Skip to main content
SpringerLink
Log in

Addressing Threats to Real-World Identity Management Systems

  • Conference paper
  • First Online:
ISSE 2015

Abstract

Recent practical studies have revealed that, in practice, widely used identity management schemes such as OAuth 2.0 and OpenID Connect are often poorly implemented by relying parties, and as a result very serious vulnerabilities can result. In any event, any system relying on browser redirections, as is the case for OAuth 2.0 and OpenID Connect, is vulnerable to web-spoofing and phishing attacks. Many of these vulnerabilities would disappear if the user‘s browser (or other agent under user control) remained in charge of what credentials are divulged to whom, and when. We outline a system known as Uni-IdM, which has been successfully prototyped, which provides a generic service of this type. Through the installation of a simple JavaScript plugin, the user is provided with a unified means of managing and using all his or her credentials via a simple and intuitive interface, which will work with a multiplicity of identity management systems. This not only reduces the risk of credential and/or account compromise, but also greatly simplifies the work of the user in credential management as well as providing a much clearer view to the user of which end parties are being sent user information.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Author information

Authors and Affiliations

  1. Information Security Group, Royal Holloway, University of London, Egham Hill, TW20 0EX, Egham, UK

    Wanpeng Li & Chris J Mitchell

Authors
  1. Wanpeng Li
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Chris J Mitchell
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding authors

Correspondence to Wanpeng Li or Chris J Mitchell .

Editor information

Editors and Affiliations

  1. TeleTrusT Bundesverband IT-Sicherheit e.V., Erfurt, Germany

    Helmut Reimer

  2. Westfälische Hochschule, Gelsenkirchen, Germany

    Norbert Pohlmann

  3. Fraunhofer SIT, Darmstadt, Germany

    Wolfgang Schneider

Rights and permissions

Reprints and permissions

Copyright information

© 2015 Springer Fachmedien Wiesbaden

About this paper

Cite this paper

Li, W., Mitchell, C.J. (2015). Addressing Threats to Real-World Identity Management Systems. In: Reimer, H., Pohlmann, N., Schneider, W. (eds) ISSE 2015. Springer Vieweg, Wiesbaden. https://doi.org/10.1007/978-3-658-10934-9_21

Download citation

  • DOI: https://doi.org/10.1007/978-3-658-10934-9_21

  • Published:

  • Publisher Name: Springer Vieweg, Wiesbaden

  • Print ISBN: 978-3-658-10933-2

  • Online ISBN: 978-3-658-10934-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation