File Download

There are no files associated with this item.

  Links for fulltext
     (May Require Subscription)
Supplementary

Article: Weakest link attack on single sign-on and its case in SAML V2.0 web SSO

TitleWeakest link attack on single sign-on and its case in SAML V2.0 web SSO
Authors
KeywordsComputer Programming Languages
Parallel Processing Systems
Security Of Data
Standards
Issue Date2006
PublisherSpringer Verlag. The Journal's web site is located at http://springerlink.com/content/105633/
Citation
Lecture Notes In Computer Science (Including Subseries Lecture Notes In Artificial Intelligence And Lecture Notes In Bioinformatics), 2006, v. 3982 LNCS, p. 507-516 How to Cite?
AbstractIn many of the single sign-on (SSO) specifications that support multitiered authentication, it is not mandatory to include the authentication context in a signed response. This can be exploited by the adversaries to launch a new kind of attack specific to SSO systems. In this paper, we propose the Weakest Link Attack, which is a kind of parallel session attack feasible in the above settings. Our attack enables adversaries to succeed at all levels of authentication associate to the victim user by breaking only at the weakest one. We present a detailed case study of our attack on web SSO as specified in Security Assertions Markup Language (SAML) V2.0, an OASIS standard released in March, 2005. We also suggest the corresponding repair at the end of the paper.1 © Springer-Verlag Berlin Heidelberg 2006.
Persistent Identifierhttp://hdl.handle.net/10722/134698
ISSN
2005 Impact Factor: 0.402
2015 SCImago Journal Rankings: 0.252
References

 

DC FieldValueLanguage
dc.contributor.authorChan, YYen_HK
dc.date.accessioned2011-07-05T08:24:37Z-
dc.date.available2011-07-05T08:24:37Z-
dc.date.issued2006en_HK
dc.identifier.citationLecture Notes In Computer Science (Including Subseries Lecture Notes In Artificial Intelligence And Lecture Notes In Bioinformatics), 2006, v. 3982 LNCS, p. 507-516en_HK
dc.identifier.issn0302-9743en_HK
dc.identifier.urihttp://hdl.handle.net/10722/134698-
dc.description.abstractIn many of the single sign-on (SSO) specifications that support multitiered authentication, it is not mandatory to include the authentication context in a signed response. This can be exploited by the adversaries to launch a new kind of attack specific to SSO systems. In this paper, we propose the Weakest Link Attack, which is a kind of parallel session attack feasible in the above settings. Our attack enables adversaries to succeed at all levels of authentication associate to the victim user by breaking only at the weakest one. We present a detailed case study of our attack on web SSO as specified in Security Assertions Markup Language (SAML) V2.0, an OASIS standard released in March, 2005. We also suggest the corresponding repair at the end of the paper.1 © Springer-Verlag Berlin Heidelberg 2006.en_HK
dc.languageengen_US
dc.publisherSpringer Verlag. The Journal's web site is located at http://springerlink.com/content/105633/en_HK
dc.relation.ispartofLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)en_HK
dc.subjectComputer Programming Languagesen_US
dc.subjectParallel Processing Systemsen_US
dc.subjectSecurity Of Dataen_US
dc.subjectStandardsen_US
dc.titleWeakest link attack on single sign-on and its case in SAML V2.0 web SSOen_HK
dc.typeArticleen_HK
dc.identifier.emailChan, YY: yychan8@hkucc.hku.hken_HK
dc.identifier.authorityChan, YY=rp00894en_HK
dc.description.naturelink_to_subscribed_fulltexten_US
dc.identifier.doi10.1007/11751595_54en_HK
dc.identifier.scopuseid_2-s2.0-33745907804en_HK
dc.relation.referenceshttp://www.scopus.com/mlt/select.url?eid=2-s2.0-33745907804&selection=ref&src=s&origin=recordpageen_HK
dc.identifier.volume3982 LNCSen_HK
dc.identifier.spage507en_HK
dc.identifier.epage516en_HK
dc.identifier.eissn1611-3349-
dc.publisher.placeGermanyen_HK
dc.identifier.scopusauthoridChan, YY=7403676264en_HK

Export via OAI-PMH Interface in XML Formats


OR


Export to Other Non-XML Formats