We think you have liked this presentation. If you wish to download it, please recommend it to your friends in any social system. Share buttons are a little bit lower. Thank you!
Presentation is loading. Please wait.
Published byJanice Simpson
Modified about 1 year ago
deeper Security Analysis of Web-based Identity Federation Apurva Kumar IBM Research – India
© Copyright IBM Corporation 2011 Context 2 Analyzing security of web-based ‘transaction protocols’ presents new challenges. User interacting with multiple service providers using a browser. Trust between service providers. Usage of well-known mechanisms like SSL/TLS. These protocols are characterized by: Examples include: web single sign-on, identity linking, third party delegation. In this paper, we focus on web based federation workflow used to link user accounts across domains..
© Copyright IBM Corporation 2011 Challenges 3 Support for principals without identifying keys. Support for principal without global identities Support for reasoning about user actions. Need to provide primitives for standard mechanisms like SSL/TLS. Need to support attacks specific to browser-based communication, e.g. CSRF. Techniques for analyzing cryptographic protocols need to be adapted for the web: web protocol analysis can be greatly simplified using a much more restrictive model designed for secure (SSL/TLS) communication. inducing an honest principal into unintentionally sending messages (including secrets) to a server chosen by the attacker, manipulating redirection URLs etc. Why Dolev-Yao model is not ideally suited for web protocols
© Copyright IBM Corporation 2011 Two contrasting styles 4 Advantages: Efficiently computable formulations, High abstraction level, establish what a protocol achieves. Drawbacks: Difficult to analyze protocols vulnerable to certain types of active attacks. Do not automatically generate attack traces. Inference Construction: Use inference in specialized logics to reason about belief established by a protocol. Examples: BAN logic [BAN], [AT], [GNY], [AUTLOG], [SETHEO],[EVES] Advantages: More rigorous and cover wider range of attacks. Generate counter- examples/attack traces. Drawbacks: State-space explosion problem. Complex intruder model. Attack Construction: Construct attacks by modeling an intruder and algebraic properties of the messages being transmitted. Use model checkers to find flaws. Examples: [DOL], [LOW], [STRAND], [AVISPA], [PROVERIF], [SCYTHER].
© Copyright IBM Corporation 2011 Motivation for Hybrid Approach 5 In the absence of identifying keys and global identities, users are identified by actions they have recently performed. Secrets are used to associate actions with users. Establishing agreement between service providers about context of the transaction. This can be achieved using a BAN style belief analysis. Ensuring that tokens identifying users cannot be stolen or misused. Model checking approaches have been extensively used to study secrecy property Establishing security of web protocols involves two key elements:
© Copyright IBM Corporation 2011 Overview of Hybrid Approach 6 In the first stage of analysis, we use an extension of BAN in which some common web mechanisms have been formalized. For the second stage, we use a generic model for web protocols using Alloy – a SAT based model analysis tool – to analyze secrecy. Conclusions from belief analysis are used to further constrain the protocol model. Results in simplifications that drastically reduce the search-space needed to be explored by the model-checker.
© Copyright IBM Corporation 2011 Overview of Hybrid Approach 7 Idealization Protocol Spec Forward chaining using BAN logic. Ignore terms that represent neither secrets nor nonces. Retain only those messages that require possession of keys that are not public. Simplified Spec General Protocol Model in Alloy Alloy model incorporating results of BAN analysis. Alloy Analyzer BAN fomulae Correspondence about session and token parameters. Counter Example Goal Spec
© Copyright IBM Corporation 2011 Inference Rules: BAN 8 8 Message Origin Nonce Verification Jurisdiction Rule Operators Believes | , Sees, |~ Says, |=> Controls
© Copyright IBM Corporation 2011 New Inference Rules 9 9 Rules to associate actions with users.
© Copyright IBM Corporation 2011 Goals for Web Protocols 10 Web protocols use tokens to communicate actions across domains. A token is associated with parameters representing the action as well as the context in which the action was performed. Agreement about token between service providers. Agreement about service provider end-points. Establishing agreement about tokens identifying actions. Establishing at a service provider that an action has been performed by an identified user. Adversary model should take into account browser-based attacks. Associating user instances with actions.
