OpenID Security Issues Ashish Jain & Andrew Nash & Jeff Hodges,  PayPal  Information Risk Management OpenID Summit 2-Nov-2...
Overview <ul><ul><li>Known security issues with OpenID exist </li></ul></ul><ul><ul><ul><li>Inherent in protocol spec </li...
Protocol Spec Security Issues <ul><ul><li>Browser is de-facto man-in-the-middle  </li></ul></ul><ul><ul><ul><li>messages/a...
Browser as Man-in-the-middle  <ul><ul><li>Messages and assertions flow unencrypted between OP and RP via browser </li></ul...
Session Swapping                (1) <ul><ul><li>An attacker can cause victim browsers to log into RP accounts the attacker...
Session Swapping                (2) <ul><ul><li>Various Possible Consequences... </li></ul></ul><ul><ul><ul><li>&quot;sile...
Browser/HTTP/Web Issues <ul><ul><li>E.g... </li></ul></ul><ul><ul><ul><li>Cross-Site Request Forgery (CSRF) </li></ul></ul...
HTML discovery / Phishing <ul><ul><li>Much already written about this </li></ul></ul><ul><ul><li>Protocol spec is monolith...
End-entity Man-in-the-middle  (RP/OP spoof'g) <ul><ul><li>Where RP and/or OP are &quot;rogue&quot; </li></ul></ul><ul><ul>...
Implementation & deployment practices <ul><ul><li>Overall fairly well addressed in  ICAMOpenID 2.0 Profile  and  Security ...
Various items not mentioned above <ul><ul><li>RP collusion mitigation </li></ul></ul><ul><ul><li>Identifier recycling issu...
End
Upcoming SlideShare
Loading in …5
×

Open ID Security Issues

5,637 views

Published on

OpenID Security Issues presentation for OpenID Summit @ Yahoo (Nov 2009)

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
5,637
On SlideShare
0
From Embeds
0
Number of Embeds
2,120
Actions
Shares
0
Downloads
42
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Open ID Security Issues

