SAML FTF #4 Workitems Bob Blakley. SAML “SenderVouches” SubjectConfirmation Method: A Proposed Alternative to Bindings 0.5 Proposals.

Slides:



Advertisements
Similar presentations
802.1AF - directions define requirements to find and create connections in terms of Discovery - Authentication - Enable 1.Discover of what can be done.
Advertisements

Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.
Operating System Security
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Public Key Management and X.509 Certificates
Identity Standards (Federal Bridge Certification Authority – Certificate Lifecycle) Oct,
Authentication and Digital Signatures CSCI 5857: Encoding and Encryption.
Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.
1 Digital Signatures & Authentication Protocols. 2 Digital Signatures have looked at message authentication –but does not address issues of lack of trust.
1 Security Assertion Markup Language (SAML). 2 SAML Goals Create trusted security statements –Example: Bill’s address is and he was authenticated.
Web Services and the Semantic Web: Open Discussion Session Diana Geangalau Ryan Layfield.
November 1, 2006Sarah Wahl / Graduate Student UCCS1 Public Key Infrastructure By Sarah Wahl.
Presented by Xiaoping Yu Cryptography and PKI Cosc 513 Operating System Presentation Presented to Dr. Mort Anvari.
EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 7 Wenbing Zhao Department of Electrical and Computer Engineering.
Encapsulation Security Payload Protocol Lan Vu. OUTLINE 1.Introduction and terms 2.ESP Overview 3.ESP Packet Format 4.ESP Fields 5.ESP Modes 6.ESP packet.
EEC 688/788 Secure and Dependable Computing Lecture 7 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University
CERTIFICATES “a document containing a certified statement, especially as to the truth of something ”
Introduction to Public Key Infrastructure (PKI) Office of Information Security The University of Texas at Brownsville & Texas Southmost College.
Use Case Development Scott Shorter, Electrosoft Services January/February 2013.
Troubleshooting Federation, AD FS 2.0, and More…
Cryptographic Security Cryptographic Mechanisms 1Mesbah Islam– Operating Systems.
Digital Signature Xiaoyan Guo/ Xiaohang Luo/
Controller of Certifying Authorities PKI Technology - Role of CCA Assistant Controller (Technology) Controller of Certifying Authorities Ministry of Communications.
INTRODUCTION Why Signatures? A uthenticates who created a document Adds formality and finality In many cases, required by law or rule Digital Signatures.
X.509 Certificate management in.Net By, Vishnu Kamisetty
Csci5233 Computer Security1 Bishop: Chapter 10 Key Management: Digital Signature.
Information Security and Management 13. Digital Signatures and Authentication Protocols Chih-Hung Wang Fall
Public Key Cryptography July Topics  Symmetric and Asymmetric Cryptography  Public Key Cryptography  Digital Signatures  Digital Certificates.
Cryptology Digital Signatures and Digital Certificates Prof. David Singer Dept. of Mathematics Case Western Reserve University.
Part Two Network Security Applications Chapter 4 Key Distribution and User Authentication.
Trust Anchor Management Problem Statement 69 th IETF Trust Anchor Management BOF Carl Wallace.
Secure Electronic Transaction (SET)
Architectural Considerations for GEOPRIV/ECRIT Presentation given by Hannes Tschofenig.
Cross-Enterprise User Assertion IHE Educational Workshop 2007 Cross-Enterprise User Assertion IHE Educational Workshop 2007 John F. Moehrke GE Healthcare.
Network Security Lecture 26 Presented by: Dr. Munam Ali Shah.
Web Services Security Standards Overview for the Non-Specialist Hal Lockhart Office of the CTO BEA Systems.
Public Key Infrastructure (X509 PKI) Presented by : Ali Fanian.
Protecting Internet Communications: Encryption  Encryption: Process of transforming plain text or data into cipher text that cannot be read by anyone.
Authentication Applications Unit 6. Kerberos In Greek and Roman mythology, is a multi-headed (usually three-headed) dog, or "hellhound” with a serpent's.
SAML CCOW Work Item HL7 Working Group Meeting San Antonio - January 2008 Presented by: David Staggs, JD CISSP VHA Office of Information Standards.
CSCD 218 : DATA COMMUNICATIONS AND NETWORKING 1
CERTIFICATES. What is a Digital Certificate? Electronic counterpart to a drive licenses or a passport. Enable individuals and organizations to secure.
23-1 Last time □ P2P □ Security ♦ Intro ♦ Principles of cryptography.
An XML based Security Assertion Markup Language
Digital Signatures and Authentication Protocols Chapter 13.
Public Key Infrastructure (X509 PKI) Presented by : Ali Fanian
WS-Trust “From each,according to his ability;to each, according to his need. “ Karl marx Ahmet Emre Naza Selçuk Durna
Tutorial: Building Science Gateways TeraGrid 08 Tom Scavo, Jim Basney, Terry Fleury, Von Welch National Center for Supercomputing.
Alternatives for Message Signature from Sender 1.Approach 1 –X12 58 to digitally sign X12 transaction set Optional: X to transmit signer’s public.
Linkability of Some Blind Signature Schemes Swee-Huay Heng 1, Wun-She Yap 1 Khoongming Khoo 2 1 Multimedia University, 2 DSO National Laboratories.
The TAOS Authentication System: Reasoning Formally About Security Brad Karp UCL Computer Science CS GZ03 / M th November, 2008.
31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
Digital Signatures, Message Digest and Authentication Week-9.
Who’s watching your network The Certificate Authority In a Public Key Infrastructure, the CA component is responsible for issuing certificates. A certificate.
Matej Bel University Cascaded signatures Ladislav Huraj Department of Computer Science Faculty of Natural Sciences Matthias Bel University Banska Bystrica.
Copyright © 2003 Jorgen Thelin / Cape Clear Software 1 A Web Services Security Framework Jorgen Thelin Chief Scientist Cape Clear Software Inc.
Security & Privacy. Learning Objectives Explain the importance of varying the access allowed to database elements at different times and for different.
Network Security Continued. Digital Signature You want to sign a document. Three conditions. – 1. The receiver can verify the identity of the sender.
Establishing authenticated channels and secure identifiers in ad-hoc networks Authors: B. Sieka and A. D. Kshemkalyani (University of Illinois at Chicago)
Private key
Task Force CoRD Meeting / XML Security for Statistical Data Exchange Gregory Farmakis Agilis SA.
Adding Distributed Trust Management to Shibboleth Srinivasan Iyer Sai Chaitanya.
Fall 2006CS 395: Computer Security1 Key Management.
Authentication Presenter Meteor Advisory Team Member Version 1.1.
CMSC 414 Computer and Network Security Lecture 18 Jonathan Katz.
PREPARED BY: MS. ANGELA R.ICO & MS. AILEEN E. QUITNO (MSE-COE) COURSE TITLE: OPERATING SYSTEM PROF. GISELA MAY A. ALBANO PREPARED BY: MS. ANGELA R.ICO.
SECURITY. Security Threats, Policies, and Mechanisms There are four types of security threats to consider 1. Interception 2 Interruption 3. Modification.
Cryptographic Hash Function. A hash function H accepts a variable-length block of data as input and produces a fixed-size hash value h = H(M). The principal.
Trust Anchor Management Problem Statement
Cryptographic Hash Function
Presentation transcript:

SAML FTF #4 Workitems Bob Blakley

SAML “SenderVouches” SubjectConfirmation Method: A Proposed Alternative to Bindings 0.5 Proposals

Bindings 0.5 Proposals Two proposals: –1) Sender public key in assertion about subject Later revised: sender = subject Therefore “subject public key in assertion about subject” –2) Hash of message in assertion about subject This case isn’t discussed further here It requires issuance of a new assertion for every message I believe this isn’t feasible

Bindings 0.5/1 (Original): Context SenderReceiver Subj SAML Authn Authority SAML Attr Authority Message w/SAML Assn about Subj

Bindings 0.5/1 (Original): Message Format SAML Assn AssnType: Authn SubjName: Subj SubjConf: SendV ConfData: K pub (sen) Message Body Signature (K priv (sen) )

Bindings 0.5/1 (Original): MITM Attack Analysis Assumption: Sender  Subject –Subject public key CANNOT be used by Receiver to confirm subject (Sender does not have access to Subject private key; thus cannot apply signature to message) Receiver trusts Sender to assert the correct subject –Another way of saying this: Sender can assert incorrect subjects –No other party can forge messages “from” Sender because Receiver validates Attr. Authority’s assertion of Sender’s public key, and Receiver validates Sender’s assertion of binding of Authn Assertion to message body. Net: No intermediary between Sender and Receiver can execute MITM cut-and-paste attack.

