Download presentation
Presentation is loading. Please wait.
Published byLillian Turner Modified over 9 years ago
1
1 On Breaking SAML: Be Whoever You Want to Be Juraj Somorovsky, 21st USENIX Security Symposium On Breaking SAML: Be Whoever You Want to Be Juraj Somorovsky 1, Andreas Mayer 2, Jörg Schwenk 1, Marco Kampmann 1, and Meiko Jensen 1 1 Horst-Görtz Institute for IT-Security, Ruhr-University Bochum 2 Adolf Würth GmbH & Co. KG
2
2 On Breaking SAML: Be Whoever You Want to Be Juraj Somorovsky, 21st USENIX Security Symposium Service Provider Motivation – Single Sign-On 2 Identity Provider Website Visit and redirect User: Bob Role: guest User: Bob Role: guest User: Bob Role: guest User: Bob Role: guest User: Bob Role: guest User: Bob Role: guest Too many identities / passwords Solution: Single Sign-On Advantages: one password for users, no password management for Service Providers
3
3 On Breaking SAML: Be Whoever You Want to Be Juraj Somorovsky, 21st USENIX Security Symposium OpenID OAuth Security Assertion Markup Language (SAML) OASIS Web Services or browser-based Single Sign-On Authentication Statements stored in Assertions 3 Motivation – Single Sign-On
4
4 On Breaking SAML: Be Whoever You Want to Be Juraj Somorovsky, 21st USENIX Security Symposium Service Provider Motivation – Single Sign-On How do we secure the messages? Does SSL / TLS help? Messages secured only during transport! 4 Identity Provider Website Visit and redirect User: Bob Role: guest User: Bob Role: guest User: Bob Role: guest User: Bob Role: guest User: Bob Role: guest User: Bob Role: guest
5
5 On Breaking SAML: Be Whoever You Want to Be Juraj Somorovsky, 21st USENIX Security Symposium User: Bob Role: guest User: Bob Role: guest Service Provider Motivation – Single Sign-On Does SSL / TLS help? Need for message level security! 5 Identity Provider Website Visit and redirect User: Bob Role: guest User: Bob Role: guest User: Bob Role: guest User: Bob Role: guest User: Admin Role: Admin User: Admin Role: Admin User: Admin Role: Admin User: Admin Role: Admin
6
6 On Breaking SAML: Be Whoever You Want to Be Juraj Somorovsky, 21st USENIX Security Symposium Message level security? Realized using XML Signatures Are we secure? Service Provider Motivation – Single Sign-On 6 Identity Provider Website Visit and redirect User: Bob Role: guest User: Bob Role: guest User: Bob Role: guest User: Bob Role: guest User: Bob Role: guest User: Bob Role: guest User: Admin Role: Admin User: Admin Role: Admin
7
7 On Breaking SAML: Be Whoever You Want to Be Juraj Somorovsky, 21st USENIX Security Symposium 7 Overview 1.Securing SAML with XML Signature 2.XML Signature Wrapping Attacks 3.Practical Evaluation 4.Penetration Test Library 5.Countermeasures 6.Conclusion
8
8 On Breaking SAML: Be Whoever You Want to Be Juraj Somorovsky, 21st USENIX Security Symposium www.SecureIdP.com Bob@SecureIdP.com <saml:Conditions NotBefore="2011-08-08T14:42:00Z" NotOnOrAfter="2011-08-08T14:47:00Z"> www.SecureSP.com 8 SAML Assertion Assertion Subject Issuer NameID Conditions Audience SecureIdP Bob SecureSP
9
9 On Breaking SAML: Be Whoever You Want to Be Juraj Somorovsky, 21st USENIX Security Symposium 9 Securing SAML with XML Signature Assertion Subject Binding SignatureValue Signature SignedInfo Reference URI=”#123” DigestValue Id=”123” Subject Assertion SignatureValue Signature SignedInfo Reference URI=”#123” DigestValue Id=”123” Bob Two typical usages Binding
10
