Biblio

Single sign-on (SSO) becomes popular as the identity management and authentication infrastructure in the Internet. A user receives an SSO ticket after being authenticated by the identity provider (IdP), and this IdP-issued ticket enables him to sign onto the relying party (RP). However, there are vulnerabilities (e.g., Golden SAML) that allow attackers to arbitrarily issue SSO tickets and then sign onto any RP on behalf of any user. Meanwhile, several incidents of certification authorities (CAs) also indicate that the trusted third party of security services is not so trustworthy as expected, and fraudulent TLS server certificates are signed by compromised or deceived CAs to launch TLS man-in-the-middle attacks. Various approaches are then proposed to tame the absolute authority of (compromised) CAs, to detect or prevent fraudulent TLS server certificates in the TLS handshakes. The trust model of SSO services is similar to that of certificate services. So this paper investigates the defense strategies of these trust-enhancements of certificate services, and attempts to apply these strategies to SSO to derive the trust-enhancements applicable in the SSO services. Our analysis derives (a) some security designs which have been commonly-used in the SSO services or non-SSO authentication services, and (b) two schemes effectively improving the trustworthiness of SSO services, which are not widely discussed or adopted.