Bindings 0.5/1 (Revised): Context Sender Receiver Subj SAML Authn Authority SAML Attr Authority Message w/SAML Assn about Subj

Bindings 0.5/1 (Revised): Message Format SAML Assn AssnType: Authn SubjName: Subj SubjConf: SendV ConfData: K pub (sub) Message Body Signature (K priv (sub) )

Bindings 0.5/1 (Revised): MITM Attack Analysis Sender = Subject, so presumably subject does not attempt to forge own messages. No other party can forge subject’s signature. However, correspondence of subject identity from Authn Assn and public key in SubjectConfirmation/ConfData element is NOT checked by Receiver. –Therefore, Receiver trusts Authn Authority to never generate an assertion with SubjConf = SenV and ConfData  public-key(assertion subject)

Bindings 0.5/1 (Revised) = HOK Since sender = subject, the key in ConfData is always the subject’s public key. The same effect is achieved by setting SubjConf = HOK and ConfData = K pub (sub) ! So there’s no need for another SubjectConfirmation method if this is all we want to do.

Alternate Proposal: SenderVouches

SenderVouches: Goals Permit sender to vouch that Authn assertion sent with message designates the correct subject Enable use of a single subject assertion in multiple messages from the same sender Keep information relating to sender out of assertions about subject Keep information relating to the message out of assertions about subject (i.e. message digest in assertion)

SenderVouches: Context SenderReceiver Subj SAML Authn Authority SAML Attr Authority Message w/SAML Assn about Subj

SenderVouches: Message Format SAML Assn AssnType: Authn SubjName: Subj SubjConf: SendV SAML Assn AssnType: Attr Subject: Sender Attribute: K pub SubjConf: HOK Message Body Signature (sender K priv )

SenderVouches: Processing (1) Extract Authn assertion Extract Authn assertion’s SubjConf method –It is “SenderVouches” –“SenderVouches” method requres Receiver to look for Sender’s claim that the Authn assertion designates the correct subject –In the store-and-forward case, this claim consists of the signature which Sender applied to the entire message (which incorporates both assertions and the message body)

SenderVouches: Processing (2) Validate SubjectConf of Authn Assertion –Retrieve Sender public key from Attr Assertion –Extract SubjConf from Attr Assertion (= “HOK”) –use Sender public key to verify signature on message This validates the fact that “Sender” is the subject of the Attr assertion, because the signature proves the sender’s possession of the private key corresponding to the public key asserted by the Attr Assertion. It also binds the Authn and Attr assertions to the message body … which in turn validates the fact that “Subj” is the subject of the Authn assertion, because Sender’s signature represents Sender’s claim that the Authn assertion designates the correct subject

SenderVouches: Trust Model Receiver trusts Sender to vouch that the Authentication Assertion designates the correct subject Receiver trusts SAML Attr Authority to vouch for the Sender’s public key Sender trusts SAML Authn Authority to vouch for the Subject’s name Open question: does Receiver need to trust SAML Authn Authority to vouch for the Subject’s name? Or can it simply rely transitively on the Sender’s trust in this?

SenderVouches: Trust Relationships SenderReceiver Subj SAML Authn Authority SAML Attr Authority SubjectName SubjectConf SenderKey

SenderVouches: MITM Attack Analysis Assumption: Sender  Subject –Subject public key CANNOT be used by Receiver to confirm subject (Sender does not have access to Subject private key; thus cannot apply signature to message) Receiver trusts Sender to assert the correct subject –Another way of saying this: Sender can assert incorrect subjects –No other party can forge messages “from” Sender because Receiver validates Attr. Authority’s assertion of Sender’s public key, and Receiver validates Sender’s assertion of binding of Authn Assertion to message body. Net: No intermediary between Sender and Receiver can execute MITM cut-and-paste attack. Exactly the same as Bindings 0.5 (Original)

Advantages Over Other Proposals Supports SubjConf via Sender vouching No requirement for information about message in any assertion No requirement for information about Sender in Subj Authn assertion Thus both assertions can be re-used independently Single signature verification validates SubjConf for both assertions

Use in Session-Oriented Environments SubjConf = “SenderVouches” should also be usable in session-oriented environments –Could be done analogously to store-and-forward: simply send a message within the session which consists of the two assertions and the original message body –Could be done by depending on the session security infrastructure (Receiver verifies Sender identity at session setup time; any message containing Authn assertion within session context is treated as if Sender implicitly asserted that Authn assertion designates the correct subject

