Single Sign-on Systems

1. Single Sign-on Systems SS5

2. Scenario Going to travel • Sign in for booking flight ticket • Sign in for booking hotel room • Sign in for renting a car

3. Multi sign on is troublesome • Is it possible to just sign-on once to perform all the actions? • Single sign-on can be used to answer that question.

4. Introduction • What is single sign-on • How does it works • Two single sign-on systems: SAML Microsoft passport • Attack to the Microsoft passport • Advantage and disadvantage of single sign-on

5. Definitions of Single Sign-On (SSO) on the Web: Users sign onto a site only once and are given access to one or more applications in a single domain or across multiple domains. [1] A mechanism to verify a user across multiple applications through a single authentication challenge. WebSphere Portal Server uses Java Authentication and Authorization Services to achieve single sign-on. [2] One log-on provides access to all resources of the network, LAN, or WAN. [3]

6. It can be illustrated in two different scopes. One is in the client/server relationship, the other is in the e-commerce domain.

7. In Client / Server relationship • “In any client/server relationship, single sign-on is a session/user authentication process that permits a user to enter one name and password in order to access multiple applications.”[4]

8. In E-commerce • “In e-commerce, the single sign-on (sometimes referred to as SSO) is designed to centralize consumer financial information on one server- not only for the consumer's convenience, but also to offer increased security by limiting the number of times the consumer enters credit card numbers or other sensitive information used in billing.”[5]

9. How does it work?

10. Password synchronization • The password synchronization is the process of changing each password for different applications to the same value, so that the user always enters the same password. Once you install password synchronization software, users will enter the same password when they login to any of the synchronized systems, such as to their network, finance system, e-mail, calendar or the mainframe.

11. Password synchronization VSSingle sign-on

12. Password synchronization VS Single sing-on (con)

13. SAML What is SAML? SAML (Security Assertion Markup Language) an XML framework for exchanging security information over the Internet.

14. How it works • 1.The service provider received the client request, and it sent the request to Identity provider to do the client authentication. • 2.Identity provider authenticate the client, create the assertion , and pass it back to the service provider. SAML assertions can be add a SOAP Header blocks, and pass by the HTTP protocol

15. Request from the Service provider • Here, a sample SAML-compliant request is sent from a service provider requesting password authentication by the identity provider. <samlp: Request ...> <samlp: AttributeQuery> <saml: Subject> <saml: NameIdentifier SecurityDomain="sun. com" Name="rimap"/> </ saml: Subject> <saml: AttributeDesignator AttributeName="Employee_ ID" AttributeNamespace="sun. com"> </ saml: AttributeDesignator> </ samlp: AttributeQuery> </ samlp: Request>

16. Response from the Identity provider • In response, the issuing authority asserts that the subject (S) was authenticated by means (M) at time (T). <samlp: Response MajorVersion="1" MinorVersion="0" RequestID="128.14.234.20.90123456" InResponseTo="123.45.678.90.12345678" StatusCode="/features/2002/05/Success"> <saml: Assertion MajorVersion="1" MinorVersion="0" AssertionID="123.45.678.90.12345678" Issuer="Sun Microsystems, Inc." IssueInstant="2002- 01- 14T10: 00: 23Z"> <saml: Conditions NotBefore="2002- 01- 14T10: 00: 30Z" NotAfter="2002- 01- 14T10: 15: 00Z" /> <saml: AuthenticationStatement AuthenticationMethod="Password" AuthenticationInstant="2001- 01- 14T10: 00: 20Z"> <saml: Subject> <saml: NameIdentifier SecurityDomain="sun. com" Name="rimap" /> </ saml: Subject> </ saml: AuthenticationStatement> </ saml: Assertion> </ samlp: Response>

17. What is SAML composed of • Assertions • Request/response protocols • Bindings (the SOAP-over-HTTP method of transporting SAML requests and responses) • Profiles (for embedding and extracting SAML assertions in a framework or protocol)

18. .NET Passport

19. .NET Passport • Microsoft® .NET Passport - Passport single sign in service - Kids Passport service Passport supplies registered users an electronic ‘ticket’. With this ticket users are authorized to access pages in participating sites.

