Once usability becomes secure

RUB researcher optimizes Single Sign-On

2012-09-21

(Press-News.org) Risk increases with comfort: "Single Sign-On" permits users to access all their protected Web resources, replacing repeated sign-ins with passwords. However, attackers also know about the advantages such a single point of attack offers to them. Andreas Mayer, who is writing his PhD thesis as an external doctoral candidate at the Chair for Network and Data Security (Prof. Dr. Jörg Schwenk) at Ruhr-Universität Bochum, has now been able to significantly increase the security of this central interface for the simpleSAMLphp framework.

In the past, no protection against targeted Web attacks

The "Single sign-on" system, in short SSO, seems to be a wonderful solution for any user: "Once authenticated, the information and services are immediately available,without repeated inconvenient password input", says Mayer. However, this concept significantly increases the possible damage, which could harm the user through a "single point of attack". The researchers in Bochum recently showed that the single sign-on is not as safe as assumed: They broke 12 of 14 SSO systems that had critical security flaws. "In the near future, we expect an increasing number of attacks on browser based SSO solutions such as Facebook Connect, SAML, OpenID and Microsoft Cardspace", explains Mayer. "It is very alarming that none of the currently used SSO protocols, developed during the last twelve years, provides effective protection against targeted attacks".

Highly efficient open source SSO solution

In the past, the many threatening scenarios, such as phishing, man-in-the-middle attacks, cross site scripting or Web malware, did not negatively affect the increasing popularity of SSO offerings. The "single sign-on, access everywhere" model is too comfortable and the users are too unsuspecting. Andreas Mayer addresses this risk with his own results: He implemented the OASIS-standardized "SAML Holder-of-Key Web Browser SSO Profile" in the popular open source framework "SimpleSAMLphp". "This profile binds the critical authentication and authorization information – the so-called security tokens – cryptographically to the browser of the legitimate user", explains Mayer. "The result is a highly effective, open source solution that is supported by all established browsers". Andreas Mayer works at Adolf Würth GmbH & Co. KG and works in his free time at his doctoral thesis at the Chair for Network and Data Security of the RUB.

### Further information

Prof. Dr. Jörg Schwenk, Faculty of Electrical Engineering and Information Technology, Chair for Network and Data Security, Ruhr-Universität Bochum (RUB), Phone. +49 234 32 26692, email joerg.schwenk@rub.de

Clicked

SimpleSAMLphp-Framework for download: http://www.simplesamlphp.org

RUB researchers break single sign-on (RUB press information No. 266 dated 8/10/2012): http://aktuell.ruhr-uni-bochum.de/pm2012/pm00266.html.de

Editorial journalist: Jens Wylkop

ELSE PRESS RELEASES FROM THIS DATE:

As painkiller overdoses mount, researchers outline effective approaches to curb epidemic

2012-09-21

WASHINGTON—Prescription painkillers are responsible for more fatal overdoses in the United States than heroin and cocaine combined. And while most states have programs to curb abuse and addiction, a new report from Brandeis University shows that many states do not fully analyze the data they collect. Experts from the Prescription Drug Monitoring Program Center of Excellence at Brandeis University's Heller School for Social Policy and Management systematically assessed prescription drug monitoring programs and found a patchwork of strategies and standards. Their report ...

Walking to the beat could help patients with Parkinson's disease

2012-09-21

Walking to a beat could be useful for patients needing rehabilitation, according to a University of Pittsburgh study. The findings, highlighted in the August issue of PLOS One, demonstrate that researchers should further investigate the potential of auditory, visual, and tactile cues in the rehabilitation of patients suffering from illnesses like Parkinson's Disease—a brain disorder leading to shaking (tremors) and difficulty walking. Together with a team of collaborators from abroad, Ervin Sejdic, an assistant professor of engineering in Pitt's Swanson School of Engineering, ...

