SECURITY THREAT IDENTIFICATION AND TESTING FOR SECURITY PROTOCOLS

Similar documents
Automatic Analysis of Browser-based Security Protocols

Security and Privacy Concern for Single Sign-on Protocols

An Authentication Flaw in Browser-based Single Sign-On Protocols: Impact and Remediations

Masdar Institute Single Sign-On: Standards-based Identity Federation. John Mikhael ICT Department

Evaluation of different Open Source Identity management Systems

SAML SSO Configuration

Addressing threats to real-world identity management systems

Enabling Federation and Web-Single Sign-On in Heterogeneous Landscapes with the Identity Provider and Security Token Service Supplied by SAP NetWeaver

Identity Federation Broker for Service Cloud

SSOScan: Automated Testing of Web Applications for Single Sign-On vulnerabilities

PingFederate. SSO Integration Overview

OpenSSO: Simplify Your Single-Sign-On Needs. Sang Shin Java Technology Architect Sun Microsystems, inc. javapassion.com

Step-by-Step guide for SSO from MS Sharepoint 2010 to SAP EP 7.0x

The increasing popularity of mobile devices is rapidly changing how and where we

SAML-Based SSO Solution

Configuring EPM System for SAML2-based Federation Services SSO

SAP Single Sign-On 2.0 Overview Presentation

WHITEPAPER SAML ALONE IS NOT SECURE - HERE S HOW TO FIX IT

TrustedX: eidas Platform

Interoperate in Cloud with Federation

New Single Sign-on Options for IBM Lotus Notes & Domino IBM Corporation

A Standards-based Mobile Application IdM Architecture

OpenLogin: PTA, SAML, and OAuth/OpenID

DualShield SAML & SSO. Integration Guide. Copyright 2011 Deepnet Security Limited. Copyright 2011, Deepnet Security. All Rights Reserved.

Cloud Computing. Chapter 5 Identity as a Service (IDaaS)

Configuring Single Sign-on from the VMware Identity Manager Service to WebEx

Gateway Apps - Security Summary SECURITY SUMMARY

Single Sign On (SSO) Implementation Manual. For Connect 5 & MyConnect Sites

Single Logout. TF-EMC Vienna 17 th February Kristóf Bajnok NIIF Institute

SAP NetWeaver Fiori. For more information, see "Creating and enabling a trusted provider for Centrify" on page

Cloud Single Sign-On and On-Premise Identity Federation with SAP NetWeaver Cloud White Paper

The Role of Federation in Identity Management

SAML Authentication Quick Start Guide

Agenda. How to configure

SAP NetWeaver Single Sign-On. Product Management SAP NetWeaver Identity Management & Security June 2011

SESSION IDENTIFIER ARE FOR NOW, PASSWORDS ARE FOREVER

Unlock the Value of Your Microsoft and SAP Software Investments

JVA-122. Secure Java Web Development

Auditing the Security of an SAP HANA Implementation

Automated Testing of SAML 2.0 Service Providers. Andreas Åkre Solberg UNINETT

OSOR.eu eid/pki/esignature Community Workshop in Brussels, 13. November 2008 IT Architect Søren Peter Nielsen - spn@itst.dk

Samsung KNOX EMM Authentication Services. SDK Quick Start Guide

Improving Security and Productivity through Federation and Single Sign-on

Configuring Single Sign-on from the VMware Identity Manager Service to ServiceNow

This chapter describes how to use the Junos Pulse Secure Access Service in a SAML single sign-on deployment. It includes the following sections:

Egnyte Single Sign-On (SSO) Installation for OneLogin

Formal analysis of Facebook Connect Single Sign-On authentication protocol

ABOUT TOOLS4EVER ABOUT DELOITTE RISK SERVICES

WHITEPAPER SECUREAUTH AND CAC HSPD-12 AUTHENTICATION TO WEB, NETWORK, AND CLOUD RESOURCES

Getting Started with Single Sign-On

PingFederate. Integration Overview

SAML Authentication with BlackShield Cloud

Adding Stronger Authentication to your Portal and Cloud Apps

SAML AS AN SSO STANDARD FOR CUSTOMER IDENTITY MANAGEMENT. How to Create a Frictionless, Secure Customer Identity Management Strategy