20. .NET Passport • An implementation of Single Sign-On system, based on the cookie mechanism. • Employing technique to prevent attacks - Captcha telling human from computers - Secure Sockets Layer (SSL)

21. .NET Passport • Registration process - Information stored in passport account - Captcha - E-mail Validation • Authentication process - Cookies written by passport - Navigate to another Participating Site - Secure Sockets Layer (SSL)

22. Passport service • Three parts in the system

23. Registration process (1) • In this example the user browses to Site A and click the “Sign In” button • The user is redirected to a co-branded registration page displaying the registration fields that were chosen by Site A. • The user reads and accepts terms of use, and submits the registration form. • The user is then redirected back to Site A with their encrypted authentication ticket and profile information attached. • Site A decrypts the authentication ticket and profile information and continues their registration process, or grants access to their site. [5]

24. Registration process (2) • Information Stored in a .NET Passport - Credential stored only within the Passport service - Profile data stored within the Passport service and shared with participating sites based on user consent

25. Registration process (2)

26. Registration process (3) • Captcha Human Interaction Protocol - telling human from computers by asking registers to type in alphanumeric characters from a picture - “bots” attackers submit thousands of fake registrations in short time

27. Registration process (3) • CAPTCHA stands for “Completely Automated Public Turing Test to Tell Computers and Humans Apart.” [6] • CAPTCHA test is a program that can generate and grade tests that: - Most humans can pass. - Current computer programs can't pass. • For example, humans can read distorted text as the one shown below but current computer programs can't:

28. Registration process (4) • E-mail Validation - service sends a welcome e-mail message to verify registration - efficiently prevent e-mail addresses confusion • Unique Identifiers When registering successfully, each account is assigned a 64-bit Passport User ID (PUID).

29. Authentication Process(1) 1. User browses to participating site or service and clicks “Sign In” button or link. 2. User is redirected to Passport.net 3. Passport checks if the user has a “Ticket Granting Cookie” (TGT) in their browser’s cookie file, if one is detected they skip to step 4 and never see the Passport login UI. If the TGT does not satisfy the time since sign in rule requested by Site A, then Passport redirects the user to a log on page. If the user enters the correct information, they proceed. 4. The user is redirected back to Site A with their encrypted authentication ticket and profile information attached. 5. Site A decrypts authentication ticket and profile information, and signs the customer into their site. 6. User accesses the page, resource, or service they requested from Site A. [7]

30. Authentication Process(2) • Cookies written by Passport Passport writes a cookie, called “ticket-granting-cookie”, on the user’s browser. This cookie can be used as electronic “tickets” in subsequent access. - Cookies with credentials are encrypted with Passport key - Cookies with profile information are encrypted with participating sites key

31. Authentication Process(3) • Navigate to another Participating Site - without re-entering password - log current site in cookie

32. Authentication Process (4) • Secure Sockets Layer (SSL) A security enhancing protocol providing data encryption, server authentication, and message integrity for a connection to the Internet - Using Public Key Cryptography for Authentication - Certificate mechanism

33. Secure Sockets Layer (SSL) • Using Public Key Cryptography for Authentication Alice wants to authenticate Bob. Bob has a pair of keys, one public and one private. Bob discloses the public key to Alice (this is discussed in the "Handing Out Public Keys" ) Random msg {Random msg} Bob’s private key Bob Alice

34. Secure Sockets Layer (SSL) • Additional considerationBob encrypted a unknown message ??? Now Bob constructs a message digest and encrypts that message digest • - The digest is difficult to reverse. - An impersonator has difficulty finding a different message that computes to the same digest value. Random msg Bob {digest [Random msg]} Bob’s private key Alice

35. Secure Sockets Layer (SSL) • Additional consideration(2) digital signature Originating Data for Authentication • Alice -->Bob hello,are you bob? • Bob-->Alice Alice,This Is bob{digest[Alice,This Is Bob]}bobs-private-key

36. Secure Sockets Layer (SSL) • Handing Out Public Keys certificate mechanism A certificate contains the following information: •The name of the certificate issuer. •The entity for whom the certificate is being issued (also known as the subject). •The public key of the subject. •Some time stamps. [8] The certificate is signed by using the private key of the certificate issuer.

