1 On Breaking SAML: Be Whoever You Want to Be Juraj Somorovsky, 21st USENIX Security Symposium On Breaking SAML: Be Whoever You Want to Be Juraj Somorovsky 1 , Andreas Mayer 2 , Jörg Schwenk 1 , Marco Kampmann 1 , and Meiko Jensen 1 1 Horst-Görtz Institute for IT-Security, Ruhr-University Bochum 2 Adolf Würth GmbH & Co. KG
33
Embed
1 On Breaking SAML: Be Whoever You Want to Be Juraj Somorovsky, 21st USENIX Security Symposium On Breaking SAML: Be Whoever You Want to Be Juraj Somorovsky.
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
1On Breaking SAML: Be Whoever You Want to Be Juraj Somorovsky, 21st USENIX Security Symposium
On Breaking SAML: Be Whoever You Want to Be
Juraj Somorovsky1, Andreas Mayer2, Jörg Schwenk1, Marco Kampmann1, and Meiko Jensen1
1Horst-Görtz Institute for IT-Security, Ruhr-University Bochum2Adolf Würth GmbH & Co. KG
2On Breaking SAML: Be Whoever You Want to Be Juraj Somorovsky, 21st USENIX Security Symposium
Service Provider
Motivation – Single Sign-On
2
Identity Provider
Website Visit and redirect
User: BobRole: guest
User: BobRole: guest
User: BobRole: guest
• Too many identities / passwords• Solution: Single Sign-On
• Advantages: one password for users, no password management for Service Providers
3On Breaking SAML: Be Whoever You Want to Be Juraj Somorovsky, 21st USENIX Security Symposium
• OpenID• OAuth• Security Assertion Markup Language (SAML)
• OASIS• Web Services or browser-based Single Sign-On• Authentication Statements stored in Assertions
3
Motivation – Single Sign-On
4On Breaking SAML: Be Whoever You Want to Be Juraj Somorovsky, 21st USENIX Security Symposium
Service Provider
Motivation – Single Sign-On
• How do we secure the messages? • Does SSL / TLS help?
• Messages secured only during transport!
4
Identity Provider
Website Visit and redirect
User: BobRole: guest
User: BobRole: guest
User: BobRole: guest
5On Breaking SAML: Be Whoever You Want to Be Juraj Somorovsky, 21st USENIX Security Symposium
User: BobRole: guest
Service Provider
Motivation – Single Sign-On
• Does SSL / TLS help?
• Need for message level security!
5
Identity Provider
Website Visit and redirect
User: BobRole: guest
User: BobRole: guest
User: AdminRole: Admin
User: AdminRole: Admin
6On Breaking SAML: Be Whoever You Want to Be Juraj Somorovsky, 21st USENIX Security Symposium
• Message level security?
• Realized using XML Signatures• Are we secure?
Service Provider
Motivation – Single Sign-On
6
Identity Provider
Website Visit and redirect
User: BobRole: guest
User: BobRole: guest
User: BobRole: guestUser: Admin
Role: Admin
7On Breaking SAML: Be Whoever You Want to Be Juraj Somorovsky, 21st USENIX Security Symposium 7
Overview
1. Securing SAML with XML Signature2. XML Signature Wrapping Attacks3. Practical Evaluation4. Penetration Test Library5. Countermeasures6. Conclusion
8On Breaking SAML: Be Whoever You Want to Be Juraj Somorovsky, 21st USENIX Security Symposium 8
11On Breaking SAML: Be Whoever You Want to Be Juraj Somorovsky, 21st USENIX Security Symposium 11
Overview
1. Securing SAML with XML Signature2. XML Signature Wrapping Attacks3. Practical Evaluation4. Penetration Test Library5. Countermeasures6. Conclusion
12On Breaking SAML: Be Whoever You Want to Be Juraj Somorovsky, 21st USENIX Security Symposium 12
XML Signature Wrapping Attack on SAML
1. Place the original Assertion including its Binding element into another element
2. Change the Id of the original element
3. The Reference now points to the original element: signature is valid
4. Insert a new Assertion
Assertion
Subject
Binding
Signature
SignedInfo
Reference URI=”#123”
Id=”123”
Bob
Assertion
Subject
Binding Id=”123”
Bob
Id=”evil”
Assertion
Subject
Admin
Binding
13On Breaking SAML: Be Whoever You Want to Be Juraj Somorovsky, 21st USENIX Security Symposium 13
XML Signature Wrapping Attack on SAML
Signature Verification
Assertion Evaluation
valid
AdminAssertion
Subject
BindingSignat
ureSignedInfoRefer
ence URI=”#123”
Id=”123”
Bob
Assertion
Subject
Binding Id=”123”
Bob
Id=”evil”
Assertion
Subject
Admin
Binding
Assertion
Subject
Binding
Signature
SignedInfo
Reference URI=”#123”
Id=”123”
Bob
Assertion
Subject
Binding Id=”123”
Bob
Id=”evil”
Assertion
Subject
Admin
Binding
14On Breaking SAML: Be Whoever You Want to Be Juraj Somorovsky, 21st USENIX Security Symposium 14
XML Signature Wrapping Attack on SAML – Threat model• Change arbitrary data in the Assertion: Subject, Timestamp ...• Attacker: everybody who can gain a signed Assertion...
