SAML Security Analysis. Huang Zheng Xiong Jiaxi Ren Sijun

Transcription

1 SAML Security Analysis Huang Zheng Xiong Jiaxi Ren Sijun

2 outline The intorduction of SAML SAML use case The manner of SAML working Security risks on SAML Security policy on SAML Summary my course report 2

3 The intorduction of SAML:Definition Security Assertion Markup Language (SAML) is an XML standard for exchanging authentication and authorization data between entities SAML is a product of the OASIS Security Services Technical Committee: 3

4 The intorduction of SAML:Versions SAML 1.0 was adopted as an OASIS standard in Nov 2002 SAML 1.1 was ratified as an OASIS standard in Sep 2003 SAML 2.0 became an OASIS standard in Mar

5 The intorduction of SAML:Standards SAML is built upon the following technology standards: Extensible Markup Language (XML) XML Schema XML Signature XML Encryption (SAML 2.0 only) Hypertext Transfer Protocol (HTTP) SOAP 5

6 The intorduction of SAML:Components Assertions: Authentication, Attribute and Authorization information Protocol: Request and Response elements for packaging assertions Bindings: How SAML Protocols map onto standard messaging or communication protocols Profiles: How SAML protocols, bindings and assertions combine to support a defined use case Profiles Bindings Protocol Assertions 6

7 The intorduction of SAML:Why SAML? Permissions management data is currently handled in mostly proprietary ways, among tightly coupled modules in a single security domain. Web is loosely coupled, consisting of many security domains. A standard is needed to govern the transfer of assertions between domains. 7

8 SAML Use Case: SSO 1. authenticate site1 (security domain 1) asserting party user 2. access resource user is authenticated at site1; then accesses a resource at site2 site2 (security domain 2) 8 relying party

9 SAML Use Case: authorization relying party 1. access resource policy enforcement point user 2. check permission same security domain authorization decision not made at site of resource policy decision point asserting party 9

10 SAML Use Case: Why SAML? Cookies don t do it Cookie (signed with server s private key) can be used for reauthentication at a particular server, but is of no use at a different server Cross domain authentication currently requires proprietary SSO software SAML intended as a Web standard that will supercede proprietary software 10

11 The manner of SAML working Browser/Artifact Browser, authenticated at site1 (asserting party) requests access to a resource at site2 (relying party). site1 creates a protocol message containing an authentication statement and a reference to that message called an artifact site2 pulls the protocol message from site1 using the artifact 11

12 Artifact A string consisting of Identity of source site (asserting party) Reference to a protocol message at source site Use: relying party wants to retrieve assertions in a protocol message at the asserting party; supplies an artifact that identifies the message 12

13 Artifact Pull Model site2 SAML protocol relying party, R resource, X (5) SAMLreq(artif) SAMLresp(M) (4) asserting party, P message, M 1. U creates authenticated browser, U session with P 2. U requests access to X (through P). 3. P creates protocol msg, M, containing assertion about U, and an artifact referring to M 4. Access, containing artifact, is redirected from P to R through browser 5. R pulls M (identified by artifact) from P (2) (1) artif is an artifact referencing M (3) site1 13

14 Browser/Post Model relying party resource, X asserting party assertion, A (3) site2 (4) (2) (1) site1 browser, U 1. U creates authenticated session 2. U accesses remote resource X through asserting party. 3. A asserts fact about U 4. Access, containing signed assertion, is redirected (pushed) through browser to relying party (signature required since assertion is routed through browser) 14

15 Risks on SAML Risk Spreading there are security risks the spread of the problem, namely, if an attacker to steal the legitimate user authentication certificate, can pretend to be legitimate users access to all resources 15

16 Risks on SAML Replay Attack A typical SAML 1.1 assertion: <saml:assertion xmlns:saml="urn:oasis:names:tc:saml:1.0:assertion " MajorVersion="1" MinorVersion="1" AssertionID="a75adf55-01d7-40cc-929fdbd8372ebdfc" IssueInstant=" T09:22:02Z" Issuer=" <saml:conditions NotBefore=" T09:17:02Z" NotOnOrAfter=" T09:27:02Z"/> <!-- insert statement here --> </saml:assertion> 16

17 Risks on SAML man-in-the-middle attack 17

18 Risks on SAML denial of service attack 18

19 Security Policy on SAML Spread Risk Security Policy For through the legitimate user login authentication, for user generated by IDP status notes, in the authentication ticket, delimits the scope of users to access the service address list and time limit 19

20 Security Policy on SAML Replay attacks on security policy Solution one: Reasonable set up effectively the validity of the assertion is particularly important, but it cannot completely solve the replay attack Solution two: SAML is follow the XML standard. As a result, can in the session layer is encrypted so that the attacker completely don't have access to any content that is transferred 20

21 Security Policy on SAML Man-in-the-middle attack security policy 21

22 Security Policy on SAML Denial of service attack security policy 1 The session layer user authentication 2 The request message signature 3 Limit users can send requested information 22

23 Summary My Report Detailed introduces the related knowledge of SAML This course report explores the analysis of the SAML SSO exist some safety risks and proposed the corresponding security strategy, to build security based on SAML SSO system has important reference significance and value 23

24 THANK YOU 24