Gesellschaft für Informatik e.V.

Lecture Notes in Informatics


Sicherheit 2010 Sicherheit, Schutz und Zuverlässigkeit P-170, 329-340 (2010).

Gesellschaft für Informatik, Bonn
2010


Copyright © Gesellschaft für Informatik, Bonn

Contents

Security analysis of openid

Pavol Sovis , Florian Kohlar and Jörg Schwenk

Abstract


OpenID is a user-centric and decentralized Single Sign-On system. It enables users to sign into Relying Partiesby providing an authentication assertion from an OpenID Provider. It is supported by many leading internet companies and there are over a billion accounts capable of using OpenID. We present a security analysis of OpenID and the corresponding extensions and reveal several vulnerabilities. This paper demonstrates how identity information sent within the OpenID protocol can be manipulated, due to an improper verification of OpenID assertions and no integrity protection of the authentication request.


Full Text: PDF

Gesellschaft für Informatik, Bonn
ISBN 978-3-88579-264-2


Last changed 04.10.2013 18:32:26