Forum for Science, Industry and Business

Sponsored by:     3M 
Search our Site:

 

Once usability becomes secure

21.09.2012
RUB researcher optimizes Single Sign-On

Risk increases with comfort: "Single Sign-On" permits users to access all their protected Web resources, replacing repeated sign-ins with passwords. However, attackers also know about the advantages such a single point of attack offers to them.

Andreas Mayer, who is writing his PhD thesis as an external doctoral candidate at the Chair for Network and Data Security (Prof. Dr. Jörg Schwenk) at Ruhr-Universität Bochum, has now been able to significantly increase the security of this central interface for the simpleSAMLphp framework.

In the past, no protection against targeted Web attacks

The "Single sign-on" system, in short SSO, seems to be a wonderful solution for any user: "Once authenticated, the information and services are immediately available,without repeated inconvenient password input", says Mayer. However, this concept significantly increases the possible damage, which could harm the user through a "single point of attack".

The researchers in Bochum recently showed that the single sign-on is not as safe as assumed: They broke 12 of 14 SSO systems that had critical security flaws. "In the near future, we expect an increasing number of attacks on browser based SSO solutions such as Facebook Connect, SAML, OpenID and Microsoft Cardspace", explains Mayer. "It is very alarming that none of the currently used SSO protocols, developed during the last twelve years, provides effective protection against targeted attacks".

Highly efficient open source SSO solution

In the past, the many threatening scenarios, such as phishing, man-in-the-middle attacks, cross site scripting or Web malware, did not negatively affect the increasing popularity of SSO offerings. The "single sign-on, access everywhere" model is too comfortable and the users are too unsuspecting. Andreas Mayer addresses this risk with his own results: He implemented the OASIS-standardized "SAML Holder-of-Key Web Browser SSO Profile" in the popular open source framework "SimpleSAMLphp". "This profile binds the critical authentication and authorization information – the so-called security tokens – cryptographically to the browser of the legitimate user", explains Mayer. "The result is a highly effective, open source solution that is supported by all established browsers".

Andreas Mayer works at Adolf Würth GmbH & Co. KG and works in his free time at his doctoral thesis at the Chair for Network and Data Security of the RUB.

Further information
Prof. Dr. Jörg Schwenk, Faculty of Electrical Engineering and Information Technology, Chair for Network and Data Security, Ruhr-Universität Bochum (RUB), Phone. +49 234 32 26692, email joerg.schwenk@rub.de
Clicked
SimpleSAMLphp-Framework for download: http://www.simplesamlphp.org
RUB researchers break single sign-on (RUB press information No. 266 dated 8/10/2012): http://aktuell.ruhr-uni-bochum.de/pm2012/pm00266.html.de

Editorial journalist: Jens Wylkop

Dr. Jörg Schwenk | EurekAlert!
Further information:
http://www.ruhr-uni-bochum.de

More articles from Information Technology:

nachricht New Foldable Drone Flies through Narrow Holes in Rescue Missions
12.12.2018 | Universität Zürich

nachricht NIST's antenna evaluation method could help boost 5G network capacity and cut costs
11.12.2018 | National Institute of Standards and Technology (NIST)

All articles from Information Technology >>>

The most recent press releases about innovation >>>

Die letzten 5 Focus-News des innovations-reports im Überblick:

Im Focus: Data storage using individual molecules

Researchers from the University of Basel have reported a new method that allows the physical state of just a few atoms or molecules within a network to be controlled. It is based on the spontaneous self-organization of molecules into extensive networks with pores about one nanometer in size. In the journal ‘small’, the physicists reported on their investigations, which could be of particular importance for the development of new storage devices.

Around the world, researchers are attempting to shrink data storage devices to achieve as large a storage capacity in as small a space as possible. In almost...

Im Focus: Data use draining your battery? Tiny device to speed up memory while also saving power

The more objects we make "smart," from watches to entire buildings, the greater the need for these devices to store and retrieve massive amounts of data quickly without consuming too much power.

Millions of new memory cells could be part of a computer chip and provide that speed and energy savings, thanks to the discovery of a previously unobserved...

Im Focus: An energy-efficient way to stay warm: Sew high-tech heating patches to your clothes

Personal patches could reduce energy waste in buildings, Rutgers-led study says

What if, instead of turning up the thermostat, you could warm up with high-tech, flexible patches sewn into your clothes - while significantly reducing your...

Im Focus: Lethal combination: Drug cocktail turns off the juice to cancer cells

A widely used diabetes medication combined with an antihypertensive drug specifically inhibits tumor growth – this was discovered by researchers from the University of Basel’s Biozentrum two years ago. In a follow-up study, recently published in “Cell Reports”, the scientists report that this drug cocktail induces cancer cell death by switching off their energy supply.

The widely used anti-diabetes drug metformin not only reduces blood sugar but also has an anti-cancer effect. However, the metformin dose commonly used in the...

Im Focus: New Foldable Drone Flies through Narrow Holes in Rescue Missions

A research team from the University of Zurich has developed a new drone that can retract its propeller arms in flight and make itself small to fit through narrow gaps and holes. This is particularly useful when searching for victims of natural disasters.

Inspecting a damaged building after an earthquake or during a fire is exactly the kind of job that human rescuers would like drones to do for them. A flying...

All Focus news of the innovation-report >>>

Anzeige

Anzeige

VideoLinks
Industry & Economy
Event News

ICTM Conference 2019: Digitization emerges as an engineering trend for turbomachinery construction

12.12.2018 | Event News

New Plastics Economy Investor Forum - Meeting Point for Innovations

10.12.2018 | Event News

EGU 2019 meeting: Media registration now open

06.12.2018 | Event News

 
Latest News

Formed to Meet Customers’ Needs – New Laser Beams for Glass Processing

17.12.2018 | Physics and Astronomy

Preserving soil quality in the long term

17.12.2018 | Architecture and Construction

New RNA sequencing strategy provides insight into microbiomes

17.12.2018 | Life Sciences

VideoLinks
Science & Research
Overview of more VideoLinks >>>