Search

Browse

• Communities
• Authors
• Year
• Titles
• Subjects

My Space

• Login

Exploring phishing-based threats in the use of SSO authentication on the web

Leontis Panagiotis

Full record

---

Summary

This thesis delves into the exploration of Phishing threats in the use of Single Sign-On authentication on the web. Single sign-on (SSO) systems have become an integral part of modern digital authentication, providing users with easy access to multiple services with single credentials. However, we considered that phishing attacks targeting SSO login systems pose a serious risk to user security and undermine the effectiveness of these systems. Because they are always changing, hackers have mastered the art of deceiving unsuspecting people and avoiding detection. They create the impression that the user’s personal information will be secure by impersonating a trusted provider. Therefore, there is a need for these threats to be more studied and recognizable. For this reason, we tried to act as an attacker and see how feasible it is to create such an attack by creating mock-up pages and interacting with them. Next step in our work was conducting a large scale experiment to evaluate if this kind of attack exists on the web. This goal was achieved by developing an automation tool to navigate through various domains and perform all the steps involved a login procedure using SSO as well as to discover any suspicious phishing attempt. After evaluating our approaches we wanted to be able to protect the user. Based on that a Chrome extension was implemented to be loaded to the user’s browser and handle these cases. In this way, we could provide him with real-time defense if any malicious redirection is identified.

Available Files

Services