Do not trust me: Using malicious IdPs for analyzing and attacking Single Sign-On

Single Sign-On (SSO) systems simplify login procedures by using an an Identity Provider (IdP) to issue authentication tokens which can be consumed by Service Providers (SPs). Traditionally, IdPs are modeled as trusted third parties. This is reasonable for SSO systems like Kerberos, MS Passport and SAML, where each SP explicitely specifies which IdP he trusts. However, in open systems like OpenID and OpenID Connect, each user may set up his own IdP, and a discovery phase is added to the protocol flow. Thus it is easy for an attacker to set up its own IdP. In this paper we use a novel approach for analyzing SSO authentication schemes by introducing a malicious IdP. With this approach we evaluate one of the most popular and widely deployed SSO protocols - OpenID. We found four novel attack classes on OpenID, which were not covered by previous research, and show their applicability to real-life implementations. As a result, we were able to compromise 11 out of 16 existing OpenID implementations like Sourceforge, Drupal and ownCloud. We automated discovery of these attacks in a open source tool OpenID Attacker, which additionally allows fine-granular testing of all parameters in OpenID implementations. Our research helps to better understand the message flow in the OpenID protocol, trust assumptions in the different components of the system, and implementation issues in OpenID components. It is applicable to other SSO systems like OpenID Connect and SAML. All OpenID implementations have been informed about their vulnerabilities and we supported them in fixing the issues

Die prognostische Aussagekraft der PSA-Eliminationskinetik nach radikaler Prostatektomie

Die Aussagekraft der etablierten Prognoseparameter nach radikaler Prostatektomie wird der Eliminationshalbwertzeit des PSA gegenübergestellt. Als Behelfsendpunkt der Untersuchung dient das serologische Rezidiv. Von den präoperativen Prognoseparametern besitzen das Gesamt-PSA, der PSA-Prostatavolumenquotient und der Malignitätsgrad in der Biopsie eine prognostische Aussagekraft, von den postoperativen Parametern der Malignitätsgrad im definitiven Prostatapräparat, das histopathologische Tumorstadium, der operative Schnittrand, der Kapselstatus und die PSA-Eliminationshalbwertzeit. Die mittlere Eliminationshalbwertzeit der Patienten ohne serologisches Rezidiv beträgt 2,37 Tage, diejenige der Patienten mit serologischem Rezidiv 2,82 Tage. Es läßt sich eine vereinfachte Methode zur Erfassung der Eliminationsgeschwindigkeit durch Bildung des Quotienten aus der t-PSA Konzentration am 7. postoperativen Tag und der Konzentration 5 Minuten nach der operativen Entfernung der Prostata herleiten

PERMANENT LOW NORMAL TESTOSTERONE LEVELS AND SEMINOLOGICAL DAMAGES IN MEN FROM 37 TO 45 YEARS OLD

In our practice, we are increasingly seeing men aged from 37 to 45 years' old who have permanent low normal testosterone levels. Aim: We set out to investigate whether there is an association between permanent low normal testosterone levels and negative change in seminal fluid parameters in young men. Patients and Methods: For the period from January 2013 to December 2015 at the Andrology office at Hospital "St. Sofia" we examined 73 men aged 37 to 45 years with normal or elevated body mass index, permanent low normal testosterone level, and negative change in seminal fluid parameters. In order to compare the results we obtained, at the very beginning of the study we selected a control group of 20 healthy men of the same age. Results: We obtained, although within reference ranges, significantly lower values for total testosterone in the 73 men with negative change in seminal fluid parameters, compared with those in the control group without seminal damages (p<0.001) We found a high correlation relationship between the level of testosterone and the results of the first (r = 0.614, p<0.001) and second spermograms (r = 0.662, p<0.001). Conclusions: 1. Our study shows that in a number of men at a young age, some decrease in normal testosteronе secretion occurs, with a concomitant negative change in seminal fluid parameters, which is remarkably different from the same parameters in their peers with a high normal testosterone level. 2. We identify permanent low normal testosterone, overweight and obesity as predictors, signaling a possible negative change in seminal fluid parameters. 3. We can say that if obesity plays some role in seminal damages, the mechanism in most cases is most likely related to the sustained permanent low normal testosterone level, as a result of increased adipose tissue

On the security of single sign-on

Single Sign-On (SSO) ist ein Konzept mit dessen Hilfe sich ein Benutzer einmalig an einer zentralen Instanz, dem Identity Provider (IdP), anmeldet und diese Authentifikation anschließend benutzt, um sich bei weiteren Dienstleistern (Service Providern, SPs) anzumelden. Diese Dissertation stellt eine umfassende Sicherheitsuntersuchung von verschiedenen SSO Protokollen und deren Implementierungen vor. Ausgangsbasis für diese Untersuchung ist die Entwicklung eines neuartigen Konzepts (malicious IdP, mIdP), das die Benutzung eines bösartigen IdPs für Angriffe einführt. Darauf aufbauend werden generische Angriffsklassen entwickelt und auf verschiedene SSO Protokolle angewendet. Ein wichtiges Ergebnis dieser Arbeit ist die Änderung der OpenID Connect und OAuth Spezifikation, die aufgrund zweier neu aufgedeckter Angriffe angepasst werden musste. Eine entsprechende Gegenmaßnahme wurde in Zusammenarbeit mit der OpenID Connect und OAuth Arbeitsgruppe veröffentlicht

Subcutaneous nephrovesical bypass in a patient with advanced prostate cancer

In the presence of hydronephrosis, as a result of ureteral malignant invasion, advanced pelvic tumor or retroperitoneal fibrosis, we most often perform a double J stent or percutaneous nephrostomy. In the search for a better quality of life for our patients in recent years in urological practice is increasingly becoming the use of subcutaneous nephrovesical bypass due to its proven safety, effectiveness and minimal invasiveness

DISTINCT: Identity theft using in-browser communications in dual-window single sign-on

Single Sign-On (SSO) protocols like OAuth 2.0 and OpenID Connect 1.0 are cornerstones of modern web security, and have received much academic attention. Users sign in at a trusted Identity Provider (IdP) that subsequently allows many Service Providers (SPs) to verify the users' identities. Previous research concentrated on the standardized - called textbook SSO in this paper - authentication flows, which rely on HTTP redirects to transfer identity tokens between the SP and IdP. However, modern web applications like single page apps may not be able to execute the textbook flow because they lose the local state in case of HTTP redirects. By using novel browser technologies, such as postMessage, developers designed and implemented SSO protocols that were neither documented nor analyzed thoroughly. We call them dual-window SSO flows. In this paper, we provide the first comprehensive evaluation of dual-window SSO flows. In particular, we focus on the In-Browser Communication (InBC) used to exchange authentication tokens between SPs and IdPs in iframes and popups. We automate our analysis by developing Distinct - a tool that dynamically analyzes the JavaScript code executing as part of the SSO flow. Distinct translates the flow into a sequence diagram depicting all communicating entities and their exchanged messages, highlights insecure communication channels, and quantifies novel threats in dual-window SSO flows. We found that 56% of the SPs in the Tranco top 1k list support dual-window SSO. Surprisingly, 28% of the SPs implemented dual-window SSO without using official SDKs, leading to identity theft and XSS in 31% of these self-implemented SPs