Analysing the Security of Google’s Implementation of OpenID Connect
- Submitting institution
-
University of Aberdeen
- Unit of assessment
- 11 - Computer Science and Informatics
- Output identifier
- 171213607
- Type
- E - Conference contribution
- DOI
-
10.1007/978-3-319-40667-1_18
- Title of conference / published proceedings
- International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment : DIMVA 2016
- First page
- 357
- Volume
- 9721
- Issue
- -
- ISSN
- 0302-9743
- Open access status
- Technical exception
- Month of publication
- June
- Year of publication
- 2016
- URL
-
-
- Supplementary information
-
-
- Request cross-referral to
- -
- Output has been delayed by COVID-19
- No
- COVID-19 affected output statement
- -
- Forensic science
- No
- Criminology
- No
- Interdisciplinary
- No
- Number of additional authors
-
1
- Research group(s)
-
-
- Citation count
- -
- Proposed double-weighted
- No
- Reserve for an output with double weighting
- No
- Additional information
- This large-scale practical study of the security of Google's OpenID Connect systems, is significant as the first field study of security properties of Google’s implementation of OpenID Connect and reveals serious vulnerabilities of several types, which allow attackers to log in to an RP website as a victim user. This work helps Google's identity team/many affected websites improve security of their OpenID Connect system. Google acknowledged these findings by listing Dr Li in its Hall of Fame (https://www.google.co.uk/about/appsecurity/hall-of-fame/archive/). The research also benefited companies (e.g., Wikihow, Samsung, Answers) making them aware of the security issue and how to fix it.
- Author contribution statement
- -
- Non-English
- No
- English abstract
- -