Forum for Science, Industry and Business

Sponsored by:     3M 
Search our Site:

 

Once usability becomes secure

21.09.2012
RUB researcher optimizes Single Sign-On

Risk increases with comfort: "Single Sign-On" permits users to access all their protected Web resources, replacing repeated sign-ins with passwords. However, attackers also know about the advantages such a single point of attack offers to them.

Andreas Mayer, who is writing his PhD thesis as an external doctoral candidate at the Chair for Network and Data Security (Prof. Dr. Jörg Schwenk) at Ruhr-Universität Bochum, has now been able to significantly increase the security of this central interface for the simpleSAMLphp framework.

In the past, no protection against targeted Web attacks

The "Single sign-on" system, in short SSO, seems to be a wonderful solution for any user: "Once authenticated, the information and services are immediately available,without repeated inconvenient password input", says Mayer. However, this concept significantly increases the possible damage, which could harm the user through a "single point of attack".

The researchers in Bochum recently showed that the single sign-on is not as safe as assumed: They broke 12 of 14 SSO systems that had critical security flaws. "In the near future, we expect an increasing number of attacks on browser based SSO solutions such as Facebook Connect, SAML, OpenID and Microsoft Cardspace", explains Mayer. "It is very alarming that none of the currently used SSO protocols, developed during the last twelve years, provides effective protection against targeted attacks".

Highly efficient open source SSO solution

In the past, the many threatening scenarios, such as phishing, man-in-the-middle attacks, cross site scripting or Web malware, did not negatively affect the increasing popularity of SSO offerings. The "single sign-on, access everywhere" model is too comfortable and the users are too unsuspecting. Andreas Mayer addresses this risk with his own results: He implemented the OASIS-standardized "SAML Holder-of-Key Web Browser SSO Profile" in the popular open source framework "SimpleSAMLphp". "This profile binds the critical authentication and authorization information – the so-called security tokens – cryptographically to the browser of the legitimate user", explains Mayer. "The result is a highly effective, open source solution that is supported by all established browsers".

Andreas Mayer works at Adolf Würth GmbH & Co. KG and works in his free time at his doctoral thesis at the Chair for Network and Data Security of the RUB.

Further information
Prof. Dr. Jörg Schwenk, Faculty of Electrical Engineering and Information Technology, Chair for Network and Data Security, Ruhr-Universität Bochum (RUB), Phone. +49 234 32 26692, email joerg.schwenk@rub.de
Clicked
SimpleSAMLphp-Framework for download: http://www.simplesamlphp.org
RUB researchers break single sign-on (RUB press information No. 266 dated 8/10/2012): http://aktuell.ruhr-uni-bochum.de/pm2012/pm00266.html.de

Editorial journalist: Jens Wylkop

Dr. Jörg Schwenk | EurekAlert!
Further information:
http://www.ruhr-uni-bochum.de

More articles from Information Technology:

nachricht Ultra-precise chip-scale sensor detects unprecedentedly small changes at the nanoscale
18.01.2017 | The Hebrew University of Jerusalem

nachricht Data analysis optimizes cyber-physical systems in telecommunications and building automation
18.01.2017 | Fraunhofer-Institut für Algorithmen und Wissenschaftliches Rechnen SCAI

All articles from Information Technology >>>

The most recent press releases about innovation >>>

Die letzten 5 Focus-News des innovations-reports im Überblick:

Im Focus: Quantum optical sensor for the first time tested in space – with a laser system from Berlin

For the first time ever, a cloud of ultra-cold atoms has been successfully created in space on board of a sounding rocket. The MAIUS mission demonstrates that quantum optical sensors can be operated even in harsh environments like space – a prerequi-site for finding answers to the most challenging questions of fundamental physics and an important innovation driver for everyday applications.

According to Albert Einstein's Equivalence Principle, all bodies are accelerated at the same rate by the Earth's gravity, regardless of their properties. This...

Im Focus: Traffic jam in empty space

New success for Konstanz physicists in studying the quantum vacuum

An important step towards a completely new experimental access to quantum physics has been made at University of Konstanz. The team of scientists headed by...

Im Focus: How gut bacteria can make us ill

HZI researchers decipher infection mechanisms of Yersinia and immune responses of the host

Yersiniae cause severe intestinal infections. Studies using Yersinia pseudotuberculosis as a model organism aim to elucidate the infection mechanisms of these...

Im Focus: Interfacial Superconductivity: Magnetic and superconducting order revealed simultaneously

Researchers from the University of Hamburg in Germany, in collaboration with colleagues from the University of Aarhus in Denmark, have synthesized a new superconducting material by growing a few layers of an antiferromagnetic transition-metal chalcogenide on a bismuth-based topological insulator, both being non-superconducting materials.

While superconductivity and magnetism are generally believed to be mutually exclusive, surprisingly, in this new material, superconducting correlations...

Im Focus: Studying fundamental particles in materials

Laser-driving of semimetals allows creating novel quasiparticle states within condensed matter systems and switching between different states on ultrafast time scales

Studying properties of fundamental particles in condensed matter systems is a promising approach to quantum field theory. Quasiparticles offer the opportunity...

All Focus news of the innovation-report >>>

Anzeige

Anzeige

Event News

Sustainable Water use in Agriculture in Eastern Europe and Central Asia

19.01.2017 | Event News

12V, 48V, high-voltage – trends in E/E automotive architecture

10.01.2017 | Event News

2nd Conference on Non-Textual Information on 10 and 11 May 2017 in Hannover

09.01.2017 | Event News

 
Latest News

Tracking movement of immune cells identifies key first steps in inflammatory arthritis

23.01.2017 | Health and Medicine

Electrocatalysis can advance green transition

23.01.2017 | Physics and Astronomy

New technology for mass-production of complex molded composite components

23.01.2017 | Process Engineering

VideoLinks
B2B-VideoLinks
More VideoLinks >>>