Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 On Breaking SAML: Be Whoever You Want to Be Juraj Somorovsky, 21st USENIX Security Symposium On Breaking SAML: Be Whoever You Want to Be Juraj Somorovsky.

Published byLillian Turner Modified over 9 years ago

Similar presentations

Presentation on theme: "1 On Breaking SAML: Be Whoever You Want to Be Juraj Somorovsky, 21st USENIX Security Symposium On Breaking SAML: Be Whoever You Want to Be Juraj Somorovsky."— Presentation transcript:

1 1 On Breaking SAML: Be Whoever You Want to Be Juraj Somorovsky, 21st USENIX Security Symposium On Breaking SAML: Be Whoever You Want to Be Juraj Somorovsky 1, Andreas Mayer 2, Jörg Schwenk 1, Marco Kampmann 1, and Meiko Jensen 1 1 Horst-Görtz Institute for IT-Security, Ruhr-University Bochum 2 Adolf Würth GmbH & Co. KG

2 2 On Breaking SAML: Be Whoever You Want to Be Juraj Somorovsky, 21st USENIX Security Symposium Service Provider Motivation – Single Sign-On 2 Identity Provider Website Visit and redirect User: Bob Role: guest User: Bob Role: guest User: Bob Role: guest User: Bob Role: guest User: Bob Role: guest User: Bob Role: guest Too many identities / passwords Solution: Single Sign-On Advantages: one password for users, no password management for Service Providers

3 3 On Breaking SAML: Be Whoever You Want to Be Juraj Somorovsky, 21st USENIX Security Symposium OpenID OAuth Security Assertion Markup Language (SAML) OASIS Web Services or browser-based Single Sign-On Authentication Statements stored in Assertions 3 Motivation – Single Sign-On

4 4 On Breaking SAML: Be Whoever You Want to Be Juraj Somorovsky, 21st USENIX Security Symposium Service Provider Motivation – Single Sign-On How do we secure the messages? Does SSL / TLS help? Messages secured only during transport! 4 Identity Provider Website Visit and redirect User: Bob Role: guest User: Bob Role: guest User: Bob Role: guest User: Bob Role: guest User: Bob Role: guest User: Bob Role: guest

5 5 On Breaking SAML: Be Whoever You Want to Be Juraj Somorovsky, 21st USENIX Security Symposium User: Bob Role: guest User: Bob Role: guest Service Provider Motivation – Single Sign-On Does SSL / TLS help? Need for message level security! 5 Identity Provider Website Visit and redirect User: Bob Role: guest User: Bob Role: guest User: Bob Role: guest User: Bob Role: guest User: Admin Role: Admin User: Admin Role: Admin User: Admin Role: Admin User: Admin Role: Admin

6 6 On Breaking SAML: Be Whoever You Want to Be Juraj Somorovsky, 21st USENIX Security Symposium Message level security? Realized using XML Signatures Are we secure? Service Provider Motivation – Single Sign-On 6 Identity Provider Website Visit and redirect User: Bob Role: guest User: Bob Role: guest User: Bob Role: guest User: Bob Role: guest User: Bob Role: guest User: Bob Role: guest User: Admin Role: Admin User: Admin Role: Admin

7 7 On Breaking SAML: Be Whoever You Want to Be Juraj Somorovsky, 21st USENIX Security Symposium 7 Overview 1.Securing SAML with XML Signature 2.XML Signature Wrapping Attacks 3.Practical Evaluation 4.Penetration Test Library 5.Countermeasures 6.Conclusion

8 8 On Breaking SAML: Be Whoever You Want to Be Juraj Somorovsky, 21st USENIX Security Symposium www.SecureIdP.com Bob@SecureIdP.com <saml:Conditions NotBefore="2011-08-08T14:42:00Z" NotOnOrAfter="2011-08-08T14:47:00Z"> www.SecureSP.com 8 SAML Assertion Assertion Subject Issuer NameID Conditions Audience SecureIdP Bob SecureSP

