Skip to main content
Conference Proceedings

Weakest link attack on single sign-on and its case in SAML V2.0 web SSO

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (2006) 3982 LNCS 507-516
DOI: 10.1007/11751595_54
5Citations
Citations of this article
5Readers
Mendeley users who have this article in their library.
Get full text

Abstract

In many of the single sign-on (SSO) specifications that support multitiered authentication, it is not mandatory to include the authentication context in a signed response. This can be exploited by the adversaries to launch a new kind of attack specific to SSO systems. In this paper, we propose the Weakest Link Attack, which is a kind of parallel session attack feasible in the above settings. Our attack enables adversaries to succeed at all levels of authentication associate to the victim user by breaking only at the weakest one. We present a detailed case study of our attack on web SSO as specified in Security Assertions Markup Language (SAML) V2.0, an OASIS standard released in March, 2005. We also suggest the corresponding repair at the end of the paper.1 © Springer-Verlag Berlin Heidelberg 2006.

Cite

CITATION STYLE

APA

Chan, Y. Y. (2006). Weakest link attack on single sign-on and its case in SAML V2.0 web SSO. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 3982 LNCS, pp. 507–516). Springer Verlag. https://doi.org/10.1007/11751595_54

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Save time finding and organizing research with Mendeley

Sign up for free