All your Google and Facebook logins are belong to us: A case for single sign-off

Vaibhav Rastogi; Ankit Agrawal

doi:10.1109/IC3.2015.7346717

All your Google and Facebook logins are belong to us: A case for single sign-off

Vaibhav Rastogi, Ankit Agrawal

Electrical and Computer Engineering

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

5 Scopus citations

Abstract

The websites of the modern Web integrate content from multiple parties to provide an enriched user experience. The so-called single sign-on forms part of this integration whereby a relying website enables a user to use her credentials on a third-party provider (such as Google or Facebook) to authenticate with itself and, if desired, authorize itself to use her resources on the provider. The user benefits by not remembering credentials for different websites separately and by allowing controlled use of her resources with a provider by other website. However, we observe that the current protocols for single sign-on do not have any provision of what we call single sign-off: once the user logs out of a relying website, the user still remains signed into the provider website. This can leave the user vulnerable if she forgets to sign out of the provider website after signing out of the relying website on a shared computer. We manually analyze the top twenty websites using Facebook or Google providers and conclude that the above problem is widespread. All but one website do not even warn the user with regard to this problem.

Original language	English (US)
Title of host publication	2015 8th International Conference on Contemporary Computing, IC3 2015
Editors	J. Amudha, Deepa Gupta, Jaric Zola, Narendra Nanjangud, Animesh Pathak, Sushil K. Prasad, Tirumale Ramesh, Manish Parashar, Kishore Kothapalli, Purushotham Bangalore, Sanjay Chaudhary, K. V. Dinesha
Publisher	Institute of Electrical and Electronics Engineers Inc.
Pages	416-421
Number of pages	6
ISBN (Electronic)	9781467379489
DOIs	https://doi.org/10.1109/IC3.2015.7346717
State	Published - Dec 3 2015
Event	8th International Conference on Contemporary Computing, IC3 2015 - Noida, India Duration: Aug 20 2015 → Aug 22 2015

Publication series

Name	2015 8th International Conference on Contemporary Computing, IC3 2015

Other

Other	8th International Conference on Contemporary Computing, IC3 2015
Country/Territory	India
City	Noida
Period	8/20/15 → 8/22/15

Keywords

Single sign-off
Single sign-on
Web security

ASJC Scopus subject areas

Software

Access to Document

10.1109/IC3.2015.7346717

Cite this

Rastogi, V., & Agrawal, A. (2015). All your Google and Facebook logins are belong to us: A case for single sign-off. In J. Amudha, D. Gupta, J. Zola, N. Nanjangud, A. Pathak, S. K. Prasad, T. Ramesh, M. Parashar, K. Kothapalli, P. Bangalore, S. Chaudhary, & K. V. Dinesha (Eds.), 2015 8th International Conference on Contemporary Computing, IC3 2015 (pp. 416-421). [7346717] (2015 8th International Conference on Contemporary Computing, IC3 2015). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/IC3.2015.7346717

Rastogi, Vaibhav ; Agrawal, Ankit. / All your Google and Facebook logins are belong to us : A case for single sign-off. 2015 8th International Conference on Contemporary Computing, IC3 2015. editor / J. Amudha ; Deepa Gupta ; Jaric Zola ; Narendra Nanjangud ; Animesh Pathak ; Sushil K. Prasad ; Tirumale Ramesh ; Manish Parashar ; Kishore Kothapalli ; Purushotham Bangalore ; Sanjay Chaudhary ; K. V. Dinesha. Institute of Electrical and Electronics Engineers Inc., 2015. pp. 416-421 (2015 8th International Conference on Contemporary Computing, IC3 2015).

@inproceedings{ff44b55fc9014b888e5c07059074db3a,

title = "All your Google and Facebook logins are belong to us: A case for single sign-off",

abstract = "The websites of the modern Web integrate content from multiple parties to provide an enriched user experience. The so-called single sign-on forms part of this integration whereby a relying website enables a user to use her credentials on a third-party provider (such as Google or Facebook) to authenticate with itself and, if desired, authorize itself to use her resources on the provider. The user benefits by not remembering credentials for different websites separately and by allowing controlled use of her resources with a provider by other website. However, we observe that the current protocols for single sign-on do not have any provision of what we call single sign-off: once the user logs out of a relying website, the user still remains signed into the provider website. This can leave the user vulnerable if she forgets to sign out of the provider website after signing out of the relying website on a shared computer. We manually analyze the top twenty websites using Facebook or Google providers and conclude that the above problem is widespread. All but one website do not even warn the user with regard to this problem.",

keywords = "Single sign-off, Single sign-on, Web security",

author = "Vaibhav Rastogi and Ankit Agrawal",

year = "2015",

month = dec,

day = "3",

doi = "10.1109/IC3.2015.7346717",

language = "English (US)",

series = "2015 8th International Conference on Contemporary Computing, IC3 2015",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

pages = "416--421",

editor = "J. Amudha and Deepa Gupta and Jaric Zola and Narendra Nanjangud and Animesh Pathak and Prasad, {Sushil K.} and Tirumale Ramesh and Manish Parashar and Kishore Kothapalli and Purushotham Bangalore and Sanjay Chaudhary and Dinesha, {K. V.}",

booktitle = "2015 8th International Conference on Contemporary Computing, IC3 2015",

address = "United States",

note = "8th International Conference on Contemporary Computing, IC3 2015 ; Conference date: 20-08-2015 Through 22-08-2015",

