On the Security of Holder-of-Key Single Sign-On
نویسندگان
چکیده
Web Single Sign-On (SSO) is a valuable point of attack because it provides access to multiple resources once a user has initially authenticated. Therefore, the security of Web SSO is crucial. In this context, the SAML-based Holder-of-Key (HoK) SSO Profile is a cryptographically strong authentication protocol that is used in highly critical scenarios. We show that HoK is susceptible to a previously published attack by Armando et al. [ACC11] that combines logical flaws with cross-site scripting. To fix this vulnerability, we propose to enhance HoK and call our novel approach HoK+. We have implemented HoK+ in the popular open source framework SimpleSAMLphp.
منابع مشابه
DFT Study on the Possible Intramolecular Rearrangement of Four Monocyclic Monoterpenes
As the basis and preliminary work of future experimental study on PAHs formation under high temperature, theoretical computations on the intramolecular rearrangement reactions of sylvestrene (1-methyl-3-vinylcyclohexene) and 1,4-dimethyl-4-vinylcyclohexene are conducted and reveal that they may be transformed to themselves. The conversion between Dipentene and 2,4-dimethyl-4-vinylcyclohexen...
متن کاملAnalyses of Labour Productivity among Small-Holder Cassava Farmers for Food Security and Empowerment in Central Madagascar
Labour productivity affects food security, but quantifying this relationship has been scarce with respect to empirical literature. The Central Madagascar dataset explores the influence of labour productivity and related variables on the food security status of cassava farmers. Drawing on both theory and empirical evidence, this paper argues that fundamental effects of links between labour produ...
متن کاملPrivate Key based query on encrypted data
Nowadays, users of information systems have inclination to use a central server to decrease data transferring and maintenance costs. Since such a system is not so trustworthy, users' data usually upkeeps encrypted. However, encryption is not a nostrum for security problems and cannot guarantee the data security. In other words, there are some techniques that can endanger security of encrypted d...
متن کاملA Distributed Authentication Model for an E-Health Network Using Blockchain
Introduction: One of the most important and challenging areas under the influence of information technology is the field of health. This pervasive influence has led to the development of electronic health (e-health) networks with a variety of services of different qualities. The issue of security management, maintaining confidentiality and data integrity, and exchanging it in a secure environme...
متن کاملImpossible Differential Cryptanalysis on Deoxys-BC-256
Deoxys is a final-round candidate of the CAESAR competition. Deoxys is built upon an internal tweakable block cipher Deoxys-BC, where in addition to the plaintext and key, it takes an extra non-secret input called a tweak. This paper presents the first impossible differential cryptanalysis of Deoxys-BC-256 which is used in Deoxys as an internal tweakable block cipher. First, we find a 4.5-round...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2014