL CONFERENCE ON ADVANCED COMMUNICATION TECHNOLOGY, VOLS I-III: INNOVATIONS TOWARD FUTURE NETWORKS AND SERVICES | 2008年

关键词：

OpenID; Single Sign-On(SSO); ID management system; cookie-based authentication system;

D O I：

暂无

中图分类号：

TP31 [计算机软件];

学科分类号：

081202 ; 0835 ;

摘要：

As the Internet becomes a way of social life, there arc lots of accounts which a user has to manage. To receive the web service, people have to register each web site. It is the OpenID to resolve these burdensome. The OpenID provides the Single Sign-On service which a user can be authenticated in several web sites by submitting the password of OpenID to authentication server only once. In this paper, we analyze the Single Sign-On in OpenID and show an experiment of vulnerability of OpenID.

引用

页码：1608 / +

页数：2

共 50 条

[31] STRATEGIC ARMS LIMITATIONS AND EUROPEAN SECURITY
COFFEY, JI
INTERNATIONAL AFFAIRS, 1971, 47 (04) : 692 - 707
[32] OPPORTUNITIES AND LIMITATIONS OF SECURITY EVALUATION CRITERIA
BRUNNSTEIN, K
FISCHERHUBNER, S
WIRTSCHAFTSINFORMATIK, 1992, 34 (04): : 391 - 400
[33] Analyzing Privacy Implications and Security Vulnerabilities in Single Sign-On Systems: A Case Study on OpenID Connect
Al Shabi, Mohammed
Marie, Rashiq Rafiq
INTERNATIONAL JOURNAL OF ADVANCED COMPUTER SCIENCE AND APPLICATIONS, 2024, 15 (04) : 637 - 646
[34] Methods and limitations of security policy reconciliation
Mcdaniel, Patrick
Prakash, Atul
ACM Transactions on Information and System Security, 2006, 9 (03) : 259 - 291
[35] Methods and limitations of security policy reconciliation
McDaniel, P
Prakash, A
2002 IEEE SYMPOSIUM ON SECURITY AND PRIVACY, PROCEEDINGS, 2002, : 73 - 87
[36] Systematically breaking and fixing OpenID security: Formal analysis, semi-automated empirical evaluation, and practical countermeasures
Sun, San-Tsai
Hawkey, Kirstie
Beznosov, Konstantin
COMPUTERS & SECURITY, 2012, 31 (04) : 465 - 483
[37] OpenID authentication as a service in OpenStack
Khan, Rasib Hassan
Ylitalo, Jukka
Ahmed, Abu Shohel
Proceedings of the 2011 7th International Conference on Information Assurance and Security, IAS 2011, 2011, : 372 - 377
[38] EVALUATION OF SOCIAL SECURITY ORGANIZATION'(SSO) REGULATIONS ON PHYSICIAN PRESCRIBING PATTERN IN IRAN IN 2014
Soleymani, F.
Kebriaeezadeh, A.
VALUE IN HEALTH, 2016, 19 (07) : A834 - A834
[39] The State of Security Studies in India: Limitations and Potential
Singh, Swaran
MILLENNIAL ASIA, 2015, 6 (02) : 191 - 204
[40] Limitations of Security Standards against Public Clouds
Chemerkin, Yury
INTERNATIONAL CONFERENCE ON INFORMATION SOCIETY (I-SOCIETY 2013), 2013, : 55 - 60

← 1 2 3 4 5 →