• Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
  • The corresponding whitepaper - http://www.scribd.com/doc/256482/OpenID-security
    Are you sure you want to
    Your message goes here
No Downloads

Views

Total Views
4,880
On Slideshare
0
From Embeds
0
Number of Embeds
1

Actions

Shares
Downloads
159
Comments
1
Likes
3

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Single Sign-On for the Internet: A Security Story [email_address] [email_address] BlackHat USA, Las Vegas 2007
  • 2.
    • The Good, The Bad, The Ugly
  • 3.
    • The Ugly
  • 4. How do you manage your 169 Web 2.0 accounts today?
  • 5. Does your “SSO” consist of A login (e.g. johndoe) + 2 passwords (one insecure for web 2.0 sites and one secure for banking sites) ?
  • 6. Attack #1 a. Fail a user’s login b. Observe the user try every single combination of their username and password, including the secure password..
  • 7. BlackHat Advice #1 Change your bank password (we man-in-the-middle’d your secure “SSO” last night)
  • 8. Observation #1 Complexity breeds insecurity
  • 9. One login to rule them all… … a story about reducing complexity
  • 10.
    • Proves that a user owns a URL
    You get to choose who manages your identity e.g. http://john.doe.name/ or http://john.myopenid.com/
  • 11. Answers the who? question (authentication) are you john.doe.name? Does NOT answer the what? (authorization) is john.doe.name allowed to access this page?
  • 12.
    • History
    • Specifications
    • Industry Support
  • 13. How? (demo)
  • 14. How? (man-in-the-middle secure demo)
  • 15.  
  • 16.  
  • 17.  
  • 18.  
  • 19. That was easy!
  • 20. Oh. Never mind.
  • 21.
    • The Bad
  • 22. Let’s start at the beginning
  • 23.  
  • 24. Attack #2 – Which one are you? http://nsa.gov:1/, http://nsa.gov:2/, … https://192.168.1.15/internal/auth?ip=1.1.1.1 http://localhost:8080/ http://www.youtube.com/largemovie.flv http://www.tarpit.com/cgi-bin/hang.pl file:///dev/null
  • 25. Observation #2 Flexibility and security do not get along (or, why it’s important to be less flexible and more paranoid)
  • 26. Everybody loves crypto “ associate mode”
  • 27. Why is crypto required? to protect request & response URLs
  • 28. Shared symmetric key is generated using Diffie-Hellman
  • 29. Attack #3 - Diffie-Hellman is vulnerable to man-in-the-middle attacks! So what’s the point of using DH in the first place? The spec suggests running DH over https to improve protocol security
  • 30. Observation #3 Home brewed crypto is a no no (or, why you should stick to https)
  • 31. Where are you going?
  • 32. This way! No, that way! Location: http://www.myopenid.com/server? openid.assoc_handle =%7BHMAC-SHA1%7D%7B4..& openid.identity =http://eugene.tsyrklevich.name/& openid.mode =checkid_setup& openid.return_to =http://www.jyte.com/finish& openid.trust_root =http://www.jyte.com/
  • 33. Attack #4a Phishing with malicious RPs
  • 34. Attack #4b Phishing with malicious URL hosts
  • 35. Change your bank password BlackHat Advice #2 (we phish’ed your first attempt)
  • 36. Observation # 4 Phishers 1 – OpenID 0 (or, why Johnny will never learn to read URLs)
  • 37. Let me in!
  • 38.
    • Once signed in, you will no longer need to re-enter your password for other OpenID enabled sites
    Convenient, eh?
  • 39.
    • In other words…
    • your identity provider receives and processes ALL your login requests on your behalf
    … privacy, anyone?
  • 40. Observation #5 OpenID makes privacy difficult (or, why some paranoid users might want to use one OpenID login per site)
  • 41. Not another redirect!
  • 42.
    • Location: http://www.BADsite.com/finish_auth.php?
    • openid.assoc_handle =%7BHMAC-HA1%7D%7B47bb..&
    • openid.identity =http://eugene.tsyrklevich.name/&
    • openid.mode =id_res&
    • openid.return_to =http://www.jyte.com/&
    • openid.sig =vbUyND6n39Ss8IkpKl19RT83O%2F4%3D&
    • openid.signed =mode%2Cidentity%2Creturn_to&
    Attack #6a – Phishing (again!)
  • 43.
    • Location: http://www.somesite.com/finish_auth.php?
    • openid.assoc_handle =%7BHMAC-SHA1%7D%7B47b..&
    • openid.identity =http://eugene.tsyrklevich.name/&
    • openid.mode =id_res&
    • openid.return_to =http://www.jyte.com/&
    • openid.sig =vbUyND6n39Ss8IkpKl19RT83O%2F4%3D&
    • openid.signed =mode%2Cidentity%2Creturn_to&
    Attack #6b – Replay attack nonce=wVso75KH
  • 44. Problems with Nonces a. Not part of the OpenID spec (v1) b. Do not actually protect against active attackers!
  • 45. Observation #6 Nonces are nonsense (or, why you must be drinking absolut kool-aid if you believe nonces will protect you against an active attacker)
  • 46. I am secure once I am logged in though, right?
  • 47. Attack #7 Cross-site request forgery <html><body> <iframe id=&quot; login &quot; src=&quot; http://bank.com/login?openid_url=john.doe.name &quot; width=&quot; 0 &quot; height=&quot; 0 &quot; ></iframe> <iframe id=“ transfer &quot; src=&quot; http://bank.com/transfer_money?amount=100&to=attacker &quot; width=&quot; 0 &quot; height=&quot; 0 &quot; ></iframe> </body></html>
  • 48. Observation #7 OpenID robs you of control (or IdP, not RP, makes the security decisions)
  • 49. Change your bank password BlackHat Advice #3 Actually don’t bother… ...all your OpenID are belong to us.
  • 50.
    • The Good
  • 51. Is it really all that bad?!
    • No!
    • OpenID can make your logins far more secure than they are today!
  • 52. How?!
    • Only one service to secure so we can afford to use
    • Client-side certificates
    • SecurID
    • Smartcards
  • 53.  
  • 54. Observation #8
    • There is only 1 front
    • door with OpenID
    • (or, how I got over my privacy
    • and learnt to love OpenID)
  • 55. Lessons Learnt
    • Complexity breeds insecurity
    • Flexibility and security do not get along
    • Home brewed crypto is a no no
    • Phishers 1 – OpenID 0
    • OpenID makes privacy difficult
    • Nonces are nonsense
    • OpenID robs you of control
    • There is only 1 front door with OpenID
  • 56. Is OpenID doomed?
    • Absolutely not
    • It’s a great system
    • solving a very real problem
    But its security and privacy concerns need further thought
  • 57. Thanks! [email_address] [email_address] Try it today. http://www.openid.net/ http://www.freeyourid.com/