1. Registering by the Identity Provider2. Message eavesdropping3. Google Hacking
• Single Point of Failure!
16On Breaking SAML: Be Whoever You Want to Be Juraj Somorovsky, 21st USENIX Security Symposium
XML Signature Wrapping Attack on SAML
• How about them?Framework / Provider Binding Application
Apache Axis 2 SOAP WSO2 Web Services
Guanxi HTTP Sakai Project (www.sakaiproject.org)
Higgins 1.x HTTP Identity project
IBM Datapower XS40 SOAP Enterprise XML Security Gateway
25On Breaking SAML: Be Whoever You Want to Be Juraj Somorovsky, 21st USENIX Security Symposium 25
Overview
1. Securing SAML with XML Signature2. XML Signature Wrapping Attacks3. Practical Evaluation4. Penetration Test Library5. Countermeasures6. Conclusion
26On Breaking SAML: Be Whoever You Want to Be Juraj Somorovsky, 21st USENIX Security Symposium 26
• Considered all the attack vectors:1. Different permutations of signed / processed Assertions2. Id processing3. Signature exclusion attacks4. XML Schema extensions
• Further attacks on Salesforce interface• Will be included in our WS-Attacker framework
• http://ws-attacker.sourceforge.net/
Penetration Test Library
27On Breaking SAML: Be Whoever You Want to Be Juraj Somorovsky, 21st USENIX Security Symposium 27
Overview
1. Securing SAML with XML Signature2. XML Signature Wrapping Attacks3. Practical Evaluation4. Penetration Test Library5. Countermeasures6. Conclusion
28On Breaking SAML: Be Whoever You Want to Be Juraj Somorovsky, 21st USENIX Security Symposium 28
• General problem: different processing modules have different views on documents
Countermeasures
Signature Verification
Assertion Evaluation
Valid /Invalid
Id-based
/Binding/Assertion/Subject
Assertion
Subject
Binding
SignatureValue
Signature
SignedInfo
Reference URI=”#123”
DigestValue
Id=”123”
Bob
User
29On Breaking SAML: Be Whoever You Want to Be Juraj Somorovsky, 21st USENIX Security Symposium 29
• Forward only signed elements• Also called see-only-what-is-signed
Countermeasure 1: Strict Filtering
Binding
Assertion
AssertionSignature
Verification
Signature
Binding
Assertion
Assertion Evaluation
30On Breaking SAML: Be Whoever You Want to Be Juraj Somorovsky, 21st USENIX Security Symposium 30
• Signature verification generates a random number r• The verified data is tainted with r• r is forwarded to the Assertion evaluation logic
Countermeasure 2: Data Tainting
Binding
Assertion
Assertion Signature Verification
Signature
Assertion Evaluation
Binding
Assertion
Assertion
Signature r = xyzr = xyz
r=”xyz”
31On Breaking SAML: Be Whoever You Want to Be Juraj Somorovsky, 21st USENIX Security Symposium 31
Overview
1. SAML Assertion2. Securing SAML with XML Signature3. XML Signature Wrapping Attacks4. Practical Evaluation5. Countermeasures6. Conclusion
32On Breaking SAML: Be Whoever You Want to Be Juraj Somorovsky, 21st USENIX Security Symposium 32
• We showed critical Signature Wrappings in SAML, 12 out of 14 frameworks affected!
• All providers informed• Signature Wrapping known since 2005, but:
• Not in focus of research community• Nearly all implementations are vulnerable• Not easy to fix: many permutations, vulnerable libraries
• Be aware of Signature Wrapping when applying:• In Web Services• SAML
•Beyond XML: Could be applied in all the scenarios where different processing modules have different views on documents
Conclusion
33On Breaking SAML: Be Whoever You Want to Be Juraj Somorovsky, 21st USENIX Security Symposium
Thank you for your attention
Juraj Somorovsky1, Andreas Mayer2, Jörg Schwenk1, Marco Kampmann1, and Meiko Jensen1
1Horst-Görtz Institute for IT-Security, Ruhr-University Bochum2Adolf Würth GmbH & Co. KG
34On Breaking SAML: Be Whoever You Want to Be Juraj Somorovsky, 21st USENIX Security Symposium 34