Attacking SSO Part 1: ID Spoofing

In 2013 we started a security study on one of the most widespread SSO protocols: OpenID. As described in previous posts, OpenID is a decentralized protocol, which provides a way to prove that a user controls an Identifier – URL.ID_C. Additionally, OpenID is designed to support the usage of arbitrary IdPs: “An end user can freely choose which OpenID Provider to use ...“.

Considering the properties of OpenID, we came up with the idea to study the relation between the IdP, generating the authentication token, and the Identifier URL.Idc contained in the token. In other words – is this relation critical regarding the security of OpenID implementations deployed on the SPs.

Single Sign-On: The OpenID Protocol

In one of the previous posts, we explained SSO on the example of SAML.In this post, we will introduce another popular and widely deployed SSO Protocol: OpenID (if you are not familiar with SSO, we recommend you to read SSO on the example of SAML first).

Save Your Cloud: XSS in OpenStack Dashboard

Maximizing the effectiveness of compute power using an Infrastructure-as-a-Service (IaaS) cloud service is a common technique nowadays. Private (IaaS) clouds are often advertised as being more secure as public ones, simply because they are "provisioned for exclusive use by a single organization" (source). However, private and public clouds share the same technology; there is no fundamental difference in the techniques employed.