10 On Breaking SAML: Be Whoever You Want to Be Juraj Somorovsky, 21st USENIX Security Symposium 10 Securing SAML with XML Signature Assertion Subject Binding SignatureValue Signature SignedInfo Reference URI=”#123” DigestValue Id=”123” Bob Naive (typical) processing: 1.Signature validation: Id-based 2.Assertion evaluation: /Binding/Assertion/Subject Signature Verification Assertion Evaluation Assertion Subject Binding SignatureValue Signatur e SignedI nfo Referen ce URI=”#123” DigestVa lue Id=”123” Bob valid
11
11 On Breaking SAML: Be Whoever You Want to Be Juraj Somorovsky, 21st USENIX Security Symposium 11 Overview 1.Securing SAML with XML Signature 2.XML Signature Wrapping Attacks 3.Practical Evaluation 4.Penetration Test Library 5.Countermeasures 6.Conclusion
12
12 On Breaking SAML: Be Whoever You Want to Be Juraj Somorovsky, 21st USENIX Security Symposium 12 XML Signature Wrapping Attack on SAML 1.Place the original Assertion including its Binding element into another element 2.Change the Id of the original element 3.The Reference now points to the original element: signature is valid 4.Insert a new Assertion Assertion Subject Binding Signature SignedInfo Reference URI=”#123” Id=”123” Bob Assertion Subject Binding Id=”123” Bob Id=”evil” Assertion Subject Admin Binding
13
13 On Breaking SAML: Be Whoever You Want to Be Juraj Somorovsky, 21st USENIX Security Symposium 13 XML Signature Wrapping Attack on SAML Signature Verification Assertion Evaluation valid Admin Assertion Subject Binding Signat ure Signe dInfo Refer ence URI=”#123” Id=”123” Bob Assertion Subject Binding Id=”123” Bob Id=”evil” Assertion Subject Admin Binding Assertion Subject Binding Signature SignedInfo Reference URI=”#123” Id=”123” Bob Assertion Subject Binding Id=”123” Bob Id=”evil” Assertion Subject Admin Binding
14
14 On Breaking SAML: Be Whoever You Want to Be Juraj Somorovsky, 21st USENIX Security Symposium 14 XML Signature Wrapping Attack on SAML – Threat model Change arbitrary data in the Assertion: Subject, Timestamp... Attacker: everybody who can gain a signed Assertion... 1.Registering by the Identity Provider 2.Message eavesdropping 3.Google Hacking Single Point of Failure!
15
15 On Breaking SAML: Be Whoever You Want to Be Juraj Somorovsky, 21st USENIX Security Symposium User: Bob Role: guest User: Bob Role: guest Service Provider XML Signature Wrapping Attack on SAML Identity Provider User: Bob Role: guest User: Bob Role: guest User: Bob Role: guest User: Bob Role: guest User: Admin Role: Admin User: Admin Role: Admin User: Admin Role: Admin User: Admin Role: Admin Assertion Binding Signature SignedInfo Reference URI=”#123” Id=”123” Bob 15 Binding Signature SignedInfo Reference URI=”#123” Id=”123” Assertion Binding Id=”123” Bob Id=”evil” Assertion Admin Binding
16
16 On Breaking SAML: Be Whoever You Want to Be Juraj Somorovsky, 21st USENIX Security Symposium XML Signature Wrapping Attack on SAML How about them? Framework / ProviderBindingApplication Apache Axis 2SOAPWSO2 Web Services GuanxiHTTPSakai Project (www.sakaiproject.org) Higgins 1.xHTTPIdentity project IBM Datapower XS40SOAPEnterprise XML Security Gateway JOSSOHTTPMotorola, NEC, Redhat WIFHTTPMicrosoft Sharepoint 2010 OIOSAMLHTTPDanish eGovernment (e.g. www.virk.dk) OpenAMHTTPEnterprise-Class Open Source SSO OneLoginHTTPJoomla, Wordpress, SugarCRM, Drupal OpenAthensHTTPUK Federation (www.eduserv.org.uk) OpenSAMLHTTPShibboleth, SuisseID SalesforceHTTPCloud Computing and CRM SimpleSAMLphpHTTPDanish e-ID Federation (www.wayf.dk) WSO2HTTPeBay, Deutsche Bank, HP 16
17
