The Power of Recognition: Secure Single Sign-On using TLS Channel Bindings

Jörg Schwenk, Florian Kohlar, Marcus Amon

In Proceedings of the Seventh ACM Workshop on Digital Identity Management (DIM) (October 21, 2011, Chicago, IL, USA. Collocated with ACM CCS 2011) Copyright 2011 ACM 978-1-4503-1006-2/11/10…$10.00.


Today, entity authentication in the TLS protocol involves at least three complex and partly insecure systems: the Domain Name System (DNS), Public Key Infrastructures (PKI), and human users, bound together by the Same Origin Policy (SOP). To solve the security threats resulting from this construction, a new concept was introduced at CCS ’07: the strong locked same origin policy (SLSOP). The ba- sic idea behind the SLSOP is to strengthen the identi?ca- tion of web servers through domain names, certi?cates and browser security warnings by a recognition of public keys to authenticate servers. Many weaknesses of current protocols emerging from an insecure PKI or DNS can thus be handled, even without involving the user. This concept has also been adapted by the IETF in RFC 5929. The contribution of this paper is as follows: First we present a new SLSOP-based login protocol and use it to de- sign a secure Single Sign-On (SSO) protocol. Second we pro- vide a ?rst full proof-of-concept of such a protocol and also the ?rst implementation of the channel binding described in RFC 5929, implementing a cross-domain SLSOP both for a new type of authentication cookies, as well as for the HTML- based POST and Redirect bindings. Finally we evaluate the security of this protocol and describe, how our protocol copes with modern attack vectors.


Tags: Single Sign-On, SLSOP, TLS