9 9 On Breaking SAML: Be Whoever You Want to Be Juraj Somorovsky, 21st USENIX Security Symposium 9 Securing SAML with XML Signature Assertion Subject Binding SignatureValue Signature SignedInfo Reference URI=”#123” DigestValue Id=”123” Subject Assertion SignatureValue Signature SignedInfo Reference URI=”#123” DigestValue Id=”123” Bob Two typical usages Binding

10 10 On Breaking SAML: Be Whoever You Want to Be Juraj Somorovsky, 21st USENIX Security Symposium 10 Securing SAML with XML Signature Assertion Subject Binding SignatureValue Signature SignedInfo Reference URI=”#123” DigestValue Id=”123” Bob Naive (typical) processing: 1.Signature validation: Id-based 2.Assertion evaluation: /Binding/Assertion/Subject Signature Verification Assertion Evaluation Assertion Subject Binding SignatureValue Signatur e SignedI nfo Referen ce URI=”#123” DigestVa lue Id=”123” Bob valid

11 11 On Breaking SAML: Be Whoever You Want to Be Juraj Somorovsky, 21st USENIX Security Symposium 11 Overview 1.Securing SAML with XML Signature 2.XML Signature Wrapping Attacks 3.Practical Evaluation 4.Penetration Test Library 5.Countermeasures 6.Conclusion

12 12 On Breaking SAML: Be Whoever You Want to Be Juraj Somorovsky, 21st USENIX Security Symposium 12 XML Signature Wrapping Attack on SAML 1.Place the original Assertion including its Binding element into another element 2.Change the Id of the original element 3.The Reference now points to the original element: signature is valid 4.Insert a new Assertion Assertion Subject Binding Signature SignedInfo Reference URI=”#123” Id=”123” Bob Assertion Subject Binding Id=”123” Bob Id=”evil” Assertion Subject Admin Binding

13 13 On Breaking SAML: Be Whoever You Want to Be Juraj Somorovsky, 21st USENIX Security Symposium 13 XML Signature Wrapping Attack on SAML Signature Verification Assertion Evaluation valid Admin Assertion Subject Binding Signat ure Signe dInfo Refer ence URI=”#123” Id=”123” Bob Assertion Subject Binding Id=”123” Bob Id=”evil” Assertion Subject Admin Binding Assertion Subject Binding Signature SignedInfo Reference URI=”#123” Id=”123” Bob Assertion Subject Binding Id=”123” Bob Id=”evil” Assertion Subject Admin Binding

14 14 On Breaking SAML: Be Whoever You Want to Be Juraj Somorovsky, 21st USENIX Security Symposium 14 XML Signature Wrapping Attack on SAML – Threat model Change arbitrary data in the Assertion: Subject, Timestamp... Attacker: everybody who can gain a signed Assertion... 1.Registering by the Identity Provider 2.Message eavesdropping 3.Google Hacking Single Point of Failure!

15 15 On Breaking SAML: Be Whoever You Want to Be Juraj Somorovsky, 21st USENIX Security Symposium User: Bob Role: guest User: Bob Role: guest Service Provider XML Signature Wrapping Attack on SAML Identity Provider User: Bob Role: guest User: Bob Role: guest User: Bob Role: guest User: Bob Role: guest User: Admin Role: Admin User: Admin Role: Admin User: Admin Role: Admin User: Admin Role: Admin Assertion Binding Signature SignedInfo Reference URI=”#123” Id=”123” Bob 15 Binding Signature SignedInfo Reference URI=”#123” Id=”123” Assertion Binding Id=”123” Bob Id=”evil” Assertion Admin Binding

16 16 On Breaking SAML: Be Whoever You Want to Be Juraj Somorovsky, 21st USENIX Security Symposium XML Signature Wrapping Attack on SAML How about them? Framework / ProviderBindingApplication Apache Axis 2SOAPWSO2 Web Services GuanxiHTTPSakai Project (www.sakaiproject.org) Higgins 1.xHTTPIdentity project IBM Datapower XS40SOAPEnterprise XML Security Gateway JOSSOHTTPMotorola, NEC, Redhat WIFHTTPMicrosoft Sharepoint 2010 OIOSAMLHTTPDanish eGovernment (e.g. www.virk.dk) OpenAMHTTPEnterprise-Class Open Source SSO OneLoginHTTPJoomla, Wordpress, SugarCRM, Drupal OpenAthensHTTPUK Federation (www.eduserv.org.uk) OpenSAMLHTTPShibboleth, SuisseID SalesforceHTTPCloud Computing and CRM SimpleSAMLphpHTTPDanish e-ID Federation (www.wayf.dk) WSO2HTTPeBay, Deutsche Bank, HP 16

