Risk increases with comfort: "Single Sign-On" permits users to access all their protected Web resources, replacing repeated sign-ins with passwords. However, attackers also know about the advantages such a single point of attack offers to them.
Andreas Mayer, who is writing his PhD thesis as an external doctoral candidate at the Chair for Network and Data Security (Prof. Dr. Jörg Schwenk) at Ruhr-Universität Bochum, has now been able to significantly increase the security of this central interface for the simpleSAMLphp framework.
In the past, no protection against targeted Web attacks
The "Single sign-on" system, in short SSO, seems to be a wonderful solution for any user: "Once authenticated, the information and services are immediately available,without repeated inconvenient password input", says Mayer. However, this concept significantly increases the possible damage, which could harm the user through a "single point of attack".
The researchers in Bochum recently showed that the single sign-on is not as safe as assumed: They broke 12 of 14 SSO systems that had critical security flaws. "In the near future, we expect an increasing number of attacks on browser based SSO solutions such as Facebook Connect, SAML, OpenID and Microsoft Cardspace", explains Mayer. "It is very alarming that none of the currently used SSO protocols, developed during the last twelve years, provides effective protection against targeted attacks".
Highly efficient open source SSO solution
Editorial journalist: Jens Wylkop
Dr. Jörg Schwenk | EurekAlert!
Deep Learning predicts hematopoietic stem cell development
21.02.2017 | Helmholtz Zentrum München - Deutsches Forschungszentrum für Gesundheit und Umwelt
Sensors embedded in sports equipment could provide real-time analytics to your smartphone
16.02.2017 | University of Illinois College of Engineering
In the field of nanoscience, an international team of physicists with participants from Konstanz has achieved a breakthrough in understanding heat transport
Cells need to repair damaged DNA in our genes to prevent the development of cancer and other diseases. Our cells therefore activate and send “repair-proteins”...
The Fraunhofer IWS Dresden and Technische Universität Dresden inaugurated their jointly operated Center for Additive Manufacturing Dresden (AMCD) with a festive ceremony on February 7, 2017. Scientists from various disciplines perform research on materials, additive manufacturing processes and innovative technologies, which build up components in a layer by layer process. This technology opens up new horizons for component design and combinations of functions. For example during fabrication, electrical conductors and sensors are already able to be additively manufactured into components. They provide information about stress conditions of a product during operation.
The 3D-printing technology, or additive manufacturing as it is often called, has long made the step out of scientific research laboratories into industrial...
Nature does amazing things with limited design materials. Grass, for example, can support its own weight, resist strong wind loads, and recover after being...
Nanometer-scale magnetic perforated grids could create new possibilities for computing. Together with international colleagues, scientists from the Helmholtz Zentrum Dresden-Rossendorf (HZDR) have shown how a cobalt grid can be reliably programmed at room temperature. In addition they discovered that for every hole ("antidot") three magnetic states can be configured. The results have been published in the journal "Scientific Reports".
Physicist Dr. Rantej Bali from the HZDR, together with scientists from Singapore and Australia, designed a special grid structure in a thin layer of cobalt in...
13.02.2017 | Event News
10.02.2017 | Event News
09.02.2017 | Event News
21.02.2017 | Earth Sciences
21.02.2017 | Medical Engineering
21.02.2017 | Trade Fair News