0
Single Sign-On for the Internet: A Security Story [email_address] [email_address] BlackHat USA, Las Vegas 2007
<ul><li>The Good, The Bad, The Ugly </li></ul>
<ul><li>The Ugly </li></ul>
How do you manage your 169 Web 2.0 accounts today?
Does your “SSO” consist of A login (e.g. johndoe) + 2 passwords (one insecure for web 2.0 sites and one secure for banking...
Attack #1 a. Fail a user’s login b. Observe the user try every single combination of their username and password, includin...
BlackHat Advice #1 Change your bank password (we man-in-the-middle’d your secure “SSO” last night)
Observation #1 Complexity breeds insecurity
One login to rule them all… … a story about reducing complexity
<ul><li>Proves that a user owns a URL </li></ul>You get to choose who manages your identity e.g. http://john.doe.name/ or ...
Answers the who? question (authentication) are you john.doe.name? Does NOT answer the what? (authorization) is john.doe.na...
<ul><li>History </li></ul><ul><li>Specifications </li></ul><ul><li>Industry Support </li></ul>
How? (demo)
How? (man-in-the-middle secure demo)
 
 
 
 
That was easy!
Oh. Never mind.
<ul><li>The Bad </li></ul>
Let’s start at the beginning
 
Attack #2 – Which one are you? http://nsa.gov:1/, http://nsa.gov:2/, … https://192.168.1.15/internal/auth?ip=1.1.1.1 http:...
Observation #2 Flexibility and security do not get along (or, why it’s important to be less flexible and more paranoid)
Everybody loves crypto “ associate mode”
Why is crypto required? to protect request & response URLs
Shared symmetric key is generated using Diffie-Hellman
Attack #3 - Diffie-Hellman is vulnerable to man-in-the-middle attacks! So what’s the point of using DH in the first place?...
Observation #3 Home brewed crypto is a no no (or, why you should stick to https)
Where are you going?
This way! No, that way! Location: http://www.myopenid.com/server?  openid.assoc_handle =%7BHMAC-SHA1%7D%7B4..&  openid.ide...
Attack #4a Phishing with malicious RPs
Attack #4b Phishing with malicious URL hosts
Change your bank password BlackHat Advice #2 (we phish’ed your first attempt)
Observation  # 4 Phishers 1 – OpenID 0   (or, why Johnny will never learn to read URLs)
Let me in!
<ul><li>Once signed in, you will no longer need to re-enter your password for other OpenID enabled sites </li></ul>Conveni...
<ul><li>In other words… </li></ul><ul><li>your identity provider receives and processes ALL your login requests on your be...
Observation #5 OpenID makes privacy difficult (or, why some paranoid users might want to use one OpenID login per site)
Not another redirect!
<ul><li>Location: http://www.BADsite.com/finish_auth.php?  </li></ul><ul><li>openid.assoc_handle =%7BHMAC-HA1%7D%7B47bb..&...
<ul><li>Location: http://www.somesite.com/finish_auth.php?  </li></ul><ul><li>openid.assoc_handle =%7BHMAC-SHA1%7D%7B47b.....
Problems with Nonces a. Not part of the OpenID spec (v1) b. Do not actually protect against active attackers!
Observation #6   Nonces are nonsense (or, why you must be drinking absolut kool-aid if you believe nonces will protect you...
I am secure once I am logged in though, right?
Attack #7 Cross-site request forgery <html><body> <iframe id=&quot; login &quot; src=&quot; http://bank.com/login?openid_u...
Observation #7 OpenID robs you of control (or IdP, not RP, makes the security decisions)
Change your bank password BlackHat Advice #3 Actually don’t bother… ...all your OpenID are belong to us.
<ul><li>The Good </li></ul>
Is it really all that bad?! <ul><li>No! </li></ul><ul><li>OpenID can make your logins far more secure than they are today!...
How?! <ul><li>Only one service to secure so we can afford to use </li></ul><ul><li>Client-side certificates </li></ul><ul>...
 
