Forum for Science, Industry and Business

Sponsored by:     3M 
Search our Site:

 

Once usability becomes secure

21.09.2012
RUB researcher optimizes Single Sign-On

Risk increases with comfort: "Single Sign-On" permits users to access all their protected Web resources, replacing repeated sign-ins with passwords. However, attackers also know about the advantages such a single point of attack offers to them.

Andreas Mayer, who is writing his PhD thesis as an external doctoral candidate at the Chair for Network and Data Security (Prof. Dr. Jörg Schwenk) at Ruhr-Universität Bochum, has now been able to significantly increase the security of this central interface for the simpleSAMLphp framework.

In the past, no protection against targeted Web attacks

The "Single sign-on" system, in short SSO, seems to be a wonderful solution for any user: "Once authenticated, the information and services are immediately available,without repeated inconvenient password input", says Mayer. However, this concept significantly increases the possible damage, which could harm the user through a "single point of attack".

The researchers in Bochum recently showed that the single sign-on is not as safe as assumed: They broke 12 of 14 SSO systems that had critical security flaws. "In the near future, we expect an increasing number of attacks on browser based SSO solutions such as Facebook Connect, SAML, OpenID and Microsoft Cardspace", explains Mayer. "It is very alarming that none of the currently used SSO protocols, developed during the last twelve years, provides effective protection against targeted attacks".

Highly efficient open source SSO solution

In the past, the many threatening scenarios, such as phishing, man-in-the-middle attacks, cross site scripting or Web malware, did not negatively affect the increasing popularity of SSO offerings. The "single sign-on, access everywhere" model is too comfortable and the users are too unsuspecting. Andreas Mayer addresses this risk with his own results: He implemented the OASIS-standardized "SAML Holder-of-Key Web Browser SSO Profile" in the popular open source framework "SimpleSAMLphp". "This profile binds the critical authentication and authorization information – the so-called security tokens – cryptographically to the browser of the legitimate user", explains Mayer. "The result is a highly effective, open source solution that is supported by all established browsers".

Andreas Mayer works at Adolf Würth GmbH & Co. KG and works in his free time at his doctoral thesis at the Chair for Network and Data Security of the RUB.

Further information
Prof. Dr. Jörg Schwenk, Faculty of Electrical Engineering and Information Technology, Chair for Network and Data Security, Ruhr-Universität Bochum (RUB), Phone. +49 234 32 26692, email joerg.schwenk@rub.de
Clicked
SimpleSAMLphp-Framework for download: http://www.simplesamlphp.org
RUB researchers break single sign-on (RUB press information No. 266 dated 8/10/2012): http://aktuell.ruhr-uni-bochum.de/pm2012/pm00266.html.de

Editorial journalist: Jens Wylkop

Dr. Jörg Schwenk | EurekAlert!
Further information:
http://www.ruhr-uni-bochum.de

More articles from Information Technology:

nachricht Snake-inspired robot uses kirigami to move
22.02.2018 | Harvard John A. Paulson School of Engineering and Applied Sciences

nachricht Camera technology in vehicles: Low-latency image data compression
22.02.2018 | Fraunhofer-Institut für Nachrichtentechnik, Heinrich-Hertz-Institut, HHI

All articles from Information Technology >>>

The most recent press releases about innovation >>>

Die letzten 5 Focus-News des innovations-reports im Überblick:

Im Focus: Good vibrations feel the force

A group of researchers led by Andrea Cavalleri at the Max Planck Institute for Structure and Dynamics of Matter (MPSD) in Hamburg has demonstrated a new method enabling precise measurements of the interatomic forces that hold crystalline solids together. The paper Probing the Interatomic Potential of Solids by Strong-Field Nonlinear Phononics, published online in Nature, explains how a terahertz-frequency laser pulse can drive very large deformations of the crystal.

By measuring the highly unusual atomic trajectories under extreme electromagnetic transients, the MPSD group could reconstruct how rigid the atomic bonds are...

Im Focus: Developing reliable quantum computers

International research team makes important step on the path to solving certification problems

Quantum computers may one day solve algorithmic problems which even the biggest supercomputers today can’t manage. But how do you test a quantum computer to...

Im Focus: In best circles: First integrated circuit from self-assembled polymer

For the first time, a team of researchers at the Max-Planck Institute (MPI) for Polymer Research in Mainz, Germany, has succeeded in making an integrated circuit (IC) from just a monolayer of a semiconducting polymer via a bottom-up, self-assembly approach.

In the self-assembly process, the semiconducting polymer arranges itself into an ordered monolayer in a transistor. The transistors are binary switches used...

Im Focus: Demonstration of a single molecule piezoelectric effect

Breakthrough provides a new concept of the design of molecular motors, sensors and electricity generators at nanoscale

Researchers from the Institute of Organic Chemistry and Biochemistry of the CAS (IOCB Prague), Institute of Physics of the CAS (IP CAS) and Palacký University...

Im Focus: Hybrid optics bring color imaging using ultrathin metalenses into focus

For photographers and scientists, lenses are lifesavers. They reflect and refract light, making possible the imaging systems that drive discovery through the microscope and preserve history through cameras.

But today's glass-based lenses are bulky and resist miniaturization. Next-generation technologies, such as ultrathin cameras or tiny microscopes, require...

All Focus news of the innovation-report >>>

Anzeige

Anzeige

VideoLinks
Industry & Economy
Event News

2nd International Conference on High Temperature Shape Memory Alloys (HTSMAs)

15.02.2018 | Event News

Aachen DC Grid Summit 2018

13.02.2018 | Event News

How Global Climate Policy Can Learn from the Energy Transition

12.02.2018 | Event News

 
Latest News

Newly designed molecule binds nitrogen

23.02.2018 | Life Sciences

Stagnation in the South Pacific Explains Natural CO2 Fluctuations

23.02.2018 | Earth Sciences

Mat4Rail: EU Research Project on the Railway of the Future

23.02.2018 | Materials Sciences

VideoLinks
Science & Research
Overview of more VideoLinks >>>