17 On Breaking SAML: Be Whoever You Want to Be Juraj Somorovsky, 21st USENIX Security Symposium 17 Overview 1.Securing SAML with XML Signature 2.XML Signature Wrapping Attacks 3.Practical Evaluation 4.Penetration Test Library 5.Countermeasures 6.Conclusion
18
18 On Breaking SAML: Be Whoever You Want to Be Juraj Somorovsky, 21st USENIX Security Symposium XML Signature Wrapping Attack on SAML – Results Assertion Subject Binding Signature SignedInfo Reference URI=”#123” Id=”123” Bob Assertion Subject Binding Id=”123” Bob Id=”evil” Assertion Subject Admin Binding Guanxi, JOSSOWSO2 Assertion Subject Binding Signature SignedInfo Reference URI=”#123” Id=”123” Bob Assertion Subject Binding Id=”123” Bob Id=”evil” Assertion Subject Admin Binding 18
19
19 On Breaking SAML: Be Whoever You Want to Be Juraj Somorovsky, 21st USENIX Security Symposium XML Signature Wrapping Attack on SAML – Results Binding Signature SignedInfo Reference URI=”#123” Assertion Subject Id=”123” Bob Id=”evil” Assertion Subject Admin Binding Higgins, Apache Axis2, IBM XS 40OpenAM, Salesforce Binding Signature SignedInfo Reference URI=”#123” Assertion Subject Id=”123” Bob Id=”evil” Assertion Subject Admin 19
20
20 On Breaking SAML: Be Whoever You Want to Be Juraj Somorovsky, 21st USENIX Security Symposium Attack on OpenSAML 20 Is Signature Wrapping always that easy? OpenSAML implemented a few countermeasures: 1.Checked if the signed assertion has the same ID value as the processed one 2.Validated XML Schema Not possible to insert two elements with the same ID values
21
21 On Breaking SAML: Be Whoever You Want to Be Juraj Somorovsky, 21st USENIX Security Symposium Attack on OpenSAML 21 1.ID values checking: Basic idea – using two identical ID values 2.XML Schema validation: 1.Put the Assertion into an extensible element (e.g. ) 2.Two identical ID attributes (XML Xerces Parser bug) Which element is verified? C++ takes the first found element Assertion Subject Binding Signature SignedInfo Reference URI=”#123” Bob Assertion Subject Extensions Id=”123” Bob Assertion Subject Admin Id=”123” OpenSAML C++
22
22 On Breaking SAML: Be Whoever You Want to Be Juraj Somorovsky, 21st USENIX Security Symposium Attack on OpenSAML 22 Assertion Subject Binding Signature SignedInfo Reference URI=”#123” Bob Assertion Subject Extensions Id=”123” Bob Assertion Subject Admin Id=”123” OpenSAML C++ references the first found element OpenSAML Java references the last found element Assertion Subject Binding Signature SignedInfo Reference URI=”#123” Bob Assertion Subject Object Id=”123” Bob Assertion Subject Admin Id=”123”
23
23 On Breaking SAML: Be Whoever You Want to Be Juraj Somorovsky, 21st USENIX Security Symposium Beyond Signature Wrapping: Signature Exclusion 23 Lame but … …Worked against: – Apache Axis2 – JOSSO – OpenAthens Assertion Subject Binding Signature SignedInfo Reference URI=”#123” Bob Assertion Subject Id=”123” Bob Assertion Subject Admin
24
24 On Breaking SAML: Be Whoever You Want to Be Juraj Somorovsky, 21st USENIX Security Symposium SAML Signature Wrapping – Summary 24 Framework / ProviderSignature ExclusionSignature Wrapping Apache Axis 2XX GuanxiX Higgins 1.xX IBM Datapower XS40X JOSSOXX WIF OIOSAMLX OpenAMX OneLoginX OpenAthensX OpenSAMLX SalesforceX SimpleSAMLphp WSO2X Danish eGovernment Shibboleth, SwissID … Enterprise Applications Joomla, Wordpress, SugarCRM, Drupal
25
25 On Breaking SAML: Be Whoever You Want to Be Juraj Somorovsky, 21st USENIX Security Symposium 25 Overview 1.Securing SAML with XML Signature 2.XML Signature Wrapping Attacks 3.Practical Evaluation 4.Penetration Test Library 5.Countermeasures 6.Conclusion