  1. 1. OpenID Security Issues Ashish Jain & Andrew Nash & Jeff Hodges, PayPal Information Risk Management OpenID Summit 2-Nov-2009
  2. 2. Overview <ul><ul><li>Known security issues with OpenID exist </li></ul></ul><ul><ul><ul><li>Inherent in protocol spec </li></ul></ul></ul><ul><ul><ul><li>Due to Browser/HTTP/Web characteristics </li></ul></ul></ul><ul><ul><ul><li>Implementation & deployment practices </li></ul></ul></ul><ul><ul><ul><li>...and combinations thereof... </li></ul></ul></ul><ul><ul><li>This is an attempt to help consolidate the list and agree on approaches as we move forward </li></ul></ul><ul><ul><ul><li>Though, this preso is not comprehensive </li></ul></ul></ul><ul><ul><li>Note: ICAMOpenID 2.0 Profile and Security Best Practices are good start </li></ul></ul><ul><ul><ul><li>address some of following issues </li></ul></ul></ul>
  3. 3. Protocol Spec Security Issues <ul><ul><li>Browser is de-facto man-in-the-middle </li></ul></ul><ul><ul><ul><li>messages/assertions are vulnerable when transiting browser </li></ul></ul></ul><ul><ul><li>Vulnerability to active attackers </li></ul></ul><ul><ul><ul><li>Session Swapping </li></ul></ul></ul><ul><ul><ul><li>Open Redirector issue with checkid_immediate </li></ul></ul></ul><ul><ul><li>Association (shared secret) establishment </li></ul></ul><ul><ul><ul><li>man-in-the-middle vulnerabilities </li></ul></ul></ul><ul><ul><ul><li>(RFC 2631 not properly followed) </li></ul></ul></ul><ul><li>  </li></ul><ul><ul><li>HTML discovery / Phishing </li></ul></ul><ul><ul><li>End-entity Man-in-the-middle (RP/OP spoof'g) </li></ul></ul><ul><ul><li>Protocol mods required to truly address these </li></ul></ul>
  4. 4. Browser as Man-in-the-middle <ul><ul><li>Messages and assertions flow unencrypted between OP and RP via browser </li></ul></ul><ul><ul><li>Thus the browser is interesting entity to attack </li></ul></ul><ul><ul><ul><li>e.g. message and/or assertion alter/copy due to.. </li></ul></ul></ul><ul><ul><ul><ul><li>no message/assertion encryption </li></ul></ul></ul></ul><ul><ul><ul><ul><li>most messages are unsigned </li></ul></ul></ul></ul><ul><ul><li>Protocol messages lack robust linkages  </li></ul></ul><ul><ul><ul><li>to each other and to protocol runs </li></ul></ul></ul><ul><ul><ul><li>thus larger attack surface than if they incorporated such measures </li></ul></ul></ul>
  5. 5. Session Swapping               (1) <ul><ul><li>An attacker can cause victim browsers to log into RP accounts the attacker controls </li></ul></ul><ul><ul><ul><li>&quot;Positive Assertion&quot; is not bound to the browser </li></ul></ul></ul><ul><ul><ul><li>OP authenticates Mallory (M), but M can cause Alice (A)'s browser to send the assertion to RP </li></ul></ul></ul><ul><ul><ul><li>result: A logged-in as M at RP </li></ul></ul></ul><ul><li>  </li></ul>
  6. 6. Session Swapping               (2) <ul><ul><li>Various Possible Consequences... </li></ul></ul><ul><ul><ul><li>&quot;silently&quot; log A into M's account on A's favorite search engine -- M can spy on A's searches </li></ul></ul></ul><ul><ul><ul><li>M trick A into entering her credit card into M's online retail account </li></ul></ul></ul><ul><ul><ul><li>likely other possibilities... </li></ul></ul></ul>
  7. 7. Browser/HTTP/Web Issues <ul><ul><li>E.g... </li></ul></ul><ul><ul><ul><li>Cross-Site Request Forgery (CSRF) </li></ul></ul></ul><ul><ul><ul><li>Cross-Site Scripting (XSS) </li></ul></ul></ul><ul><ul><ul><li>Framing </li></ul></ul></ul><ul><ul><li>Session Swapping one example of former </li></ul></ul><ul><ul><li>XSS/Framing could be used to siphon off assertions </li></ul></ul><ul><ul><ul><li>by exploiting the browser as MITM </li></ul></ul></ul><ul><ul><li>There may be protocol spec and/or profile spec mitigations </li></ul></ul><ul><ul><ul><li>requires investigation </li></ul></ul></ul>
  8. 8. HTML discovery / Phishing <ul><ul><li>Much already written about this </li></ul></ul><ul><ul><li>Protocol spec is monolithic </li></ul></ul><ul><ul><ul><li>OP discovery is not obviously a separate component spec-wise, plus.. </li></ul></ul></ul><ul><ul><ul><li>&quot;HTML-Based discovery MUST be supported by Relying Parties.&quot; </li></ul></ul></ul><ul><ul><li>  Profiles (e.g. ICAM) can mitigate </li></ul></ul><ul><ul><ul><li>E.g. &quot;use only 'directed identity'...&quot; </li></ul></ul></ul>
  9. 9. End-entity Man-in-the-middle (RP/OP spoof'g) <ul><ul><li>Where RP and/or OP are &quot;rogue&quot; </li></ul></ul><ul><ul><ul><li>e.g. RP redirects browser to bogus OP and obtains credentials </li></ul></ul></ul><ul><ul><ul><li>Realm spoofing </li></ul></ul></ul><ul><ul><li>Difficult to address without more formal &quot;trust&quot; mechanisms supported in the protocol </li></ul></ul><ul><ul><li>All Web SSO protocols struggle with this </li></ul></ul>
  10. 10. Implementation & deployment practices <ul><ul><li>Overall fairly well addressed in ICAMOpenID 2.0 Profile and Security Best Practices </li></ul></ul><ul><ul><ul><li>though, profiles & practices such as these don't address various of the prior issues </li></ul></ul></ul><ul><ul><li>But more could be done </li></ul></ul><ul><ul><ul><li>Different use cases may call for different profiles </li></ul></ul></ul><ul><ul><ul><li>Security Best Practices is a 'good start' </li></ul></ul></ul><ul><ul><li>Protocol evolution will affect these </li></ul></ul>
  11. 11. Various items not mentioned above <ul><ul><li>RP collusion mitigation </li></ul></ul><ul><ul><li>Identifier recycling issues </li></ul></ul><ul><ul><li>User privacy w.r.t. OP </li></ul></ul>
  12. 12. End

×