On Breaking SAML: Be Whoever You Want to Be

  • Published on
    23-Feb-2016

  • View
    58

  • Download
    0

Embed Size (px)

DESCRIPTION

Juraj Somorovsky 1 , Andreas Mayer 2 , Jrg Schwenk 1 , Marco Kampmann 1 , and Meiko Jensen 1 1 Horst-Grtz Institute for IT-Security, Ruhr-University Bochum 2 Adolf Wrth GmbH & Co. KG. On Breaking SAML: Be Whoever You Want to Be. Motivation Single Sign -On. - PowerPoint PPT Presentation

Transcript

OWASP

On Breaking SAML: Be Whoever You Want to BeJuraj Somorovsky1, Andreas Mayer2, Jrg Schwenk1, Marco Kampmann1, and Meiko Jensen1

1Horst-Grtz Institute for IT-Security, Ruhr-University Bochum2Adolf Wrth GmbH & Co. KG

Nr.On Breaking SAML: Be Whoever You Want to Be Juraj Somorovsky, 21st USENIX Security Symposium1

Service ProviderMotivation Single Sign-On2

Identity Provider

Website Visit and redirectUser: BobRole: guest

User: BobRole: guest

User: BobRole: guest

Too many identities / passwordsSolution: Single Sign-On

Advantages: one password for users, no password management for Service Providers

Nr.On Breaking SAML: Be Whoever You Want to Be Juraj Somorovsky, 21st USENIX Security SymposiumOpenIDOAuthSecurity Assertion Markup Language (SAML)OASISWeb Services or browser-based Single Sign-OnAuthentication Statements stored in Assertions3Motivation Single Sign-On

Nr.On Breaking SAML: Be Whoever You Want to Be Juraj Somorovsky, 21st USENIX Security Symposium

Service ProviderMotivation Single Sign-OnHow do we secure the messages? Does SSL / TLS help?

Messages secured only during transport!4

Identity Provider

Website Visit and redirectUser: BobRole: guest

User: BobRole: guest

User: BobRole: guest

Nr.On Breaking SAML: Be Whoever You Want to Be Juraj Somorovsky, 21st USENIX Security SymposiumUser: BobRole: guest

Service ProviderMotivation Single Sign-OnDoes SSL / TLS help?

Need for message level security!5

Identity Provider

Website Visit and redirectUser: BobRole: guest

User: BobRole: guest

User: AdminRole: Admin

User: AdminRole: Admin

Nr.On Breaking SAML: Be Whoever You Want to Be Juraj Somorovsky, 21st USENIX Security SymposiumMessage level security?

Realized using XML SignaturesAre we secure?

Service ProviderMotivation Single Sign-On6

Identity Provider

Website Visit and redirectUser: BobRole: guest

User: BobRole: guest

User: BobRole: guest

User: AdminRole: Admin

Nr.On Breaking SAML: Be Whoever You Want to Be Juraj Somorovsky, 21st USENIX Security Symposium7OverviewSecuring SAML with XML SignatureXML Signature Wrapping AttacksPractical EvaluationPenetration Test LibraryCountermeasuresConclusion

Nr.On Breaking SAML: Be Whoever You Want to Be Juraj Somorovsky, 21st USENIX Security Symposium7 www.SecureIdP.com Bob@SecureIdP.com www.SecureSP.com

8SAML AssertionAssertionSubjectIssuerNameIDConditionsAudienceSecureIdPBobSecureSPNr.On Breaking SAML: Be Whoever You Want to Be Juraj Somorovsky, 21st USENIX Security Symposium9Securing SAML with XML SignatureAssertionSubjectBindingSignatureValueSignatureSignedInfoReferenceURI=#123DigestValueId=123SubjectAssertionSignatureValueSignatureSignedInfoReferenceURI=#123DigestValueId=123BobBobTwo typical usages