17 17 On Breaking SAML: Be Whoever You Want to Be Juraj Somorovsky, 21st USENIX Security Symposium 17 Overview 1.Securing SAML with XML Signature 2.XML Signature Wrapping Attacks 3.Practical Evaluation 4.Penetration Test Library 5.Countermeasures 6.Conclusion

18 18 On Breaking SAML: Be Whoever You Want to Be Juraj Somorovsky, 21st USENIX Security Symposium XML Signature Wrapping Attack on SAML – Results Assertion Subject Binding Signature SignedInfo Reference URI=”#123” Id=”123” Bob Assertion Subject Binding Id=”123” Bob Id=”evil” Assertion Subject Admin Binding Guanxi, JOSSOWSO2 Assertion Subject Binding Signature SignedInfo Reference URI=”#123” Id=”123” Bob Assertion Subject Binding Id=”123” Bob Id=”evil” Assertion Subject Admin Binding 18

19 19 On Breaking SAML: Be Whoever You Want to Be Juraj Somorovsky, 21st USENIX Security Symposium XML Signature Wrapping Attack on SAML – Results Binding Signature SignedInfo Reference URI=”#123” Assertion Subject Id=”123” Bob Id=”evil” Assertion Subject Admin Binding Higgins, Apache Axis2, IBM XS 40OpenAM, Salesforce Binding Signature SignedInfo Reference URI=”#123” Assertion Subject Id=”123” Bob Id=”evil” Assertion Subject Admin 19

20 20 On Breaking SAML: Be Whoever You Want to Be Juraj Somorovsky, 21st USENIX Security Symposium Attack on OpenSAML 20 Is Signature Wrapping always that easy? OpenSAML implemented a few countermeasures: 1.Checked if the signed assertion has the same ID value as the processed one 2.Validated XML Schema Not possible to insert two elements with the same ID values

21 21 On Breaking SAML: Be Whoever You Want to Be Juraj Somorovsky, 21st USENIX Security Symposium Attack on OpenSAML 21 1.ID values checking: Basic idea – using two identical ID values 2.XML Schema validation: 1.Put the Assertion into an extensible element (e.g. ) 2.Two identical ID attributes (XML Xerces Parser bug) Which element is verified? C++ takes the first found element Assertion Subject Binding Signature SignedInfo Reference URI=”#123” Bob Assertion Subject Extensions Id=”123” Bob Assertion Subject Admin Id=”123” OpenSAML C++

22 22 On Breaking SAML: Be Whoever You Want to Be Juraj Somorovsky, 21st USENIX Security Symposium Attack on OpenSAML 22 Assertion Subject Binding Signature SignedInfo Reference URI=”#123” Bob Assertion Subject Extensions Id=”123” Bob Assertion Subject Admin Id=”123” OpenSAML C++ references the first found element OpenSAML Java references the last found element Assertion Subject Binding Signature SignedInfo Reference URI=”#123” Bob Assertion Subject Object Id=”123” Bob Assertion Subject Admin Id=”123”

23 23 On Breaking SAML: Be Whoever You Want to Be Juraj Somorovsky, 21st USENIX Security Symposium Beyond Signature Wrapping: Signature Exclusion 23 Lame but … …Worked against: – Apache Axis2 – JOSSO – OpenAthens Assertion Subject Binding Signature SignedInfo Reference URI=”#123” Bob Assertion Subject Id=”123” Bob Assertion Subject Admin