37. Secure Sockets Layer (SSL) • Certificates are a standard method to bind a public key to a name.A-->B hello B-->A Hi, I'm Bob, bobs-certificate A-->B prove it (Everyone knows the public key of the certificate issuer) B-->A Alice, This Is bob{ digest[Alice, This Is Bob] } bobs-private-key Exchanging a Secret After A has authenticated B, A can send B a message that only B can decode as follows A->B {secret} Bob's_public_key secret is a key to a symmetric cryptographic algorithm After authentication, both A and B send message encrypted with the symmetric key.

38. Secure Sockets Layer (SSL) • Potential attack! B-->M {some message}secret-key M-->A Garble[ {some message}secret-key ] msg1 msg1 Alice Bob msg2 msg2 Mallory

39. Secure Sockets Layer (SSL) • Message Authentication Code(MAC) MAC := digest[ some_message, secret ] In .NET Passport, a 128-bitMAC is used. A-->B hello B-->A Hi, I'm Bob, bobs-certificate A-->B prove it B-->A {digest[Alice, This Is Bob] } bobs-private-key A-->B ok bob, here is a secret {secret} bobs-public-key B-->A {some message,MAC}secret-key

40. MS Passport security weaknesses • Cookies problem • Key management • Passport Server attack • Hotmail credential assignment

41. Cookies problems • Passport cookies contains sensitive data. On a public machine, a user who forgets to log out could leave valid authentication for any users to misuse. • Persistent cookies choice. It is convenient, but risky. • Cookies are more social than technological. It may compromise user privacy

42. Key management • Generate and Transfer key • These keys should be generated randomly and securely. • These keys are transferred by an SSL connection. This is likely to lead to potential breaches. • Single key to encrypt all the cookies MS Passport uses a single key to encrypt all the cookies and store the information in cookies on user’s machines. So it could be a better way to use a master key to generate a unique key.

43. Passport Server Attack • When you become a center point, you will become an attractive target for attack. • Different from traditional authentication, Passport Server makes decisions about the authenticity of all users and stores all data of users, including users’ credit card numbers. It is extremely attractive !

44. Hotmail credential assignment • When users log into hotmail, they actually run the passport protocol. • Unfortunately, Hotmail has been fraught with security problems. • The attacker can log into user’s Hotmail account without knowing the password. • Then the attacker may go to the online shops using user’s wallet. For example: Emil Glosserman, Internet security expert, attacked the Microsoft Hotmail and Passport server systems twice.

45. Attack to the MS Passport • Fake merchant attack • Active attack • DNS attack • Cookie attack

46. Fake merchant attack • Bob = Passport user Mallory = Attacker of Malicious party Assumption: Bob get accustomed to using passport and trust the security of the passport server.

47. How to attack? • Mallory sets up a phony web store to sell some attractive things. • Mallory gets a certificate for a web site, called pasport.com. And Mallory sets up his web site which is exactly the same as a real passport.com. • So Bob want to buy something in Mallory’s shop, click sign-in, the server creates a redirect to Mallory’s pasport.com. Bob is in the habit of filling his Email Address and Password. • After that, Mallory has got Bob’s valid authentication information, and he can go to online shop, use Bob’s wallet service on behalf of Bob.

49. Active attack • Bob = Passport user • Alice = trustful merchant • Mallory = Attacker of Malicious party Assumption: Mallory has already accessed to network between Bob and Alice, Mallory could rewrite packets passing between Bob and Alice.

50. How to attack? • Bob want to buy something in Alice’s shop, and sends a request to Alice. • Alice replies to Bob to use a login service at www.passport.com. • Attacker Mallory, waiting between Bob and Alice, interrupts the packet that Alice sends to Bob, and rewrites the URL in the redirection to her fake pasport.com. • Bob visits Mallory’s fakepasport web site, filling with the login information. He has not noticed that ! • Now, Mallory has succeeded to attack the system. Mallory acts as a proxy between Bob and Alice, and between Bob and Passport Server.