Skip to main content
SpringerLink
Log in

Die Sicherheit von MS CardSpace und verwandten Single-Sign-On-Protokollen

Browser-basierte Protokolle im Sicherheitscheck

  • Schwerpunkt
  • Security-Desaster
  • Published:
Datenschutz und Datensicherheit - DuD Aims and scope Submit manuscript

Zusammenfassung

Trotz vieler technischer Verbesserungen basiert die Sicherheit von Browser-basierten Single-Sign-On-Protokollen immer noch essentiell, entscheidend auf der „Same Origin Policy“ des Browsers. Daher können durch Angriffe auf das Domain Name System (DNS) auch moderne Verfahren wie Microsoft CardSpace erfolgreich angegriffen werden, wie der folgende Beitrag eindrucksvoll zeigt.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Literatur

  1. Dhamija, R.; Tygar, J. D.; Hearst, M. A.: Why phishing works, CHI, ACM, 2006, 581–590

  2. Gajek, S.; Schwenk, J.; Chen, X.: On the Insecurity of Microsoft’s Identity Metasystem Card-Space., Technical Report, TR-HGI-2008-003, May 2008. http://www.nds.rub.de/cardspace

  3. Gajek, S.; Jager, T.; Manulis, M.; Schwenk, J.: A Browser-based Kerberos Authentication Scheme. Accepted for ESORICS’08

  4. Groß, T.: Security analysis of the SAML single sign-on browser/artifact profile. In Annual Computer Security Applications Conference. IEEE Computer Society, 2003.

  5. Groß, T.; Pfitzmann, B: SAML artifact information flow revisited. Research Report RZ 3643 (99653), IBM Research, 2006.

  6. Karlof, C.; Shankar, U.; Tygar, J. D.; Wagner, D.: Dynamic pharming attacks and locked sameorigin policies for web browsers, CCS,07: Proceedings of the 14th ACM conference on Computer and communications security, ACM, 2007, 58–71

  7. Kormann, D.; Rubin, A.: Risks of the Passport single signon protocol, Computer Networks, 2000, 33, 51–58

    Article  Google Scholar 

  8. Pfitzmann, B.; Waidner, M.. Analysis of liberty single-signon with enabled clients. IEEE Internet Computing, 7(6):38–44, 2003.

    Article  Google Scholar 

  9. Schechter, S.; Ozment, A.; Dhamija, R.; Fischer, I.: The Emperor’s New Security Indicators, Symposium on Security and Privacy, IEEE Computer Society, 2007, 51–65

  10. Stamm, S.; Ramzan, Z.; Jakobsson, M., Drive-By Pharming, ICICS, 2007, 495–506

Download references

Author information

Authors and Affiliations

  1. IT-Sicherheit an der Ruhr-Universität Bochum, Bochum, Germany

    Xuan Chen & Christoph Löhr

  2. Horst-Görtz-Institut, Kryptografische Protokolle, Sicherheit, Germany

    Sebastian Gajek & Sven Schäge

Authors
  1. Xuan Chen
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Christoph Löhr
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Sebastian Gajek
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Sven Schäge
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Xuan Chen.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Chen, X., Löhr, C., Gajek, S. et al. Die Sicherheit von MS CardSpace und verwandten Single-Sign-On-Protokollen. DuD 32, 515–519 (2008). https://doi.org/10.1007/s11623-008-0123-7

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11623-008-0123-7

Search

Navigation