In many of the single sign-on (SSO) specifications that support multitiered authentication, it is not mandatory to include the authentication context in a signed response. This can be exploited by the adversaries to launch a new kind of attack specific to SSO systems. In this paper, we propose the Weakest Link Attack, which is a kind of parallel session attack feasible in the above settings. Our attack enables adversaries to succeed at all levels of authentication associate to the victim user by breaking only at the weakest one. We present a detailed case study of our attack on web SSO as specified in Security Assertions Markup Language (SAML) V2.0, an OASIS standard released in March, 2005. We also suggest the corresponding repair at the end of the paper.1 © Springer-Verlag Berlin Heidelberg 2006.
CITATION STYLE
Chan, Y. Y. (2006). Weakest link attack on single sign-on and its case in SAML V2.0 web SSO. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 3982 LNCS, pp. 507–516). Springer Verlag. https://doi.org/10.1007/11751595_54
Mendeley helps you to discover research relevant for your work.