Security analysis of OpenID

Lecture Notes in Informatics (LNI), Proceedings - Series of the Gesellschaft fur Informatik (GI)

Volumn P-170, Issue , 2010, Pages 329-340

  Sovis, Pavol ^a   Kohlar, Florian ^a   Schwenk, Joerg ^a  

^a RUHR UNIVERSITY BOCHUM   (Germany)

Author keywords

[No Author keywords available]

Indexed keywords

IDENTITY INFORMATION; INTEGRITY PROTECTION; PROTOCOL CANS; SECURITY ANALYSIS; SINGLE SIGN ON; USER-CENTRIC;

AUTHENTICATION; INTERNET PROTOCOLS;

SECURITY SYSTEMS;

EID: 84869597130     PISSN: 16175468     EISSN: None     Source Type: Conference Proceeding    
DOI: None     Document Type: Conference Paper

References (14)

1. Adam Barth, Collin Jackson, and John C. Mitchell. Robust Defenses for Cross-Site Request Forgery, 2008.
2. T. Dierks and C. Allen. The TLS Protocol Version 1.0, January 1999.
3. A. Frier, P. Karlton, and P. Kocher. The SSL Protocol Version 3.0, November 1996.
4. Brad Fitzpatrick, David Recordon, Dick Hardt, and Josh Hoyt. OpenID Authentication 2.0, December 2007.
5. Thomas Groß and Birgit Pfitzmann. SAML Artifact Information Flow Revisited. In In IEEE Workshop on We b Services Security (WSSS), pages 84-100, Berkeley, May 2006. IEEE.
6. Thomas Groß. Security Analysis of the SAML Single Sign-on Browser/Artifact Profile. In Proceedings of the 19th Annual Computer Security Applications Conference (ACSAC'03). IEEE Computer Society Press, December 2003.
7. Sebastian Gajek, Jörg Schwenk, Michael Steiner, and Chen Xuan. Risks of the CardSpace Protocol. In Pierangela Samarati, Moti Yu ng, Fabio Martinelli, and Claudio Agostino Ardagna, editors, ISC, volume 5735 of Lecture Notes in Computer Science, pages 278-293. Springer, 2009.
8. Dick Hardt, Johnny Bufu, and Josh Hoyt. OpenID Attribute Exchange 1.0, December 2007.
9. Josh Hoyt, Jonathan Daugherty, and David Recordon. OpenID Simple Registration Extension 1.0, June 2006.
10. Shakir James. Web Single Sign-On Systems.
11. David P. Kormann and Aviel D. Rubin. Risks of the Passport Single Signon Protocol, 2000.
12. Ben Newman and Shivaram Lingamneni. CS259 Final Project: OpenID (Session Swapping Attack), 2008.
13. B. Pfitzmann and M. Waidner. Analysis of liberty single-sign-on with enabled clients. Internet Computing, IEEE, 7(6):38-44, 2003.
14. Eugene Tsyrklevich and Vlad Tsyrklevich. Single Sign-On for the Internet: A Security Story, July and August 2007.