Collisions for the compression function of MD5
EUROCRYPT '93 Workshop on the theory and application of cryptographic techniques on Advances in cryptology
Risks of the passport single signon protocol
Proceedings of the 9th international World Wide Web conference on Computer networks : the international journal of computer and telecommunications netowrking
Security Analysis of the SAML Single Sign-on Browser/Artifact Profile
ACSAC '03 Proceedings of the 19th Annual Computer Security Applications Conference
Analysis of Liberty Single-Sign-on with Enabled Clients
IEEE Internet Computing
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
OpenID 2.0: a platform for user-centric identity management
Proceedings of the second ACM workshop on Digital identity management
Dynamic pharming attacks and locked same-origin policies for web browsers
Proceedings of the 14th ACM conference on Computer and communications security
Forcehttps: protecting high-security web sites from network attacks
Proceedings of the 17th international conference on World Wide Web
Chosen-Prefix Collisions for MD5 and Colliding X.509 Certificates for Different Identities
EUROCRYPT '07 Proceedings of the 26th annual international conference on Advances in Cryptology
Robust defenses for cross-site request forgery
Proceedings of the 15th ACM conference on Computer and communications security
Stronger TLS bindings for SAML assertions and SAML artifacts
Proceedings of the 2008 ACM workshop on Secure web services
A Browser-Based Kerberos Authentication Scheme
ESORICS '08 Proceedings of the 13th European Symposium on Research in Computer Security: Computer Security
Short Chosen-Prefix Collisions for MD5 and the Creation of a Rogue CA Certificate
CRYPTO '09 Proceedings of the 29th Annual International Cryptology Conference on Advances in Cryptology
WSKE: web server key enabled cookies
FC'07/USEC'07 Proceedings of the 11th International Conference on Financial cryptography and 1st International conference on Usable Security
On the possibility of constructing meaningful hash collisions for public keys
ACISP'05 Proceedings of the 10th Australasian conference on Information Security and Privacy
Options for integrating eID and SAML
Proceedings of the 2013 ACM workshop on Digital identity management
| Hi-index | 0.00 |
Today, entity authentication in the TLS protocol involves at least three complex and partly insecure systems: the Domain Name System (DNS), Public Key Infrastructures (PKI), and human users, bound together by the Same Origin Policy (SOP). To solve the security threats resulting from this construction, a new concept was introduced at CCS '07: the strong locked same origin policy (SLSOP). The basic idea behind the SLSOP is to strengthen the identification of web servers through domain names, certificates and browser security warnings by a recognition of public keys to authenticate servers. Many weaknesses of current protocols emerging from an insecure PKI or DNS can thus be handled, even without involving the user. This concept has also been adapted by the IETF in RFC 5929. The contribution of this paper is as follows: First we present a new SLSOP-based login protocol and use it to design a secure Single Sign-On (SSO) protocol. Second we provide a first full proof-of-concept of such a protocol and also the first implementation of the channel binding described in RFC 5929, implementing a cross-domain SLSOP both for a new type of authentication cookies, as well as for the HTML-based POST and Redirect bindings. Finally we evaluate the security of this protocol and describe, how our protocol copes with modern attack vectors.