BindingNr.On Breaking SAML: Be Whoever You Want to Be Juraj Somorovsky, 21st USENIX Security Symposium10Securing SAML with XML SignatureAssertionSubjectBindingSignatureValueSignatureSignedInfoReferenceURI=#123DigestValueId=123BobNaive (typical) processing:Signature validation: Id-basedAssertion evaluation: /Binding/Assertion/Subject

Signature VerificationAssertion EvaluationAssertionSubjectBindingSignatureValueSignatureSignedInfoReferenceURI=#123DigestValueId=123BobBobvalidNr.On Breaking SAML: Be Whoever You Want to Be Juraj Somorovsky, 21st USENIX Security Symposium11OverviewSecuring SAML with XML SignatureXML Signature Wrapping AttacksPractical EvaluationPenetration Test LibraryCountermeasuresConclusion

Nr.On Breaking SAML: Be Whoever You Want to Be Juraj Somorovsky, 21st USENIX Security Symposium1112XML Signature Wrapping Attack on SAMLPlace the original Assertion including its Binding element into another elementChange the Id of the original elementThe Reference now points to the original element: signature is validInsert a new Assertion

AssertionSubjectBindingSignatureSignedInfoReferenceURI=#123Id=123BobAssertionSubjectBindingId=123BobId=evilAssertionSubjectAdminBinding

Nr.On Breaking SAML: Be Whoever You Want to Be Juraj Somorovsky, 21st USENIX Security Symposium13XML Signature Wrapping Attack on SAML

Signature VerificationAssertion EvaluationvalidAdminAssertionSubjectBindingSignatureSignedInfoReferenceURI=#123Id=123BobAssertionSubjectBindingId=123BobId=evilAssertionSubjectAdminBindingAssertionSubjectBindingSignatureSignedInfoReferenceURI=#123Id=123BobAssertionSubjectBindingId=123BobId=evilAssertionSubjectAdminBinding

Nr.On Breaking SAML: Be Whoever You Want to Be Juraj Somorovsky, 21st USENIX Security Symposium14XML Signature Wrapping Attack on SAML Threat model

Change arbitrary data in the Assertion: Subject, Timestamp ...Attacker: everybody who can gain a signed Assertion...Registering by the Identity ProviderMessage eavesdroppingGoogle Hacking

Single Point of Failure!

Nr.On Breaking SAML: Be Whoever You Want to Be Juraj Somorovsky, 21st USENIX Security SymposiumUser: BobRole: guest

Service ProviderXML Signature Wrapping Attack on SAML

Identity ProviderUser: BobRole: guest

User: BobRole: guest

User: AdminRole: Admin

User: AdminRole: Admin

AssertionBindingSignatureSignedInfoReferenceURI=#123Id=123Bob15BindingSignatureSignedInfoReferenceURI=#123Id=123AssertionBindingId=123BobId=evilAssertionAdminBindingNr.On Breaking SAML: Be Whoever You Want to Be Juraj Somorovsky, 21st USENIX Security SymposiumXML Signature Wrapping Attack on SAMLHow about them?Framework / ProviderBindingApplicationApache Axis 2SOAPWSO2 Web ServicesGuanxiHTTPSakai Project (www.sakaiproject.org)Higgins 1.xHTTPIdentity projectIBM Datapower XS40SOAPEnterprise XML Security GatewayJOSSOHTTPMotorola, NEC, RedhatWIFHTTPMicrosoft Sharepoint 2010OIOSAMLHTTPDanish eGovernment (e.g. www.virk.dk)OpenAMHTTPEnterprise-Class Open Source SSOOneLoginHTTPJoomla, Wordpress, SugarCRM, DrupalOpenAthensHTTPUK Federation (www.eduserv.org.uk)OpenSAMLHTTPShibboleth, SuisseIDSalesforceHTTPCloud Computing and CRMSimpleSAMLphpHTTPDanish e-ID Federation (www.wayf.dk)WSO2HTTPeBay, Deutsche Bank, HP

