Longitudinal Analysis of the Third-party Authentication Landscape
نویسندگان
چکیده
Many modern websites offer single sign-on (SSO) services, which allow the user to use an existing account with a third-party website such as Facebook to authenticate. When using SSO the user must approve an app-rights agreement that specifies what data related to the user can be shared between the two websites and any actions (e.g., posting comments) that the origin website is allowed to perform on behalf of the user on the third-party provider (e.g., Facebook). Both cross-site data sharing and actions performed on behalf of the user can have significant privacy implications. In this paper we present a longitudinal study of the third-party authentication landscape, its structure, and the protocol usage, data sharing, and actions associated with individual third-party relationships. The study captures the current state, changes in the structure, protocol usage, and information leakage risks.
منابع مشابه
Web Authentication using Third-Parties in Untrusted Environments
With the increasing personalization of the Web, many websites allow users to create their own personal accounts. This has resulted in Web users often having many accounts on different websites, to which they need to authenticate in order to gain access. Unfortunately, there are several security problems connected to the use and re-use of passwords, the most prevalent authentication method curre...
متن کاملSecured Communication Protocol via Encrypted Key Ensuring Message Integrity
The Secured communication protocol via encrypted key ensuring message integrity combination of Authentication of Third Party Authentication Quantum Key Distribute Protocol (implicit) and Third Party Authentication Quantum Key Distribute Protocol Mutual Authentication (explicit) quantum cryptography is used to provide authenticated secure communication between sender and Receiver. In quantum cry...
متن کاملPreserving User Privacy with Anonymous Authentication in Cloud Computing
Cloud computing offers its flexibility and dynamic nature in terms of its access to resources anytime and anywhere. All data and other resources in cloud storage are managed and controlled by the Cloud Service Provider. They provide security and ensure that the data is protected and free from any vulnerability. However, providing privacy through authentication mechanism is a big challenge. Most...
متن کاملAn Improved Authentication Protocol Without Trusted Third Party∗
This letter presents a secure authentication protocol which supports both the privacy of messages and the authenticity of the communicating parties. A scheme for extending a secure authentication protocol to improve the security of the communicating parties is also proposed.
متن کاملDesign Principles and Security of Authentication Protocols with Trusted Third Party
Two-way identity authentication is the basis of secure communication in a distributed application environment. A trusted third party (TTP) is needed while PKI is not applicable, and the design of authentication protocols with TTP is a complicate and challenging task. This paper examines the characteristics of the security of authentication protocols with TTP, summarizes the essential factors of...
متن کامل