Architecture Guidelines Application Security

Case Study: SSO for All: SSOCircle Makes Single Sign-On Available to Everyone

Open Source Identity Integration with OpenSSO

Improving Security and Privacy of Integrated Web Applications

PARTNER INTEGRATION GUIDE. Edition 1.0

Zendesk SSO with Cloud Secure using MobileIron MDM Server and Okta

Dell One Identity Cloud Access Manager How to Configure for SSO to SAP NetWeaver using SAML 2.0

Implementation Guide SAP NetWeaver Identity Management Identity Provider

Federated Identity Management Solutions

Identity Management in Liferay Overview and Best Practices. Liferay Portal 6.0 EE

SECURING SAP NETWEAVER DEPLOYMENTS WITH SAFE-T RSACCESS

SAML Security Option White Paper

Federated Identity for Cloud Computing and Cross-organization Collaboration

AAI for Mobile Apps How mobile Apps can use SAML Authentication and Attributes. Lukas Hämmerle

SAML single sign-on configuration overview

Siebel CRM On Demand Single Sign-On. An Oracle White Paper December 2006

Copyright: WhosOnLocation Limited

The Essential OAuth Primer: Understanding OAuth for Securing Cloud APIs

Tenrox. Single Sign-On (SSO) Setup Guide. January, Tenrox. All rights reserved.

SECUREAUTH IDP AND OFFICE 365

CA SiteMinder. Federation Security Services Release Notes. r12.0 SP3

How To Use Saml 2.0 Single Sign On With Qualysguard

SAML Single-Sign-On (SSO)

SERENA SOFTWARE Serena Service Manager Security

Federated single sign-on (SSO) and identity management. Secure mobile access. Social identity integration. Automated user provisioning.

Why Cloud Platforms are the Secret Weapon to Make Your Business More Agile and Competitive

SEC100 Secure Authentication and Data Transfer with SAP Single Sign-On. Public

Computer Systems Security 2013/2014. Single Sign-On. Bruno Maia Pedro Borges

HP Software as a Service

SAML and OAUTH comparison

Centrify Mobile Authentication Services for Samsung KNOX

This way, Bluewin will be able to offer single sign-on for service providers within the circle.

The Devil is Phishing: Rethinking Web Single Sign On Systems Security. Chuan Yue USENIX Workshop on Large Scale Exploits

Centrify Mobile Authentication Services

EXTENDING SINGLE SIGN-ON TO AMAZON WEB SERVICES

SAML Federated Identity at OASIS

Perceptive Experience Single Sign-On Solutions

Transcription:

Sophia Antipolis, French Riviera 20-22 October 2015 SECURITY THREAT IDENTIFICATION AND TESTING FOR SECURITY PROTOCOLS Presented by Luca Compagna (SAP SE) (joint work with Roberto Carbone, Annibale Panichella, Serena Ponta) All rights reserved

Context: Multi-Party Web Applications Many modern web applications relies on TTPs to deliver services to their Users e.g., 27% of Alexa top 1000 uses Facebook SSO Based on: protocols (interoperability) bilateral trust relationships TTPs are assumed to be trustworthy But neither SP nor C are assumed so