}

Rastogi, V & Agrawal, A 2015, All your Google and Facebook logins are belong to us: A case for single sign-off. in J Amudha, D Gupta, J Zola, N Nanjangud, A Pathak, SK Prasad, T Ramesh, M Parashar, K Kothapalli, P Bangalore, S Chaudhary & KV Dinesha (eds), 2015 8th International Conference on Contemporary Computing, IC3 2015., 7346717, 2015 8th International Conference on Contemporary Computing, IC3 2015, Institute of Electrical and Electronics Engineers Inc., pp. 416-421, 8th International Conference on Contemporary Computing, IC3 2015, Noida, India, 8/20/15. https://doi.org/10.1109/IC3.2015.7346717

All your Google and Facebook logins are belong to us : A case for single sign-off. / Rastogi, Vaibhav; Agrawal, Ankit.

2015 8th International Conference on Contemporary Computing, IC3 2015. ed. / J. Amudha; Deepa Gupta; Jaric Zola; Narendra Nanjangud; Animesh Pathak; Sushil K. Prasad; Tirumale Ramesh; Manish Parashar; Kishore Kothapalli; Purushotham Bangalore; Sanjay Chaudhary; K. V. Dinesha. Institute of Electrical and Electronics Engineers Inc., 2015. p. 416-421 7346717 (2015 8th International Conference on Contemporary Computing, IC3 2015).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

TY - GEN

T1 - All your Google and Facebook logins are belong to us

T2 - 8th International Conference on Contemporary Computing, IC3 2015

AU - Rastogi, Vaibhav

AU - Agrawal, Ankit

PY - 2015/12/3

Y1 - 2015/12/3

N2 - The websites of the modern Web integrate content from multiple parties to provide an enriched user experience. The so-called single sign-on forms part of this integration whereby a relying website enables a user to use her credentials on a third-party provider (such as Google or Facebook) to authenticate with itself and, if desired, authorize itself to use her resources on the provider. The user benefits by not remembering credentials for different websites separately and by allowing controlled use of her resources with a provider by other website. However, we observe that the current protocols for single sign-on do not have any provision of what we call single sign-off: once the user logs out of a relying website, the user still remains signed into the provider website. This can leave the user vulnerable if she forgets to sign out of the provider website after signing out of the relying website on a shared computer. We manually analyze the top twenty websites using Facebook or Google providers and conclude that the above problem is widespread. All but one website do not even warn the user with regard to this problem.

AB - The websites of the modern Web integrate content from multiple parties to provide an enriched user experience. The so-called single sign-on forms part of this integration whereby a relying website enables a user to use her credentials on a third-party provider (such as Google or Facebook) to authenticate with itself and, if desired, authorize itself to use her resources on the provider. The user benefits by not remembering credentials for different websites separately and by allowing controlled use of her resources with a provider by other website. However, we observe that the current protocols for single sign-on do not have any provision of what we call single sign-off: once the user logs out of a relying website, the user still remains signed into the provider website. This can leave the user vulnerable if she forgets to sign out of the provider website after signing out of the relying website on a shared computer. We manually analyze the top twenty websites using Facebook or Google providers and conclude that the above problem is widespread. All but one website do not even warn the user with regard to this problem.

KW - Single sign-off

KW - Single sign-on

KW - Web security

UR - http://www.scopus.com/inward/record.url?scp=84969262890&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84969262890&partnerID=8YFLogxK

U2 - 10.1109/IC3.2015.7346717

DO - 10.1109/IC3.2015.7346717

M3 - Conference contribution

AN - SCOPUS:84969262890

T3 - 2015 8th International Conference on Contemporary Computing, IC3 2015

SP - 416

EP - 421

BT - 2015 8th International Conference on Contemporary Computing, IC3 2015

A2 - Amudha, J.

A2 - Gupta, Deepa

A2 - Zola, Jaric

A2 - Nanjangud, Narendra

A2 - Pathak, Animesh

A2 - Prasad, Sushil K.

A2 - Ramesh, Tirumale

A2 - Parashar, Manish

A2 - Kothapalli, Kishore

A2 - Bangalore, Purushotham

A2 - Chaudhary, Sanjay

A2 - Dinesha, K. V.

PB - Institute of Electrical and Electronics Engineers Inc.

Y2 - 20 August 2015 through 22 August 2015

ER -

Rastogi V, Agrawal A. All your Google and Facebook logins are belong to us: A case for single sign-off. In Amudha J, Gupta D, Zola J, Nanjangud N, Pathak A, Prasad SK, Ramesh T, Parashar M, Kothapalli K, Bangalore P, Chaudhary S, Dinesha KV, editors, 2015 8th International Conference on Contemporary Computing, IC3 2015. Institute of Electrical and Electronics Engineers Inc. 2015. p. 416-421. 7346717. (2015 8th International Conference on Contemporary Computing, IC3 2015). doi: 10.1109/IC3.2015.7346717

All your Google and Facebook logins are belong to us: A case for single sign-off

Abstract

Publication series

Other

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this