Return to search

Evaluating the Single Sign-On Protocol OpenID Connect for an Electronic Document Signature Service From a Security Perspective / En utvärdering av Single Sign-On-protokollet OpenID Connect  för en elektronisk dokumentunderskrifttjänst från ett säkerhetsperspektiv

Today, there is an increasing demand for authentication services to provide authentication to users on the internet. One example of an authentication protocol is OpenID Connect. It is used by for example Google to provide single sign-on functionality to millions of users. Since this demand is growing and more companies are implementing the protocol, there is also a need to ensure that the protocol is implemented in such a way that ensures protection from adversaries attacking the services in different ways. This paper makes an effort at providing guidelines to those aiming at implementing the protocol. It looks into several attacks that can be performed. It is found that how one chooses to implement the protocol can greatly affect security and the protocol's susceptibility to attacks. The attacks that are studied are Cross Site Request Forgery (CSRF) attacks, Mix-Up attacks, Passive web attacks, and Distributed Denial of Service attacks. It is found, among other things, that implementers of the protocol should incorporate state variables to protect against CSRF attacks and services must utilize a secure HTTPS connection to protect e.g. sensitive data. A recommendation is made for how a federation with Relying Parties and OpenID Providers can be set up to further improve security.

Identiferoai:union.ndltd.org:UPSALLA1/oai:DiVA.org:liu-187933
Date January 2022
CreatorsThor, Ludvig
PublisherLinköpings universitet, Programvara och system
Source SetsDiVA Archive at Upsalla University
LanguageEnglish
Detected LanguageEnglish
TypeStudent thesis, info:eu-repo/semantics/bachelorThesis, text
Formatapplication/pdf
Rightsinfo:eu-repo/semantics/openAccess

Page generated in 0.0022 seconds