• Corpus ID: 15157068

On the security of modern Single Sign-On Protocols: Second-Order Vulnerabilities in OpenID Connect

  title={On the security of modern Single Sign-On Protocols: Second-Order Vulnerabilities in OpenID Connect},
  author={Vladislav Mladenov and Christian Mainka and J{\"o}rg Schwenk},
  journal={arXiv: Cryptography and Security},
OAuth is the new de facto standard for delegating authorization in the web. An important limitation of OAuth is the fact that it was designed for authorization and not for authentication. The usage of OAuth for authentication thus leads to serious vulnerabilities as shown by Zhou et. al. in [44] and Chen et. al. in [9]. OpenID Connect was created on top of OAuth to fill this gap by providing federated identity management and user authentication. OpenID Connect was standardized in February 2014… 
Assessment of Secure OpenID-Based DAAA Protocol for Avoiding Session Hijacking in Web Applications
The findings demonstrated that Dense Authentication Authorization and Accounting (DAAA) protocol minimizes the risk of a session hijacking in OpenID communication environment.
A Comprehensive Formal Security Analysis of OAuth 2.0
This paper carries out the first extensive formal analysis of the OAuth 2.0 standard in an expressive web model and shows that the fixed version of OAuth provides the authorization, authentication, and session integrity properties the authors specify.
Security Analysis of OpenID Connect Protocol with Cryptoverif in the Computational Model
This paper aimed at analyzing the authentication of OpenID Connect protocol by getting the message term of it through its authentication message flow, then formalizing it with Blanchet calculus in computational model, and finally transforming the model into the syntax of CryptoVerif, which shows that Open ID Connect protocol has no authentication between the End-User and Authorization Server, Token Endpoint can’t authenticate Client, while Client can authenticate Tokens Endpoint.
Towards Adoption of Authentication and Authorization in Identity Management and Single Sign On
This paper analyzes common problems that are faced during authentication and authorization and addresses the different benefits that an IAM and SSO tool can provide to reduce the security risk within an organization.
Securing digital identities in the cloud by selecting an apposite Federated Identity Management from SAML, OAuth and OpenID Connect
  • N. Naik, Paul Jenkins
  • Computer Science
    2017 11th International Conference on Research Challenges in Information Science (RCIS)
  • 2017
An assessment of three of the most popular FIdM standards considering their architectural design, working, security strength and security vulnerability is presented to cognise and ascertain effective usages to protect digital identities and credentials.
A Painstaking Analysis of Attacks on Hypervisors in Cloud Environment
In this paper, various security issues, various approaches used for overcoming them parallelly with their characteristics and limitations along with this many attacks on hypervisors are addressed in depth with their defending and offending approaches.
Future Proofing the OAuth 2 . 0 Authorization Code Grant Protocol by the application of BCM Principles
This paper demonstrates that additional parameters in all four messages are needed as well as the integrity protection of both authorization request and response and applies BCM principles on OAuth (RFC6749).
An Extensive Formal Security Analysis of the OpenID Financial-Grade API
This work is the first to formally analyze and, importantly, verify an Open Banking security profile, based on an existing comprehensive model of the web infrastructure - the Web Infrastructure Model (WIM) proposed by Fett, Küsters, and Schmitz.
Adaptive security architecture for protecting RESTful web services in enterprise computing environment
One of such algorithms to prevent SOA attacks on RESTful web services is presented along with the discussion on the obtained results of the conducted proof-of-concept on the real-time SOA environment.
Choice of suitable Identity and Access Management standards for mobile computing and communication
These IAM standards are evaluated based on the three types of analyses: comparative analysis, suitability analysis and security vulnerability analysis of SAML, OAuth and OIDC to ascertain suitable IAM to protect mobile computing and communication.


The devil is in the (implementation) details: an empirical analysis of OAuth SSO systems
This work examines the implementations of three major OAuth identity providers (IdP) (Facebook, Microsoft, and Google) and 96 popular RP websites that support the use of Facebook accounts for login and uncover several critical vulnerabilities that allow an attacker to gain unauthorized access to the victim user's profile and social graph, and impersonate the victim on the RP website.
Your Software at my Service: Security Analysis of SaaS Single Sign-On Solutions in the Cloud
The security of the SAML implementations of 22 CPs are studied and it is shown that 90% of them can be broken, resulting in company data exposure to attackers on the Internet.
Formal analysis of Facebook Connect Single Sign-On authentication protocol
A formal analysis of the authentication protocol of Facebook Connect, the Single Sign-On service offered by the Facebook Platform which allows Facebook users to login to affiliated sites, and proposes a modification of the protocol, by adding a message authentication mechanism.
On Breaking SAML: Be Whoever You Want to Be
An in-depth analysis of 14 major SAML frameworks is described and it is shown that 11 of them, including Salesforce, Shibboleth, and IBM XS40, have critical XML Signature wrapping (XSW) vulnerabilities.
Security analysis of the SAML single sign-on browser/artifact profile
  • Thomas Gross
  • Computer Science
    19th Annual Computer Security Applications Conference, 2003. Proceedings.
  • 2003
This work presents a security analysis of the SAML single sign-on browser/artifact profile, which is the first one for such a protocol standard and reveals several flaws in the specification that can lead to vulnerable implementations.
OAuth Demystified for Mobile Application Developers
In the paper, the key portions in each OAuth protocol flow that are security critical, but are confusing or unspecified for mobile application developers are pinpointed.
Signing Me onto Your Accounts through Facebook and Google: A Traffic-Guided Security Study of Commercially Deployed Single-Sign-On Web Services
This study shows that the overall security quality of SSO deployments seems worrisome, and hopes that the SSO community conducts a study similar to the authors', but in a larger scale, to better understand to what extent SSO is insecurely deployed and how to respond to the situation.
InteGuard: Toward Automatic Protection of Third-Party Web Service Integrations
InteGuard is the first system that offers security protection to vulnerable web API integrations by operating a proxy in front of the service integrator's web site, performing security checks on a set of invariant relations among the HTTP messages the integrator receives during a transaction.
Securing frame communication in browsers
This work analyzes two techniques for interframe communication between isolated frames and proposes improvements in the <code>postMessage</code> API to provide confidentiality, which has been standardized and adopted in browser implementations.