24 24 On Breaking SAML: Be Whoever You Want to Be Juraj Somorovsky, 21st USENIX Security Symposium SAML Signature Wrapping – Summary 24 Framework / ProviderSignature ExclusionSignature Wrapping Apache Axis 2XX GuanxiX Higgins 1.xX IBM Datapower XS40X JOSSOXX WIF OIOSAMLX OpenAMX OneLoginX OpenAthensX OpenSAMLX SalesforceX SimpleSAMLphp WSO2X Danish eGovernment Shibboleth, SwissID … Enterprise Applications Joomla, Wordpress, SugarCRM, Drupal

25 25 On Breaking SAML: Be Whoever You Want to Be Juraj Somorovsky, 21st USENIX Security Symposium 25 Overview 1.Securing SAML with XML Signature 2.XML Signature Wrapping Attacks 3.Practical Evaluation 4.Penetration Test Library 5.Countermeasures 6.Conclusion

26 26 On Breaking SAML: Be Whoever You Want to Be Juraj Somorovsky, 21st USENIX Security Symposium Considered all the attack vectors: 1.Different permutations of signed / processed Assertions 2.Id processing 3.Signature exclusion attacks 4.XML Schema extensions Further attacks on Salesforce interface Will be included in our WS-Attacker framework http://ws-attacker.sourceforge.net/ 26 Penetration Test Library

27 27 On Breaking SAML: Be Whoever You Want to Be Juraj Somorovsky, 21st USENIX Security Symposium 27 Overview 1.Securing SAML with XML Signature 2.XML Signature Wrapping Attacks 3.Practical Evaluation 4.Penetration Test Library 5.Countermeasures 6.Conclusion

28 28 On Breaking SAML: Be Whoever You Want to Be Juraj Somorovsky, 21st USENIX Security Symposium General problem: different processing modules have different views on documents 28 Countermeasures Signature Verification Assertion Evaluation Valid / Invalid Id-based /Binding/Assertion/Subject Assertion Subject Binding SignatureValue Signatur e SignedI nfo Referen ce URI=”#123” DigestVa lue Id=”123” Bob User

29 29 On Breaking SAML: Be Whoever You Want to Be Juraj Somorovsky, 21st USENIX Security Symposium Forward only signed elements Also called see-only-what-is-signed 29 Countermeasure 1: Strict Filtering Binding Assertion Signature Verification Signature Binding Assertion Assertion Evaluation

30 30 On Breaking SAML: Be Whoever You Want to Be Juraj Somorovsky, 21st USENIX Security Symposium Signature verification generates a random number r The verified data is tainted with r r is forwarded to the Assertion evaluation logic 30 Countermeasure 2: Data Tainting Binding Assertion Signature Verification Signature Assertion Evaluation Binding Assertion Signature r = xyz r=”xyz”

31 31 On Breaking SAML: Be Whoever You Want to Be Juraj Somorovsky, 21st USENIX Security Symposium 31 Overview 1.SAML Assertion 2.Securing SAML with XML Signature 3.XML Signature Wrapping Attacks 4.Practical Evaluation 5.Countermeasures 6.Conclusion

32 32 On Breaking SAML: Be Whoever You Want to Be Juraj Somorovsky, 21st USENIX Security Symposium We showed critical Signature Wrappings in SAML, 12 out of 14 frameworks affected! All providers informed Signature Wrapping known since 2005, but: Not in focus of research community Nearly all implementations are vulnerable Not easy to fix: many permutations, vulnerable libraries Be aware of Signature Wrapping when applying: In Web Services SAML Beyond XML: Could be applied in all the scenarios where different processing modules have different views on documents 32 Conclusion

33 33 On Breaking SAML: Be Whoever You Want to Be Juraj Somorovsky, 21st USENIX Security Symposium Thank you for your attention Juraj Somorovsky 1, Andreas Mayer 2, Jörg Schwenk 1, Marco Kampmann 1, and Meiko Jensen 1 1 Horst-Görtz Institute for IT-Security, Ruhr-University Bochum 2 Adolf Würth GmbH & Co. KG

34 34 On Breaking SAML: Be Whoever You Want to Be Juraj Somorovsky, 21st USENIX Security Symposium Responsible Disclosure 34 Apache Axis 205.04.2011??? Guanxi25.07.2011??? Higgins 1.x24.04.2011Open IBM XS40Oct 2011?? JOSSO18.02.2011March 2011 OIOSAML25.07.201103.08.2011 OpenAM03.12.201107.12.2011 OneLogin03.06.2011??? OpenAthens29.07.201105.08.2011 OpenSAML18.07.201125.07.2011 Salesforce03.06.201113.06.2011 WSO216.02.201118.07.2011

Download ppt "1 On Breaking SAML: Be Whoever You Want to Be Juraj Somorovsky, 21st USENIX Security Symposium On Breaking SAML: Be Whoever You Want to Be Juraj Somorovsky."