Conclusion To accomplish goals of Bindings 0.5/1 (Original) and Bindings 0.5/2, use SenderVouches To accomplish goals of Bindings 0.5/1 (Revised) use HolderOfKey

SAML Trust Models

SubjectConfirmation for Authentication Assertions: Trust Models

What is a Trust Model? Initial Conditions –Initial knowledge state of each entity e.g. RP knows AuthnAuthority PublicKey Assumptions –Conditions which are necessary for security but which we can’t verify e.g. Signatures can’t be forged e.g. AuthnAuthority private-key not compromised Rules –Describe “who trusts whom for what if why”. Form of rules is: “Entity-X trusts Entity-Y for Z if Condition-C” e.g. “RP trusts AuthnAuthority for name-assertion if AuthnAuthority- Signature-Verifies”

What Is SubjectConfirmation? Mitigation for threats against assertions in a particular environment of use Assertion requester specifies what SubjectConfirmation should be applied to the assertion to counter threats anticipated in environment of intended use Issuer applies requested SubjectConfirmation to assertion Relying Party uses SubjectConfirmation method specified in assertion to counter threats

Bearer SenderReceiver SAML Authn Authority SubjectName Subj

HolderOfKey SenderReceiver Subj SAML Authn Authority SubjectConf SubjectName

ChallengeProtocol SenderReceiver Subj SAML Authn Authority SubjectConf SubjectName

SenderVouches (Option 1) SenderReceiver Subj SAML Authn Authority SAML Attr Authority SubjectName SubjectConf(Sender), SubjectConf(Subj) SenderKey SubjectName

SenderVouches (Option 2) SenderReceiver Subj SAML Authn Authority SAML Attr Authority SubjectName SenderKey SubjectConf(Sender), SubjectConf(Subj)

Semantics of SAML Subject Information

Information About Subjects Subject Designation –Designates the subject to whom the statement(s) in an assertion refers. Subject Confirmation –Designates a method which a relying party may use to confirm that an attribute it has received refers to the “correct” subject. This is used to counter various threats in specific bindings.

Semantics of Subject Designation Elements Subject Designation Elements used both in Assertions and in Queries: –Subject/NameIdentifier The name of the subject to whom the assertion refers –Subject/AssertionSpecifier The identifier of another assertion which designates the subject to whom the assertion refers Subject Designation Elements used in Queries only: –Artifact A value which can be passed to an assertion issuer. An artifact designates a particular subject (or even a particular pre-existing assertion) to an issuer. However, an artifact conveys no information about the subject to whom an assertion refers to any party except the assertion issuer.

Semantics of SubjectConfirmation Element SubjectConfirmation –The mechanism by which a relying party can satisfy itself that the assertion refers to the correct subject. –This element does NOT designate any subject. It designates a mechanism by which the relying party confirming the correctness of the designation in the Subject Designator. –This element should NOT be part of the Subject element It is used to “Confirm” subject, so it should not be an element of what it confirms –This element SHOULD be part of the Query element Requesters need to be able to ask for an assertion whose SubjecConfirmation method addresses the threats which exist in the context in which the assertion will be used Only the SubjectConfirmation/ConfirmationMethod attribute should be specified in the Query

Semantics of SubjectConfirmation Attributes The Attributes of the SubjectConfirmation element are: –SubjectConfirmation/ConfirmationMethod: values of this attribute include Bearer HolderOfKey (Hal proposes “name” as a way to get Cert/PubKey) ChallengeProtocol SenderVouches –SubjectConfirmation/ConfirmationData Specifies the data needed to confirm subject using ChallengeProtocol method –SubjectConfirmation/ds:KeyInfo Specifies the key needed to confirm subject using HolderOfKey method

Receipt of Currently Invalid Assertions

Assertion Requester Responsibility to Validate Requesting party SHOULD verify validity of each assertions returned in response to its request to an authority. Authorities MAY return expired assertions. Authorities MAY return assertions which are not yet valid, but will be valid starting at some time in the future.

Assertion Relying Party Responsibility to Validate Relying party SHOULD verify validity of each assertions it receives before relying upon them. Senders MAY transmit expired assertions to Relying Parties. Senders MAY transmit to Relying Parties assertions which are not yet valid, but will be valid starting at some time in the future.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.