© Copyright IBM Corporation 2011 Alloy Based Web Protocol Model 11 Principals: Server and User with honest sub-classes HServer and HUser Messages: Set of cookies, set of tokens, sender, receiver, redirect URL. Protocol trace: sequence of messages. A message from an honest user to a server must include all cookies shared previously by server Constraint A Correct handling of an HTTP redirect by an honest user (Constraint B). Examples of constraints on messages and traces. A B
© Copyright IBM Corporation 2011 The Single Sign-On Workflow 12
© Copyright IBM Corporation 2011 The Account Linking Workflow 13
© Copyright IBM Corporation 2011 Attack on Account Linking Workflow 14
© Copyright IBM Corporation 2011 Conclusions 15 A novel hybrid strategy for analysis of web protocols. A framework for reasoning about user actions. Demonstration of the approach though an extremely important cross-domain ID management workflow. The issue has gone unnoticed in previous SAML analyses. Shows that definition of authentication can be considerably different when the same protocol is used for different goals. We identify insecurity in the account linking workflow.. We propose fix for the workflow and discuss implementation in leading web protocols: SAML and OpenID.
Presenter Mohamed K. Kamara. Presentation Topic Improving the Granularity of Access Control for Windows 2000 Granularity: Relative fineness to which an.
Security attacks. - confidentiality: only authorized parties have read access to information - integrity: only authorized parties have write access to.
Nica Valentin–Danut SEM 2012 Service system fundamentals: Work system, value chain, and life cycle.
Agent Based Software Development Michael Luck, Ronald Ashri and Mark dInverno Chapter 4: Methodologies and Modeling Languages.
07/09/2014 Agay Spring School, March'02 Mobility 2 : Mobile Values Cédric Fournet Microsoft Research Cambridge (joint work with Martin Abadi)
Of An Expert System. Introduction What is AI? Intelligent in Human & Machine? What is Expert System? How are Expert System used? Elements of ES Who are.
Automated eContract Negotiation in Web Service Environment: Trust Management and Electronic Contract Management Aspects Doctoral student Marius Šaučiūnas.
Chapter 6 Architectural Design Slide 1 Chapter 6 Architectural Design.
University of Twente The Netherlands Centre for Telematics and Information Technology Verification of Security Protocols Sandro Etalle
Introduction to Network Security INFSCI 1075: Network Security Amir Masoumzadeh.
Security - Authentication Protocols and Authorisation CS3517 Distributed Systems and Security Lecture 21.
Introduction to Protocols: Entity Authentication, Key Establishment, Integrity/Message Authentication, Confidentiality INFSCI 1075: Network Security –
Primer Maryann Hondo, IBM Umit Yalcinalp, SAP. Current Proposal Introduction The WS-Policy specification defines a policy to be a collection of policy.
Ch:8 Design Concepts S.W Design should have following quality attribute: –Functionality –Usability –Reliability –Performance –Supportability (extensibility,
Session Management in Web Applications Author: EUROSEC GmbH Chiffriertechnik & Sicherheit Tel: / 60850, © EUROSEC GmbH Chiffriertechnik.
A Method for Validating Software Security Constraints Filaret Ilas Matt Henry CS 527 Dr. O.J. Pilskalns.
Chapter 6 – Architectural Design 1Chapter 6 Architectural design Software Engineering Ian Sommerville, Software Engineering, 9 th Edition Pearson.
GENI Distributed Services Preliminary Requirements and Design Tom Anderson and Amin Vahdat (co-chairs) David Andersen, Mic Bowman, Frans Kaashoek, Arvind.
December 2009 Data Integration in Grid Environments Alex Poulovassilis, Birkbeck, U. of London.
Architectural Design IS301 – Software Engineering Lecture # 14 – M. E. Kabay, PhD, CISSP Dept of Computer Information Systems Norwich University.
Data Mining for Web Personalization Presented by the Highflyers group.
Workshop ESS NET ON MICRO DATA LINKING AND DATA WAREHOUSING IN STATISTICAL PRODUCTION 22 & 23 SEPTEMBER 2011 “Mapping the GSBPM on a SDW architecture”
Identity and Locators in IPv6 IAB Meeting IETF 60 August 2004.
Secure Data Storage in Cloud Computing Submitted by A.Senthil Kumar( ) C.Karthik( ) H.Sheik mohideen( ) S.Lakshmi rajan( )
Supporting further and higher education Pedagogic Evaluation Helen Beetham Consultant in Pedagogy JISC e-learning programme.
Grid Security Alvaro Arenas e-Science Centre, RAL, UK CoreGRID Summer School 2006.
© Gerald Kotonya and Ian Sommerville Methods for Requirements Engineering.
Software Reuse and Component-Based Software Engineering CIS 376 Bruce R. Maxim UM-Dearborn.
Agent Based Software Development Michael Luck, Ronald Ashri and Mark dInverno.
Universally Composable Symbolic Analysis of Cryptographic Protocols Ran Canetti and Jonathan Herzog 6 March 2006 The author's affiliation with The MITRE.
© 2016 SlidePlayer.com Inc. All rights reserved.