Challenges and Motivations Several vulnerabilities reported in literature Mainly implementation issues, but also design ones Challenges include: highly configurable protocols, interpretation of the specifications internal requirements, total cost for development (TCD) lack of (security) testing, but also lack of tool support for developers 0[1] Account hijacking by leaking authorization code. http://www.oauthsecurity.com/. [21] Armando, A., Carbone, R., Compagna, L., Cuellar, J., Pellegrino, G., and Sorniotti, A. From multiple credentials to browser-based single sign-on: Are we more secure? IFIP 2011. [22] Armando, A., Carbone, R., Compagna, L., Cuellar, J., and Tobarra, L. Formal Analysis of SAML 2.0 Web Browser Single Sign-On: Breaking the SAML-based Single Sign-On for Google Apps. FMSE 2008 [24] Bai, G., Lei, J., Meng, G., Venkatraman, S. S., Saxena, P., Sun, J., Liu, Y., and Dong, J. S. Authscan: Automatic extraction of web authentication protocols from implementations. NDSS 2013 [30] Pellegrino, G., and Balzarotti, D. Toward black-box detection of logic flaws in web applications. NDSS 2014 [33] Sun, F., Xu, L., and Su, Z. Detecting logic vulnerabilities in e-commerce applications. NDSS 2014 [34] Wang, R., Chen, S., and Wang, X. Signing me onto your accounts through facebook and google: A traffic-guided security study of commercially deployed single-sign-on web services. S&P 2012 [36] Wang, R., Zhou, Y., Chen, S., Qadeer, S., Evans, D., and Gurevich, Y. Explicating SDKs: Uncovering assumptions underlying secure authentication and authorization. USENIX 2013

Illustrative example Developing and deploying SAML SSO Assumption: All HTTPS channels Goal: SP shall authenticate C WHAT-IF: IdP require signed SAML requests? WHAT-IF: SP field is not within the Assertion? Goal: resource shall be confidential WHAT-IF: SP does not store/check ID SAML2 comes with many profiles, protocols, optional attributes, etc... + Internal requirements = several WHAT-IF

Illustrative example Developing and deploying SAML SSO source: few screen-shots of the SAP NetWeaver SAML Next Generation Single Sign On

Illustrative example Developing and deploying SAML SSO Purpose: identify SAFE vs UNSAFE configurations in the WHAT-IF space

Illustrative example Developing and deploying SAML SSO Purpose: identify SAFE vs UNSAFE configurations in the WHAT-IF space

Our solution identify SAFE vs UNSAFE configurations in the WHAT-IF space Threat identification at design-time via model-checking Model-based testing rigorous, but viable for an industrial setting accessibility / usability automation / integration cost-benefit ratio (TCO)

Our solution (cont.) Sequence Diagram (informal model) Front-end add-in for Enterprise Modelling Tools (SAP Power Designer) Security Annotations (XMI files) XMI Translator converts XMI files into Formal Models Model Checker SATMC performs the formal analysis Mutations mutate the formal models Test Case Execution (model-based testing)

Scenario: SAML SSO SAML 2.0 Web Browser SSO Profile: SAML-based SSO for Google Apps Novell Access Manager SimpleSAMLphp by UNINETT &RelayState=URI

Scenario: SAML SSO (demo) SAML 2.0 Web Browser SSO Profile: SAML-based SSO for Google Apps Novell Access Manager SimpleSAMLphp by UNINETT Vulnerabilities due to wrong design choices (Armando et al. Formal Analysis of SAML 2.0 Web Browser Single Sign-On: Breaking the SAML-based Single Sign-On for Google Apps. FMSE 2008) Man-in-the-middle attack due to missing fields SP and ID in the assertion X X &RelayState=URI

Scenario: SAML SSO (demo) SAML 2.0 Web Browser SSO Profile: SAML-based SSO for Google Apps Novell Access Manager SimpleSAMLphp by UNINETT Vulnerabilities due to wrong design choices (Armando et al. Formal Analysis of SAML 2.0 Web Browser Single Sign-On: Breaking the SAML-based Single Sign-On for Google Apps. FMSE 2008) Man-in-the-middle attack due to missing fields SP and ID in the assertion Design vs. Implementation (Armando et al. An authentication flaw in browser-based Single Sign-On protocols: Impact and remediations. Computers & Security 2013) XSS attack due to unrealistic assumption and missing input validation &RelayState=URI

Final remarks Proof-of-concept READY prototype integrated within SAP Power Designer other use cases under scrutiny: e.g., mobile payment commercial solution Potential end-users Architects and development teams integrating a core security protocol Security consultants analyzing a customer proprietary protocol (e-payment) Standardization bodies designing protocols and reference implementations Industrial transfer (our experience) though lowered, the TCD is still not negligible consultancy mode works well, handing over the prototype not so well

THANK YOU Contact: luca.compagna@sap.com All rights reserved

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information