Skip to main content
SpringerLink
Log in

An empirical study of security issues in SSO server-side implementations

  • Letter
  • Published:
Science China Information Sciences Aims and scope Submit manuscript

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

References

  1. Yang R H, Lau W C, Chen J Y, et al. Vetting single sign-on SDK implementations via symbolic reasoning. In: Proceedings of the USENIX Security Symposium, Baltimore, 2018. 1459–1474

  2. Bai G, Lei J, Meng G, et al. AUTHSCAN: automatic extraction of web authentication protocols from implementations. In: Proceedings of the Network and Distributed System Security Symposium, San Diego, 2013. 1–20

  3. Ghasemisharif M, Ramesh A, Checkoway S, et al. O single sign-off, where art thou? An empirical analysis of single sign-on account hijacking and session management on the web. In: Proceedings of the USENIX Security Symposium, Baltimore, 2018. 1475–1492

  4. Wang H, Zhang Y, Li J, et al. Vulnerability assessment of oauth implementations in android applications. In: Proceedings of the Annual Computer Security Applications Conference, Los Angeles, 2015. 61–70

  5. Navas J, Beltrán M. Understanding and mitigating OpenID Connect threats. Comput Secur, 2019, 84: 1–16

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Lab of Cryptology and Computer Security, Shanghai Jiao Tong University, Shanghai, 200240, China

    Hui Wang, Dawu Gu, Yuanyuan Zhang & Yikun Hu

Authors
  1. Hui Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Dawu Gu
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Yuanyuan Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Yikun Hu
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Dawu Gu.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Wang, H., Gu, D., Zhang, Y. et al. An empirical study of security issues in SSO server-side implementations. Sci. China Inf. Sci. 65, 179104 (2022). https://doi.org/10.1007/s11432-019-2697-1

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • DOI: https://doi.org/10.1007/s11432-019-2697-1

Search

Navigation