Risk increases with comfort: "Single Sign-On" permits users to access all their protected Web resources, replacing repeated sign-ins with passwords. However, attackers also know about the advantages such a single point of attack offers to them.
Andreas Mayer, who is writing his PhD thesis as an external doctoral candidate at the Chair for Network and Data Security (Prof. Dr. Jörg Schwenk) at Ruhr-Universität Bochum, has now been able to significantly increase the security of this central interface for the simpleSAMLphp framework.
In the past, no protection against targeted Web attacks
The "Single sign-on" system, in short SSO, seems to be a wonderful solution for any user: "Once authenticated, the information and services are immediately available,without repeated inconvenient password input", says Mayer. However, this concept significantly increases the possible damage, which could harm the user through a "single point of attack".
The researchers in Bochum recently showed that the single sign-on is not as safe as assumed: They broke 12 of 14 SSO systems that had critical security flaws. "In the near future, we expect an increasing number of attacks on browser based SSO solutions such as Facebook Connect, SAML, OpenID and Microsoft Cardspace", explains Mayer. "It is very alarming that none of the currently used SSO protocols, developed during the last twelve years, provides effective protection against targeted attacks".
Highly efficient open source SSO solution
Editorial journalist: Jens Wylkop
Dr. Jörg Schwenk | EurekAlert!
New Foldable Drone Flies through Narrow Holes in Rescue Missions
12.12.2018 | Universität Zürich
NIST's antenna evaluation method could help boost 5G network capacity and cut costs
11.12.2018 | National Institute of Standards and Technology (NIST)
Researchers from the University of Basel have reported a new method that allows the physical state of just a few atoms or molecules within a network to be controlled. It is based on the spontaneous self-organization of molecules into extensive networks with pores about one nanometer in size. In the journal ‘small’, the physicists reported on their investigations, which could be of particular importance for the development of new storage devices.
Around the world, researchers are attempting to shrink data storage devices to achieve as large a storage capacity in as small a space as possible. In almost...
The more objects we make "smart," from watches to entire buildings, the greater the need for these devices to store and retrieve massive amounts of data quickly without consuming too much power.
Millions of new memory cells could be part of a computer chip and provide that speed and energy savings, thanks to the discovery of a previously unobserved...
What if, instead of turning up the thermostat, you could warm up with high-tech, flexible patches sewn into your clothes - while significantly reducing your...
A widely used diabetes medication combined with an antihypertensive drug specifically inhibits tumor growth – this was discovered by researchers from the University of Basel’s Biozentrum two years ago. In a follow-up study, recently published in “Cell Reports”, the scientists report that this drug cocktail induces cancer cell death by switching off their energy supply.
The widely used anti-diabetes drug metformin not only reduces blood sugar but also has an anti-cancer effect. However, the metformin dose commonly used in the...
A research team from the University of Zurich has developed a new drone that can retract its propeller arms in flight and make itself small to fit through narrow gaps and holes. This is particularly useful when searching for victims of natural disasters.
Inspecting a damaged building after an earthquake or during a fire is exactly the kind of job that human rescuers would like drones to do for them. A flying...
12.12.2018 | Event News
10.12.2018 | Event News
06.12.2018 | Event News
17.12.2018 | Physics and Astronomy
17.12.2018 | Architecture and Construction
17.12.2018 | Life Sciences