Similar presentations

Central Authentication Service Roadmap JA-SIG Winter 2004.

Central Authentication Service Roadmap JA-SIG Winter 2004.
Deeper Security Analysis of Web-based Identity Federation Apurva Kumar IBM Research – India.

Deeper Security Analysis of Web-based Identity Federation Apurva Kumar IBM Research – India.
Integration Considerations Greg Thompson April 20 th, 2006 Copyright © 2006, Credentica Inc. All Rights Reserved.

Integration Considerations Greg Thompson April 20 th, 2006 Copyright © 2006, Credentica Inc. All Rights Reserved.
Lecture 23 Internet Authentication Applications

Lecture 23 Internet Authentication Applications
Software based Acceleration Methods for XML Signature (Or: is there such a method) Youjin Song DongGuk University, Korea Yuliang Zheng University of North.

Software based Acceleration Methods for XML Signature (Or: is there such a method) Youjin Song DongGuk University, Korea Yuliang Zheng University of North.
Will Darby 91.514 5 April 2010.  What is Federated Security  Security Assertion Markup Language (SAML) Overview  Example Implementations  Alternative.

Will Darby April  What is Federated Security  Security Assertion Markup Language (SAML) Overview  Example Implementations  Alternative.
Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.

Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.
By: Ansuya Chauhan.

By: Ansuya Chauhan.
Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.

Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.
T-110.5140 Network Application Frameworks and XML Service Federation 30.04.2007 Sasu Tarkoma.

T Network Application Frameworks and XML Service Federation Sasu Tarkoma.
20 March 2007 VOMS etc - www.gridsite.org - Andrew McNabwww.gridsite.org VOMS etc Andrew McNab University of Manchester.

20 March 2007 VOMS etc Andrew McNabwww.gridsite.org VOMS etc Andrew McNab University of Manchester.
 Key exchange o Kerberos o Digital certificates  Certificate authority structure o PGP, hierarchical model  Recovery from exposed keys o Revocation.

 Key exchange o Kerberos o Digital certificates  Certificate authority structure o PGP, hierarchical model  Recovery from exposed keys o Revocation.
OpenID And the Future of Digital Identity Alicia Bozyk April 1, 2008.

OpenID And the Future of Digital Identity Alicia Bozyk April 1, 2008.
Web services security I

Web services security I
Www.eduserv.org.uk/openathens Alumni Authentication… Explained Robert Scaysbrook – OpenAthens UK Account Manager.

Alumni Authentication… Explained Robert Scaysbrook – OpenAthens UK Account Manager.
Digital Signature Technologies & Applications Ed Jensen Fall 2013.

Digital Signature Technologies & Applications Ed Jensen Fall 2013.
IDENTITY MANAGEMENT Hoang Huu Hanh (PhD), OST – Hue University hanh-at-hueuni.edu.vn.

IDENTITY MANAGEMENT Hoang Huu Hanh (PhD), OST – Hue University hanh-at-hueuni.edu.vn.
Shibboleth-intro-dec051 Shibboleth A Technical Overview Tom Scavo NCSA.

Shibboleth-intro-dec051 Shibboleth A Technical Overview Tom Scavo NCSA.
1 SANS Technology Institute - Candidate for Master of Science Degree 1 STRIDE towards 2-factor Web SSO Rich Graves October 2014 GIAC GSE, GCIA, GCIH, GPEN,

1 SANS Technology Institute - Candidate for Master of Science Degree 1 STRIDE towards 2-factor Web SSO Rich Graves October 2014 GIAC GSE, GCIA, GCIH, GPEN,
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Similar presentations

Ads by Google