IEEE - Institute of Electrical and Electronics Engineers, Inc. - Do Not Trust Me: Using Malicious IdPs for Analyzing and Attacking Single Sign-on

2016 IEEE European Symposium on Security and Privacy (EuroS&P)

Author(s): Christian Mainka ; Vladislav Mladenov ; Jorg Schwenk
Publisher: IEEE - Institute of Electrical and Electronics Engineers, Inc.
Publication Date: 1 March 2016
Conference Location: Saarbrucken, Germany
Conference Date: 21 March 2016
Page(s): 321 - 336
ISBN (Electronic): 978-1-5090-1752-2
ISBN (Paper): 978-1-5090-1751-5
DOI: 10.1109/EuroSP.2016.33
Regular:

Single Sign-On (SSO) systems simplify login procedures by using an Identity Provider (IdP) to issue authentication tokens which can be consumed by Service Providers (SPs). Traditionally, IdPs are... View More

Advertisement