Risks of the passport single signon protocol
作者: David P Kormann , Aviel D Rubin
DOI: 10.1016/S1389-1286(00)00048-7
关键词:
摘要: Abstract Passport is a protocol that enables users to sign onto many different merchants' Web pages by authenticating themselves only once common server. This important because tend pick poor (guessable) user names and passwords repeat them at sites. notable as it being very widely deployed Microsoft. At the time of this writing, boasts 40 million consumers more than 400 authentications per second on average. We examine single signon protocol, identify several risks attacks. discuss flaw we discovered in interaction Netscape browsers leaves logged while informing him he has successfully out. Finally, suggest areas improvement.
elsevier.com
jhu.edu 
sci-hub.se 参考文章(3)
Bruce Schneier, David Wagner, Analysis of the SSL 3.0 protocol WOEC'96 Proceedings of the 2nd conference on Proceedings of the Second USENIX Workshop on Electronic Commerce - Volume 2. pp. 4- 4 ,(1996)
E.W. Felten, D. Dean, D.S. Wallach, Java security: from HotJava to Netscape and beyond ieee symposium on security and privacy. pp. 190- 200 ,(1996) , 10.5555/525080.884266
Clifford Neuman, Jennifer G. Steiner, Athena, Jeffrey I. Schiller, Kerberos: An Authentication Service for Open Network Systems USENIX Winter. pp. 191- 202 ,(1988)