Business plan competitions may be key to job growth

2012-09-21

A new study of high-tech startups that participated in the Rice Business Plan Competition (RBPC) shows that these entrepreneurs have a much higher rate of success than typical new ventures and are therefore more likely to contribute to job growth. The study by the Rice Alliance for Technology and Entrepreneurship spans the 11-year life of the RBPC, the world's richest and largest business plan competition, which comprises teams of graduate students from throughout the world. The comprehensive and longitudinal study offers insights into the experiential factors that can ...

Taming physical forces that block cancer treatment

2012-09-21

It's a high-pressure environment within solid tumors. Abnormal blood and lymphatic vessels cause fluids to accumulate, and the uncontrolled proliferation of cancer cells within limited space leads to the buildup of what is called solid stress. Both types of pressure can interfere with the effectiveness of anticancer treatments, but while strategies have been developed that reduce fluid pressures, little has been known about the impact of solid stress or potential ways to alleviate it. Now a Massachusetts General Hospital (MGH) research team has identified factors that ...

The original Twitter? Tiny electronic tags monitor birds' social networks

2012-09-21

If two birds meet deep in the forest, does anybody hear? Until now, nobody did, unless an intrepid biologist was hiding underneath a bush and watching their behavior, or the birds happened to meet near a research monitoring station. But an electronic tag designed at the University of Washington can for the first time see when birds meet in the wild. A new study led by a biologist at Scotland's University of St. Andrews used the UW tags to see whether crows might learn to use tools from one another. The findings, published last week in Current Biology, supported the theory ...

Moving targets

2012-09-21

PASADENA, Calif.—At any given moment, millions of cells are on the move in the human body, typically on their way to aid in immune response, make repairs, or provide some other benefit to the structures around them. When the migration process goes wrong, however, the results can include tumor formation and metastatic cancer. Little has been known about how cell migration actually works, but now, with the help of some tiny worms, researchers at the California Institute of Technology (Caltech) have gained new insight into this highly complex task. The team's findings are ...

Modeling Good Research Practices' guidelines for modeling in health care research available now

2012-09-21

Los Angeles, CA (September 20, 2012) SAGE and The Society for Medical Decision Making are pleased to announce the release of seven new reports that will have a significant impact on modeling techniques in health care research and medical decision making. Written by the Modeling Good Research Practices Task Force, a special group of leading experts in decision analysis, economics, simulation, and health policy, these reports were published in a special issue of Medical Decision Making (MDM), a SAGE journal. "The history of decision and economic modeling to support health ...

Double assault on tough types of leukemias

2012-09-21

Investigators at Northwestern University Feinberg School of Medicine have identified two promising therapies to treat patients with acute megakaryocytic leukemia (AMKL), a rare form of leukemia where the number of cases is expected to increase with the aging population. The disease is characterized by an overload of white blood cells that remain forever young because they can't mature into specialized cells. Published in a recent issue of the journal Cell, the study found that the drug with the generic name alisertib (MLN8237), induced division and growth of healthy ...

Global economic pressures trickle down to local landscape change, altering disease risk

2012-09-21

The pressures of global trade may heighten disease incidence by dictating changes in land use. A boom in disease-carrying ticks and chiggers has followed the abandonment of rice cultivation in Taiwanese paddies, say ecologist Chi-Chien Kuo and colleagues, demonstrating the potential for global commodities pricing to drive the spread of infections. Their work appears in the September issue of ESA's journal Ecological Applications. After Taiwan joined the World Trade Organization in 2001, active cultivation of rice paddies fell from 80 percent to 55 percent in just three ...

NASA satellites and Global Hawk see Nadine display more tropical characteristics

2012-09-21

Scientists and forecasters have been analyzing Tropical Storm Nadine using various NASA satellites as NASA's Global Hawk flew over the storm gathering information. Both the Global Hawk and NASA's TRMM satellite noticed that Nadine has continued to display tropical characteristics, indicating that it has not transitioned to an extra-tropical storm. Forecasters noted that Nadine could have started transitioning into an extra-tropical storm, because there was little significant rainfall near Nadine's center of circulation yesterday, Sept. 19. However, satellite data and ...

Once usability becomes secure

ELSE PRESS RELEASES FROM THIS DATE:

LAST 30 PRESS RELEASES: