• 主题
高级搜索  >
历史搜索 清空历史
首页> 外文会议>International Conference on Computational Science and Its Applications(ICCSA 2006) pt.3; 20060508-11; Glasgow(GB) >Weakest Link Attack on Single Sign-On and Its Case in SAML V2.0 Web SSO
【24h】

Weakest Link Attack on Single Sign-On and Its Case in SAML V2.0 Web SSO

机译:SAML V2.0 Web SSO中对单点登录的最弱链接攻击及其案例

获取原文
获取原文并翻译 | 示例
页面导航
  • 摘要
  • 著录项
  • 相似文献
  • 相关主题

摘要

In many of the single sign-on (SSO) specifications that support multitiered authentication, it is not mandatory to include the authentication context in a signed response. This can be exploited by the adversaries to launch a new kind of attack specific to SSO systems. In this paper, we propose the Weakest Link Attack, which is a kind of parallel session attack feasible in the above settings. Our attack enables adversaries to succeed at all levels of authentication associate to the victim user by breaking only at the weakest one. We present a detailed case study of our attack on web SSO as specified in Security Assertions Markup Language (SAML) V2.0, an OASIS standard released in March, 2005. We also suggest the corresponding repair at the end of the paper.
机译:在许多支持多层身份验证的单点登录(SSO)规范中,并非强制要求在签名响应中包括身份验证上下文。攻击者可以利用它来发起特定于SSO系统的新型攻击。在本文中,我们提出了最弱链接攻击,这是一种在上述设置下可行的并行会话攻击。我们的攻击使攻击者仅通过破坏最弱的一员,就可以在与受害者用户相关联的所有身份验证级别上成功。我们按照安全断言标记语言(SAML)V2.0(2005年3月发布的OASIS标准)中的规定,针对我们对Web SSO的攻击进行了详细的案例研究。我们还建议在本文结尾处进行相应的修复。

著录项

相似文献

  • 外文文献
  • 中文文献
  • 专利
获取原文

客服邮箱:kefu@zhangqiaokeyan.com

京公网安备:11010802029741号 ICP备案号:京ICP备15016152号-6 六维联合信息科技 (北京) 有限公司©版权所有

  • 客服微信

  • 服务号