16Nr.On Breaking SAML: Be Whoever You Want to Be Juraj Somorovsky, 21st USENIX Security Symposium17OverviewSecuring SAML with XML SignatureXML Signature Wrapping AttacksPractical EvaluationPenetration Test LibraryCountermeasuresConclusion

Nr.On Breaking SAML: Be Whoever You Want to Be Juraj Somorovsky, 21st USENIX Security Symposium17XML Signature Wrapping Attack on SAML ResultsAssertionSubjectBindingSignatureSignedInfoReferenceURI=#123Id=123BobAssertionSubjectBindingId=123BobId=evilAssertionSubjectAdminBindingGuanxi, JOSSOWSO2AssertionSubjectBindingSignatureSignedInfoReferenceURI=#123Id=123BobAssertionSubjectBindingId=123BobId=evilAssertionSubjectAdminBinding18Nr.On Breaking SAML: Be Whoever You Want to Be Juraj Somorovsky, 21st USENIX Security SymposiumXML Signature Wrapping Attack on SAML ResultsBindingSignatureSignedInfoReferenceURI=#123AssertionSubjectId=123BobId=evilAssertionSubjectAdminBindingHiggins, Apache Axis2, IBM XS 40OpenAM, SalesforceBindingSignatureSignedInfoReferenceURI=#123AssertionSubjectId=123BobId=evilAssertionSubjectAdmin19Nr.On Breaking SAML: Be Whoever You Want to Be Juraj Somorovsky, 21st USENIX Security SymposiumAttack on OpenSAML20Is Signature Wrapping always that easy?

OpenSAML implemented a few countermeasures:Checked if the signed assertion has the same ID value as the processed oneValidated XML SchemaNot possible to insert two elements with the same ID values

Nr.On Breaking SAML: Be Whoever You Want to Be Juraj Somorovsky, 21st USENIX Security SymposiumAttack on OpenSAML21ID values checking: Basic idea using two identical ID valuesXML Schema validation:Put the Assertion into an extensible element (e.g. )Two identical ID attributes (XML Xerces Parser bug)

Which element is verified? C++ takes the first found elementAssertionSubjectBindingSignatureSignedInfoReferenceURI=#123BobAssertionSubjectExtensionsId=123BobAssertionSubjectAdminId=123OpenSAML C++

Nr.On Breaking SAML: Be Whoever You Want to Be Juraj Somorovsky, 21st USENIX Security SymposiumAttack on OpenSAML22AssertionSubjectBindingSignatureSignedInfoReferenceURI=#123BobAssertionSubjectExtensionsId=123BobAssertionSubjectAdminId=123OpenSAML C++ referencesthe first found elementOpenSAML Java referencesthe last found elementAssertionSubjectBindingSignatureSignedInfoReferenceURI=#123BobAssertionSubjectObjectId=123BobAssertionSubjectAdminId=123Nr.On Breaking SAML: Be Whoever You Want to Be Juraj Somorovsky, 21st USENIX Security SymposiumBeyond Signature Wrapping: Signature Exclusion23Lame but

Worked against:Apache Axis2JOSSOOpenAthens AssertionSubjectBindingSignatureSignedInfoReferenceURI=#123BobAssertionSubjectId=123BobAssertionSubjectAdmin

Nr.On Breaking SAML: Be Whoever You Want to Be Juraj Somorovsky, 21st USENIX Security SymposiumSAML Signature Wrapping Summary24Framework / ProviderSignature ExclusionSignature WrappingApache Axis 2XXGuanxiXHiggins 1.xXIBM Datapower XS40XJOSSOXXWIFOIOSAMLXOpenAMXOneLoginXOpenAthensXOpenSAMLXSalesforceXSimpleSAMLphpWSO2X

Danish eGovernment Shibboleth, SwissID Enterprise ApplicationsJoomla, Wordpress, SugarCRM, DrupalNr.On Breaking SAML: Be Whoever You Want to Be Juraj Somorovsky, 21st USENIX Security Symposium25OverviewSecuring SAML with XML SignatureXML Signature Wrapping AttacksPractical EvaluationPenetration Test LibraryCountermeasuresConclusion

