SoK: SSO-MONITOR — The Current State and Future Research Directions in Single Sign-On Security Measurements
2024Conference / Journal
Authors
Vladislav Mladenov Andreas Mayer Christian Mainka Tobias Wich Maximilian Westers Louis Jannett
Research Hub
Research Hub C: Sichere Systeme
Research Challenges
RC 8: Security with Untrusted Components
Abstract
Single Sign-On (SSO) with OAuth 2.0 and OpenID Connect 1.0 is essential for user authentication and autho-rization on the Internet. Billions of users rely on SSO services provided by Google, Facebook, and Apple. For large-scale measurements on the security of SSO, researchers need to reliably detect SSO implementations in the wild. In this paper, we survey the current state of 36 SSO measurement tools from prior work and discover gaps leading to blind spots in the SSO landscape that hinder the community from improving large-scale research. We observe unreliable measurements and a lack of reproducibility, making comparisons between studies difficult, if not impossible. We fill these gaps with SSO-MONITOR, our open-source, modular, and highly extensible framework for large-scale SSO landscape and security measurements. SSO-MONITOR achieves a high accuracy of 93% and, compared to pre-vious tools, significantly improves the reliability of SSO measurements by 19 %. It continuously takes snapshots of SSO implementations on the top 1M web sites to compose an SSO archive that is reproducible by design. Therefore, it passively monitors the SSO flows and provides an extensive set of landscape and security insights on sso-monitor.me. Our SSO archive allows researchers to perform comprehensive measurements over time and even beyond the scope of SSO. We use the data in our SSO archive to measure the security of 89k SSO authentication flows on the top 1M websites. Thereby, we discover 33k violations of OAuth Security Best Current Practices and 339 severe security vulnerabilities. They include 30 username and password leaks and 28 token leaks that allow full account takeovers.