Observation #8 <ul><li>There is only 1 front </li></ul><ul><li>door with OpenID </li></ul><ul><li>(or, how I got over my p...
Lessons Learnt <ul><li>Complexity breeds insecurity </li></ul><ul><li>Flexibility and security do not get along </li></ul>...
Is OpenID doomed? <ul><li>Absolutely not </li></ul><ul><li>It’s a great system </li></ul><ul><li>solving a very real probl...
Thanks! [email_address] [email_address] Try it today. http://www.openid.net/ http://www.freeyourid.com/
Upcoming SlideShare
Loading in...5
×

OpenID Security

5,009

Published on

Published in: Technology
1 Comment
3 Likes
Statistics
Notes
  • The corresponding whitepaper - http://www.scribd.com/doc/256482/OpenID-security
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
No Downloads
Views
Total Views
5,009
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
160
Comments
1
Likes
3
Embeds 0
No embeds

No notes for slide

Transcript of "OpenID Security"

  1. 1. Single Sign-On for the Internet: A Security Story [email_address] [email_address] BlackHat USA, Las Vegas 2007
  2. 2. <ul><li>The Good, The Bad, The Ugly </li></ul>
  3. 3. <ul><li>The Ugly </li></ul>
  4. 4. How do you manage your 169 Web 2.0 accounts today?
  5. 5. Does your “SSO” consist of A login (e.g. johndoe) + 2 passwords (one insecure for web 2.0 sites and one secure for banking sites) ?
  6. 6. Attack #1 a. Fail a user’s login b. Observe the user try every single combination of their username and password, including the secure password..
  7. 7. BlackHat Advice #1 Change your bank password (we man-in-the-middle’d your secure “SSO” last night)
  8. 8. Observation #1 Complexity breeds insecurity
  9. 9. One login to rule them all… … a story about reducing complexity
  10. 10. <ul><li>Proves that a user owns a URL </li></ul>You get to choose who manages your identity e.g. http://john.doe.name/ or http://john.myopenid.com/
  11. 11. Answers the who? question (authentication) are you john.doe.name? Does NOT answer the what? (authorization) is john.doe.name allowed to access this page?
  12. 12. <ul><li>History </li></ul><ul><li>Specifications </li></ul><ul><li>Industry Support </li></ul>
  13. 13. How? (demo)
  14. 14. How? (man-in-the-middle secure demo)
  15. 19. That was easy!
  16. 20. Oh. Never mind.
  17. 21. <ul><li>The Bad </li></ul>
  18. 22. Let’s start at the beginning
  19. 24. Attack #2 – Which one are you? http://nsa.gov:1/, http://nsa.gov:2/, … https://192.168.1.15/internal/auth?ip=1.1.1.1 http://localhost:8080/ http://www.youtube.com/largemovie.flv http://www.tarpit.com/cgi-bin/hang.pl file:///dev/null
  20. 25. Observation #2 Flexibility and security do not get along (or, why it’s important to be less flexible and more paranoid)
  21. 26. Everybody loves crypto “ associate mode”
  22. 27. Why is crypto required? to protect request & response URLs
  23. 28. Shared symmetric key is generated using Diffie-Hellman
  24. 29. Attack #3 - Diffie-Hellman is vulnerable to man-in-the-middle attacks! So what’s the point of using DH in the first place? The spec suggests running DH over https to improve protocol security
  25. 30. Observation #3 Home brewed crypto is a no no (or, why you should stick to https)
  26. 31. Where are you going?
  27. 32. This way! No, that way! Location: http://www.myopenid.com/server? openid.assoc_handle =%7BHMAC-SHA1%7D%7B4..& openid.identity =http://eugene.tsyrklevich.name/& openid.mode =checkid_setup& openid.return_to =http://www.jyte.com/finish& openid.trust_root =http://www.jyte.com/
  28. 33. Attack #4a Phishing with malicious RPs
  29. 34. Attack #4b Phishing with malicious URL hosts
  30. 35. Change your bank password BlackHat Advice #2 (we phish’ed your first attempt)