Nr.On Breaking SAML: Be Whoever You Want to Be Juraj Somorovsky, 21st USENIX Security Symposium25Considered all the attack vectors:Different permutations of signed / processed AssertionsId processingSignature exclusion attacksXML Schema extensionsFurther attacks on Salesforce interfaceWill be included in our WS-Attacker frameworkhttp://ws-attacker.sourceforge.net/

26Penetration Test LibraryNr.On Breaking SAML: Be Whoever You Want to Be Juraj Somorovsky, 21st USENIX Security Symposium26262627OverviewSecuring SAML with XML SignatureXML Signature Wrapping AttacksPractical EvaluationPenetration Test LibraryCountermeasuresConclusion

Nr.On Breaking SAML: Be Whoever You Want to Be Juraj Somorovsky, 21st USENIX Security Symposium27General problem: different processing modules have different views on documents

28CountermeasuresSignature VerificationAssertion EvaluationValid /InvalidId-based/Binding/Assertion/SubjectAssertionSubjectBindingSignatureValueSignatureSignedInfoReferenceURI=#123DigestValueId=123BobUserNr.On Breaking SAML: Be Whoever You Want to Be Juraj Somorovsky, 21st USENIX Security Symposium282828Forward only signed elementsAlso called see-only-what-is-signed

29Countermeasure 1: Strict FilteringBindingAssertionAssertionSignature VerificationSignatureBindingAssertionAssertion EvaluationNr.On Breaking SAML: Be Whoever You Want to Be Juraj Somorovsky, 21st USENIX Security Symposium292929Signature verification generates a random number rThe verified data is tainted with rr is forwarded to the Assertion evaluation logic

30Countermeasure 2: Data TaintingBindingAssertionAssertionSignature VerificationSignatureAssertion EvaluationBindingAssertionAssertionSignaturer = xyzr = xyzr=xyzNr.On Breaking SAML: Be Whoever You Want to Be Juraj Somorovsky, 21st USENIX Security Symposium30303031OverviewSAML AssertionSecuring SAML with XML SignatureXML Signature Wrapping AttacksPractical EvaluationCountermeasuresConclusion

Nr.On Breaking SAML: Be Whoever You Want to Be Juraj Somorovsky, 21st USENIX Security Symposium31We showed critical Signature Wrappings in SAML, 12 out of 14 frameworks affected!All providers informedSignature Wrapping known since 2005, but:Not in focus of research communityNearly all implementations are vulnerableNot easy to fix: many permutations, vulnerable librariesBe aware of Signature Wrapping when applying:In Web ServicesSAMLBeyond XML: Could be applied in all the scenarios where different processing modules have different views on documents32Conclusion

Nr.On Breaking SAML: Be Whoever You Want to Be Juraj Somorovsky, 21st USENIX Security Symposium323232Thank you for your attentionJuraj Somorovsky1, Andreas Mayer2, Jrg Schwenk1, Marco Kampmann1, and Meiko Jensen1

1Horst-Grtz Institute for IT-Security, Ruhr-University Bochum2Adolf Wrth GmbH & Co. KG

Nr.On Breaking SAML: Be Whoever You Want to Be Juraj Somorovsky, 21st USENIX Security Symposium33Responsible Disclosure34Apache Axis 205.04.2011???Guanxi25.07.2011???Higgins 1.x24.04.2011OpenIBM XS40Oct 2011??JOSSO18.02.2011March 2011OIOSAML25.07.201103.08.2011OpenAM03.12.201107.12.2011OneLogin03.06.2011???OpenAthens29.07.201105.08.2011OpenSAML18.07.201125.07.2011Salesforce03.06.201113.06.2011WSO216.02.201118.07.2011

Nr.On Breaking SAML: Be Whoever You Want to Be Juraj Somorovsky, 21st USENIX Security Symposium343434

Recommended

View more >