The IRMA Community
Newsletters
Research IRM
Click a keyword to search titles using our InfoSci-OnDemand powered search:
|
On Cryptographically Strong Bindings of SAML Assertions to Transport Layer Security
|
|
Author(s): Florian Kohlar (Ruhr University Bochum, Germany), Jörg Schwenk (Ruhr University Bochum, Germany), Meiko Jensen (Ruhr University Bochum, Germany)and Sebastian Gajek (Tel Aviv University, Israel)
Copyright: 2013
Pages: 18
Source title:
Contemporary Challenges and Solutions for Mobile and Multimedia Technologies
Source Author(s)/Editor(s): Ismail Khalil (Johannes Kepler University Linz, Austria)and Edgar Weippl (Secure Business Austria - Security Research, Austria)
DOI: 10.4018/978-1-4666-2163-3.ch006
Purchase
|
Abstract
In recent research, two approaches to protect SAML based Federated Identity Management (FIM) against man-in-the-middle attacks have been proposed. One approach is to bind the SAML assertion and the SAML artifact to the public key contained in a TLS client certificate. Another approach is to strengthen the Same Origin Policy of the browser by taking into account the security guarantees TLS gives. This work presents a third approach which is of further interest beyond IDM protocols, especially for mobile devices relying heavily on the security offered by web technologies. By binding the SAML assertion to cryptographically derived values of the TLS session that has been agreed upon between client and the service provider, this approach provides anonymity of the (mobile) browser while allowing Relying Party and Identity Provider to detect the presence of a man-in-the-middle attack.
Related Content
|
Tapan Kumar Behera.
© 2023.
20 pages.
|
|
B. Narendra Kumar Rao.
© 2023.
17 pages.
|
|
Blendi Rrustemi, Deti Baholli, Herolind Balaj.
© 2023.
18 pages.
|
|
Alma Beluli.
© 2023.
11 pages.
|
|
Jona Ndrecaj, Shkurte Berisha, Erita Çunaku.
© 2023.
15 pages.
|
|
Yllka Totaj.
© 2023.
12 pages.
|
|
Hla Myo Tun, Devasis Pradhan.
© 2023.
31 pages.
|
|
|