  31. 36. Observation # 4 Phishers 1 – OpenID 0 (or, why Johnny will never learn to read URLs)
  32. 37. Let me in!
  33. 38. <ul><li>Once signed in, you will no longer need to re-enter your password for other OpenID enabled sites </li></ul>Convenient, eh?
  34. 39. <ul><li>In other words… </li></ul><ul><li>your identity provider receives and processes ALL your login requests on your behalf </li></ul>… privacy, anyone?
  35. 40. Observation #5 OpenID makes privacy difficult (or, why some paranoid users might want to use one OpenID login per site)
  36. 41. Not another redirect!
  37. 42. <ul><li>Location: http://www.BADsite.com/finish_auth.php? </li></ul><ul><li>openid.assoc_handle =%7BHMAC-HA1%7D%7B47bb..& </li></ul><ul><li>openid.identity =http://eugene.tsyrklevich.name/& </li></ul><ul><li>openid.mode =id_res& </li></ul><ul><li>openid.return_to =http://www.jyte.com/& </li></ul><ul><li>openid.sig =vbUyND6n39Ss8IkpKl19RT83O%2F4%3D& </li></ul><ul><li>openid.signed =mode%2Cidentity%2Creturn_to& </li></ul>Attack #6a – Phishing (again!)
  38. 43. <ul><li>Location: http://www.somesite.com/finish_auth.php? </li></ul><ul><li>openid.assoc_handle =%7BHMAC-SHA1%7D%7B47b..& </li></ul><ul><li>openid.identity =http://eugene.tsyrklevich.name/& </li></ul><ul><li>openid.mode =id_res& </li></ul><ul><li>openid.return_to =http://www.jyte.com/& </li></ul><ul><li>openid.sig =vbUyND6n39Ss8IkpKl19RT83O%2F4%3D& </li></ul><ul><li>openid.signed =mode%2Cidentity%2Creturn_to& </li></ul>Attack #6b – Replay attack nonce=wVso75KH
  39. 44. Problems with Nonces a. Not part of the OpenID spec (v1) b. Do not actually protect against active attackers!
  40. 45. Observation #6 Nonces are nonsense (or, why you must be drinking absolut kool-aid if you believe nonces will protect you against an active attacker)
  41. 46. I am secure once I am logged in though, right?
  42. 47. Attack #7 Cross-site request forgery <html><body> <iframe id=&quot; login &quot; src=&quot; http://bank.com/login?openid_url=john.doe.name &quot; width=&quot; 0 &quot; height=&quot; 0 &quot; ></iframe> <iframe id=“ transfer &quot; src=&quot; http://bank.com/transfer_money?amount=100&to=attacker &quot; width=&quot; 0 &quot; height=&quot; 0 &quot; ></iframe> </body></html>
  43. 48. Observation #7 OpenID robs you of control (or IdP, not RP, makes the security decisions)
  44. 49. Change your bank password BlackHat Advice #3 Actually don’t bother… ...all your OpenID are belong to us.
  45. 50. <ul><li>The Good </li></ul>
  46. 51. Is it really all that bad?! <ul><li>No! </li></ul><ul><li>OpenID can make your logins far more secure than they are today! </li></ul>
  47. 52. How?! <ul><li>Only one service to secure so we can afford to use </li></ul><ul><li>Client-side certificates </li></ul><ul><li>SecurID </li></ul><ul><li>Smartcards </li></ul>
  48. 54. Observation #8 <ul><li>There is only 1 front </li></ul><ul><li>door with OpenID </li></ul><ul><li>(or, how I got over my privacy </li></ul><ul><li>and learnt to love OpenID) </li></ul>
  49. 55. Lessons Learnt <ul><li>Complexity breeds insecurity </li></ul><ul><li>Flexibility and security do not get along </li></ul><ul><li>Home brewed crypto is a no no </li></ul><ul><li>Phishers 1 – OpenID 0 </li></ul><ul><li>OpenID makes privacy difficult </li></ul><ul><li>Nonces are nonsense </li></ul><ul><li>OpenID robs you of control </li></ul><ul><li>There is only 1 front door with OpenID </li></ul>
  50. 56. Is OpenID doomed? <ul><li>Absolutely not </li></ul><ul><li>It’s a great system </li></ul><ul><li>solving a very real problem </li></ul>But its security and privacy concerns need further thought
  51. 57. Thanks! [email_address] [email_address] Try it today. http://www.openid.net/ http://www.freeyourid.com/
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×