Risk increases with comfort: "Single Sign-On" permits users to access all their protected Web resources, replacing repeated sign-ins with passwords. However, attackers also know about the advantages such a single point of attack offers to them.
Andreas Mayer, who is writing his PhD thesis as an external doctoral candidate at the Chair for Network and Data Security (Prof. Dr. Jörg Schwenk) at Ruhr-Universität Bochum, has now been able to significantly increase the security of this central interface for the simpleSAMLphp framework.
In the past, no protection against targeted Web attacks
The "Single sign-on" system, in short SSO, seems to be a wonderful solution for any user: "Once authenticated, the information and services are immediately available,without repeated inconvenient password input", says Mayer. However, this concept significantly increases the possible damage, which could harm the user through a "single point of attack".
The researchers in Bochum recently showed that the single sign-on is not as safe as assumed: They broke 12 of 14 SSO systems that had critical security flaws. "In the near future, we expect an increasing number of attacks on browser based SSO solutions such as Facebook Connect, SAML, OpenID and Microsoft Cardspace", explains Mayer. "It is very alarming that none of the currently used SSO protocols, developed during the last twelve years, provides effective protection against targeted attacks".
Highly efficient open source SSO solution
Editorial journalist: Jens Wylkop
Dr. Jörg Schwenk | EurekAlert!
Stable magnetic bit of three atoms
21.09.2017 | Sonderforschungsbereich 668
Drones can almost see in the dark
20.09.2017 | Universität Zürich
19.09.2017 | Event News
12.09.2017 | Event News
06.09.2017 | Event News
21.09.2017 | Physics and Astronomy
21.09.2017 | Life Sciences
21.09.2017 | Health and Medicine