26
26 On Breaking SAML: Be Whoever You Want to Be Juraj Somorovsky, 21st USENIX Security Symposium Considered all the attack vectors: 1.Different permutations of signed / processed Assertions 2.Id processing 3.Signature exclusion attacks 4.XML Schema extensions Further attacks on Salesforce interface Will be included in our WS-Attacker framework http://ws-attacker.sourceforge.net/ 26 Penetration Test Library
27
27 On Breaking SAML: Be Whoever You Want to Be Juraj Somorovsky, 21st USENIX Security Symposium 27 Overview 1.Securing SAML with XML Signature 2.XML Signature Wrapping Attacks 3.Practical Evaluation 4.Penetration Test Library 5.Countermeasures 6.Conclusion
28
28 On Breaking SAML: Be Whoever You Want to Be Juraj Somorovsky, 21st USENIX Security Symposium General problem: different processing modules have different views on documents 28 Countermeasures Signature Verification Assertion Evaluation Valid / Invalid Id-based /Binding/Assertion/Subject Assertion Subject Binding SignatureValue Signatur e SignedI nfo Referen ce URI=”#123” DigestVa lue Id=”123” Bob User
29
29 On Breaking SAML: Be Whoever You Want to Be Juraj Somorovsky, 21st USENIX Security Symposium Forward only signed elements Also called see-only-what-is-signed 29 Countermeasure 1: Strict Filtering Binding Assertion Signature Verification Signature Binding Assertion Assertion Evaluation
30
30 On Breaking SAML: Be Whoever You Want to Be Juraj Somorovsky, 21st USENIX Security Symposium Signature verification generates a random number r The verified data is tainted with r r is forwarded to the Assertion evaluation logic 30 Countermeasure 2: Data Tainting Binding Assertion Signature Verification Signature Assertion Evaluation Binding Assertion Signature r = xyz r=”xyz”
31
31 On Breaking SAML: Be Whoever You Want to Be Juraj Somorovsky, 21st USENIX Security Symposium 31 Overview 1.SAML Assertion 2.Securing SAML with XML Signature 3.XML Signature Wrapping Attacks 4.Practical Evaluation 5.Countermeasures 6.Conclusion
32
32 On Breaking SAML: Be Whoever You Want to Be Juraj Somorovsky, 21st USENIX Security Symposium We showed critical Signature Wrappings in SAML, 12 out of 14 frameworks affected! All providers informed Signature Wrapping known since 2005, but: Not in focus of research community Nearly all implementations are vulnerable Not easy to fix: many permutations, vulnerable libraries Be aware of Signature Wrapping when applying: In Web Services SAML Beyond XML: Could be applied in all the scenarios where different processing modules have different views on documents 32 Conclusion
33
33 On Breaking SAML: Be Whoever You Want to Be Juraj Somorovsky, 21st USENIX Security Symposium Thank you for your attention Juraj Somorovsky 1, Andreas Mayer 2, Jörg Schwenk 1, Marco Kampmann 1, and Meiko Jensen 1 1 Horst-Görtz Institute for IT-Security, Ruhr-University Bochum 2 Adolf Würth GmbH & Co. KG
34
34 On Breaking SAML: Be Whoever You Want to Be Juraj Somorovsky, 21st USENIX Security Symposium Responsible Disclosure 34 Apache Axis 205.04.2011??? Guanxi25.07.2011??? Higgins 1.x24.04.2011Open IBM XS40Oct 2011?? JOSSO18.02.2011March 2011 OIOSAML25.07.201103.08.2011 OpenAM03.12.201107.12.2011 OneLogin03.06.2011??? OpenAthens29.07.201105.08.2011 OpenSAML18.07.201125.07.2011 Salesforce03.06.201113.06.2011 WSO216.02.201118.07.2011
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.