• norsk
    • English
  • English 
    • norsk
    • English
  • Login
View Item 
  •   Home
  • Fakultet for informasjonsteknologi og elektroteknikk (IE)
  • Institutt for informasjonssikkerhet og kommunikasjonsteknologi
  • View Item
  •   Home
  • Fakultet for informasjonsteknologi og elektroteknikk (IE)
  • Institutt for informasjonssikkerhet og kommunikasjonsteknologi
  • View Item
JavaScript is disabled for your browser. Some features of this site may not work without it.

Security in Single Sign-On Web Applications: An Assessment of the Security in and Between Web Applications Sharing a Common Single Sign-On User Session

Grimstad, Jo
Master thesis
Thumbnail
View/Open
356956_COVER01.pdf (48.23Kb)
356956_FULLTEXT01.pdf (21.98Mb)
356956_ATTACHMENT01.zip (308.5Kb)
URI
http://hdl.handle.net/11250/262345
Date
2010
Metadata
Show full item record
Collections
  • Institutt for informasjonssikkerhet og kommunikasjonsteknologi [2809]
Abstract
Single Sign-On (SSO) is a solution where the authentication process is taken care of once by a third-party Web site rather than at each of the the Web sites providing services to their users. This new way of separating user identities from the service-providing Web sites leads to different security requirements. As an approach towards assessing the security of Web applications utilizing SSO, this thesis investigates the concepts and functionality of OpenID, a decentralized authentication protocol. The assessment addresses vulnerabilities and threats related to SSO, using real Web applications as examples. Development of an OpenID-enabled Web application is a part of the security assessment. The thesis includes experimenting with various OpenID-enabled Web sites and Identity Providers (IdPs), and observing how they are affected by different kinds of Web security threats. The results of the thesis shows how security weaknesses were discovered at two major IdPs by performing Clickjaking attacks. Also, the thesis outlines some attacks that are threatening the concept of SSO in general.
Publisher
Institutt for telematikk

Contact Us | Send Feedback

Privacy policy
DSpace software copyright © 2002-2019  DuraSpace

Service from  Unit
 

 

Browse

ArchiveCommunities & CollectionsBy Issue DateAuthorsTitlesSubjectsDocument TypesJournalsThis CollectionBy Issue DateAuthorsTitlesSubjectsDocument TypesJournals

My Account

Login

Statistics

View Usage Statistics

Contact Us | Send Feedback

Privacy policy
DSpace software copyright © 2002-2019  DuraSpace

Service from  Unit