Analysis of privacy vulnerabilities in single sign-on mechanisms for multimedia websites

e-Archivo Repository

Show simple item record Urueña Pascual, Manuel Muñoz Muñoz, Alfonso Larrabeiti López, David 2015-02-06T11:31:26Z 2015-02-06T11:31:26Z 2014-01
dc.identifier.bibliographicCitation Multimed Tools Appl 68 (2014) 1, pp. 159–176
dc.identifier.issn 1380-7501
dc.description.abstract This paper studies the privacy risks for the users of two popular single sign-on platforms for web-based content access: OpenID and Facebook Connect. In particular we describe in detail a privacy vulnerability of the OpenID Authentication Protocol that leads to the exposure of the OpenID user identifier to third parties. We illustrate how OpenID agents leak the (potentially unique) OpenID identifiers of their users to third parties, like advertisement and traffic analysis corporations. This vulnerability is a real and widespread privacy risk for OpenID users. This paper also analyzes the privacy of Facebook Connect --the proprietary single sign-on platform that is gaining a lot of popularity recently-- and, we conclude that it is not affected by the same vulnerability but other important privacy issues remain. Finally, this paper studies the solution space of these problems and defines a number of possible countermeasures. In the case of the OpenID vulnerability, we propose three solutions to this problem: one for the long term to avoid the root cause of the vulnerability, and another two short-term mitigations.
dc.description.sponsorship The work presented in this paper has been funded by the INDECT project (Ref 218086) of the 7th EU Framework Programme.
dc.format.extent 18
dc.format.mimetype application/pdf
dc.language.iso eng
dc.publisher Springer
dc.rights © Springer
dc.subject.other OpenID
dc.subject.other Facebook connect
dc.subject.other Google connect
dc.subject.other Single sign-on(SSO)
dc.subject.other Privacy
dc.subject.other Security
dc.title Analysis of privacy vulnerabilities in single sign-on mechanisms for multimedia websites
dc.type article
dc.description.status Publicado
dc.subject.eciencia Telecomunicaciones
dc.identifier.doi 10.1007/s11042-012-1155-4
dc.rights.accessRights openAccess
dc.relation.projectID Comunidad de Madrid. S2009/TIC-1468/MEDIANET
dc.type.version acceptedVersion
dc.identifier.publicationfirstpage 159
dc.identifier.publicationissue 1
dc.identifier.publicationlastpage 176
dc.identifier.publicationtitle Multimedia Tools and Applications
dc.identifier.publicationvolume 68
dc.identifier.uxxi AR/0000014477
 Find Full text

Files in this item

*Click on file's image for preview. (Embargoed files's preview is not supported)

This item appears in the following Collection(s)

Show simple item record